Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/BNZ_MY-fMChkHDbhvbjEMp0c0t8.roa
File: BNZ_MY-fMChkHDbhvbjEMp0c0t8.roa (raw, json)
Hash identifier: 746qN8aNB6fTzUU62cmMC/s2b6wiWhQ9PI/3H6uSCYw=
Subject key identifier: 04:D6:7F:31:8F:9F:30:28:64:1C:36:E1:BD:B8:C4:32:9D:1C:D2:DF
Certificate issuer: /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial: 019C0F1DB6B98D94AC79702D07C779098976
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/BNZ_MY-fMChkHDbhvbjEMp0c0t8.roa
Signing time: Fri 30 Jan 2026 13:35:31 +0000
ROA not before: Fri 30 Jan 2026 13:35:31 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 401163
IP address blocks: 2a06:cac0::/29 maxlen: 48
2a11:9600::/29 maxlen: 48
2a12:ec0::/29 maxlen: 48
2a12:1900::/29 maxlen: 48
2a12:28c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.mft
rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:0f:1d:b6:b9:8d:94:ac:79:70:2d:07:c7:79:09:89:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Validity
Not Before: Jan 30 13:35:31 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=04d67f318f9f3028641c36e1bdb8c4329d1cd2df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:92:3d:32:dc:7c:05:3f:af:fa:ed:35:c1:c7:
37:fb:db:07:b5:c2:ba:9c:75:61:20:9d:52:96:61:
3d:97:93:ef:39:25:a8:5f:ba:22:13:a1:54:63:03:
bd:31:34:6d:e2:fd:69:31:66:83:fb:14:94:18:89:
0e:1f:a5:d7:b2:55:b5:70:e9:a3:2e:9a:ce:42:c2:
37:f0:f6:6c:48:ef:e8:96:08:0e:ab:08:b0:90:c0:
68:85:72:0b:5a:05:2f:cd:1c:73:fa:20:c0:c4:e4:
2b:6a:0e:e1:44:48:7d:a5:8e:34:1f:e7:62:e2:31:
75:a1:a3:ea:bf:3a:ac:d0:5c:a0:38:c5:72:82:e0:
56:73:17:56:44:98:3c:28:93:48:1a:d2:85:65:fe:
d0:25:98:a6:af:ea:7b:46:b1:7c:a8:2c:73:43:55:
2a:58:70:1c:be:a0:7a:9b:50:f7:2d:0f:7d:21:ae:
b8:1f:d2:82:eb:23:51:0d:44:b4:1f:4c:62:e1:ad:
98:79:43:2f:cc:1e:4a:5c:88:d6:2b:82:1e:d9:1c:
51:7a:22:9b:80:62:29:74:39:40:33:d2:31:f5:f7:
2e:1d:27:27:47:a1:80:ad:4a:b2:f3:83:eb:92:46:
aa:d5:fd:cd:4c:df:79:7f:02:6c:95:36:b8:cd:17:
98:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:D6:7F:31:8F:9F:30:28:64:1C:36:E1:BD:B8:C4:32:9D:1C:D2:DF
X509v3 Authority Key Identifier:
keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/BNZ_MY-fMChkHDbhvbjEMp0c0t8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:cac0::/29
2a11:9600::/29
2a12:ec0::/29
2a12:1900::/29
2a12:28c0::/29
Signature Algorithm: sha256WithRSAEncryption
8c:d8:b4:07:7d:47:12:e9:50:7e:39:cc:9e:5a:7d:57:0e:f8:
9f:c3:76:90:18:94:33:7b:26:89:f8:89:0d:d5:6a:38:9a:4d:
8c:63:e3:bd:9d:79:e7:0f:2e:14:de:6a:8f:1d:83:63:2b:79:
42:7a:a3:e8:dc:1b:d8:16:1f:38:1d:ad:70:3f:0b:98:8f:0c:
69:0f:b3:dc:ac:3e:80:a9:a3:d8:0d:33:7f:20:2c:15:18:40:
fe:f8:ab:42:95:aa:b0:30:71:da:1d:39:6b:7d:e1:27:c8:b2:
bf:f8:e2:ca:00:82:33:1a:ec:2f:6a:a1:f4:72:15:97:ec:98:
3f:e4:05:2e:a7:2b:37:7b:9d:ef:09:c5:97:ff:ed:87:d3:a4:
d1:92:db:3b:97:1b:ca:2a:0f:7e:2d:05:98:d7:75:67:dc:4d:
d0:dd:e0:bd:c4:31:66:73:5a:0e:71:fe:37:1d:c2:41:9a:cd:
ec:22:f0:bc:5c:2a:c2:9a:f8:14:29:9a:fe:6b:b0:f4:9d:45:
94:1b:80:1b:29:08:3b:18:94:31:2b:12:db:19:5b:bb:c2:4c:
5b:64:0c:c7:34:bc:9d:5e:04:ec:05:ea:27:e5:90:85:a8:3e:
ea:55:ef:bc:7a:40:17:de:d9:44:bb:5e:86:84:b6:d7:91:55:
04:02:de:01
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZwPHba5jZSseXAtB8d5CYl2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjYwMTMwMTMzNTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGQ2N2YzMThmOWYzMDI4NjQxYzM2ZTFiZGI4YzQzMjlkMWNkMmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopI9Mtx8BT+v+u01wcc3+9sHtcK6
nHVhIJ1SlmE9l5PvOSWoX7oiE6FUYwO9MTRt4v1pMWaD+xSUGIkOH6XXslW1cOmj
LprOQsI38PZsSO/olggOqwiwkMBohXILWgUvzRxz+iDAxOQrag7hREh9pY40H+di
4jF1oaPqvzqs0FygOMVyguBWcxdWRJg8KJNIGtKFZf7QJZimr+p7RrF8qCxzQ1Uq
WHAcvqB6m1D3LQ99Ia64H9KC6yNRDUS0H0xi4a2YeUMvzB5KXIjWK4Ie2RxReiKb
gGIpdDlAM9Ix9fcuHScnR6GArUqy84Prkkaq1f3NTN95fwJslTa4zReYyQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFATWfzGPnzAoZBw24b24xDKdHNLfMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvQk5aX01ZLWZNQ2hrSERiaHZiakVNcDBjMHQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzApBAIAAjAjAwUDKgbKwAMF
AyoRlgADBQMqEg7AAwUDKhIZAAMFAyoSKMAwDQYJKoZIhvcNAQELBQADggEBAIzY
tAd9RxLpUH45zJ5afVcO+J/DdpAYlDN7Jon4iQ3VajiaTYxj472deecPLhTeao8d
g2MreUJ6o+jcG9gWHzgdrXA/C5iPDGkPs9ysPoCpo9gNM38gLBUYQP74q0KVqrAw
cdodOWt94SfIsr/44soAgjMa7C9qofRyFZfsmD/kBS6nKzd7ne8JxZf/7YfTpNGS
2zuXG8oqD34tBZjXdWfcTdDd4L3EMWZzWg5x/jcdwkGazewi8LxcKsKa+BQpmv5r
sPSdRZQbgBspCDsYlDErEtsZW7vCTFtkDMc0vJ1eBOwF6iflkIWoPupV77x6QBfe
2US7XoaEtteRVQQC3gE=
-----END CERTIFICATE-----
Generated at Mon Mar 2 02:22:40 2026 by rpki-client