Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/bH9kvD0qwQcS9rrV3eGUyYaXWwg.roa
File: bH9kvD0qwQcS9rrV3eGUyYaXWwg.roa (raw, json)
Hash identifier: tNlk9HpWtZtQmaRsNoUrqQ3I/W8CIgvBK+inFcRC2Gs=
Subject key identifier: 6C:7F:64:BC:3D:2A:C1:07:12:F6:BA:D5:DD:E1:94:C9:86:97:5B:08
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 019D8747755CD8AAD5D522BE5EFA3B311305
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/bH9kvD0qwQcS9rrV3eGUyYaXWwg.roa
Signing time: Mon 13 Apr 2026 14:38:20 +0000
ROA not before: Mon 13 Apr 2026 14:38:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43260
IP address blocks: 185.85.189.0/24 maxlen: 24
185.86.4.0/24 maxlen: 24
185.86.7.0/24 maxlen: 24
185.86.12.0/24 maxlen: 24
185.86.14.0/24 maxlen: 24
185.86.15.0/24 maxlen: 24
185.86.152.0/24 maxlen: 24
185.86.155.0/24 maxlen: 24
185.87.120.0/24 maxlen: 24
185.88.172.0/24 maxlen: 24
185.88.173.0/24 maxlen: 24
185.88.174.0/24 maxlen: 24
185.88.175.0/24 maxlen: 24
185.98.62.0/24 maxlen: 24
185.141.33.0/24 maxlen: 24
185.141.34.0/24 maxlen: 24
185.141.35.0/24 maxlen: 24
185.184.24.0/24 maxlen: 24
185.184.25.0/24 maxlen: 24
185.184.26.0/24 maxlen: 24
185.184.27.0/24 maxlen: 24
185.185.232.0/24 maxlen: 24
185.185.233.0/24 maxlen: 24
185.185.234.0/24 maxlen: 24
185.243.180.0/24 maxlen: 24
185.243.181.0/24 maxlen: 24
185.243.182.0/24 maxlen: 24
185.243.183.0/24 maxlen: 24
185.254.236.0/24 maxlen: 24
185.254.237.0/24 maxlen: 24
185.254.238.0/24 maxlen: 24
185.254.239.0/24 maxlen: 24
193.160.140.0/24 maxlen: 24
193.160.141.0/24 maxlen: 24
193.160.142.0/24 maxlen: 24
193.160.143.0/24 maxlen: 24
193.223.104.0/24 maxlen: 24
193.223.105.0/24 maxlen: 24
193.223.106.0/24 maxlen: 24
193.223.107.0/24 maxlen: 24
2a05:bf00::/29 maxlen: 29
2a07:e700::/29 maxlen: 29
2a0b:2780::/29 maxlen: 29
2a0d:49c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:87:47:75:5c:d8:aa:d5:d5:22:be:5e:fa:3b:31:13:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Apr 13 14:38:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6c7f64bc3d2ac10712f6bad5dde194c986975b08
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:0a:c3:cf:ac:4e:57:62:15:92:99:14:8f:83:
14:49:5a:86:eb:2c:12:1a:50:24:f9:5f:54:18:99:
a1:48:08:58:b9:26:90:b6:51:13:06:36:e6:aa:2f:
92:23:9d:40:d1:98:ee:c8:1d:5d:1b:a5:73:49:c5:
5c:56:1b:82:64:49:2b:6f:dc:b4:ac:fb:36:12:e6:
86:9d:a8:30:3a:09:1d:84:4b:2c:16:9e:8c:cc:53:
ef:59:32:4b:9c:65:22:9b:67:32:4c:29:1a:49:b7:
15:bf:40:65:70:e6:3c:a1:f6:91:f6:6c:15:f9:35:
31:3a:9f:3b:46:94:c2:be:34:15:96:e0:31:37:43:
c5:8c:6e:24:74:9a:82:d6:db:a9:ce:1d:4e:66:62:
9c:b2:89:a4:5d:a4:5d:1e:f7:d0:5c:ab:d7:88:94:
90:f2:41:9e:09:f2:3b:09:71:23:6e:ad:a7:ea:69:
9f:bc:87:57:4b:ac:59:b4:3f:3a:6f:61:e2:8b:bc:
2e:76:29:46:82:0d:4f:8c:c8:b0:9c:cf:0f:fe:90:
e5:2b:e2:5e:7e:f1:87:d4:3f:b5:13:88:df:5e:7d:
af:50:f0:63:b8:a0:f1:26:94:64:92:79:01:86:8b:
e7:33:67:e2:66:0a:51:6b:5d:c0:da:5a:bb:9d:07:
ae:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:7F:64:BC:3D:2A:C1:07:12:F6:BA:D5:DD:E1:94:C9:86:97:5B:08
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/bH9kvD0qwQcS9rrV3eGUyYaXWwg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.85.189.0/24
185.86.4.0/24
185.86.7.0/24
185.86.12.0/24
185.86.14.0/23
185.86.152.0/24
185.86.155.0/24
185.87.120.0/24
185.88.172.0/22
185.98.62.0/24
185.141.33.0-185.141.35.255
185.184.24.0/22
185.185.232.0-185.185.234.255
185.243.180.0/22
185.254.236.0/22
193.160.140.0/22
193.223.104.0/22
IPv6:
2a05:bf00::/29
2a07:e700::/29
2a0b:2780::/29
2a0d:49c0::/29
Signature Algorithm: sha256WithRSAEncryption
1e:18:78:7d:88:75:4f:1f:cc:a4:e5:55:b6:39:dc:58:a8:f3:
b1:2e:c7:c4:39:b1:65:12:7b:f9:5a:29:5f:31:f3:c4:1a:f1:
00:6b:0f:74:99:07:bc:4d:ea:7e:63:65:73:58:d1:91:c1:4a:
22:c4:34:22:19:2a:0c:d8:30:46:45:af:a6:c8:e1:9b:b7:dc:
0e:4e:8e:a8:31:aa:fc:86:78:4e:09:48:b6:14:3d:8b:97:97:
f2:8a:65:9e:27:02:ec:8b:d3:71:3e:87:be:53:aa:a8:09:f1:
78:84:1d:44:cc:af:3a:72:b4:45:72:d4:c4:15:8f:9f:7e:87:
71:d7:9b:14:23:01:dc:fd:b2:cb:ca:87:c0:12:34:0e:20:a1:
10:a4:f2:c6:b6:4b:5c:cf:9e:7b:73:44:5f:b4:a4:bb:08:f1:
4c:96:c7:01:25:e9:31:c3:20:74:1d:58:f2:06:56:4a:06:a1:
d3:b3:37:f2:79:50:29:38:47:60:d6:ff:0f:aa:7a:df:0c:79:
24:01:b0:4a:6d:b9:2e:a4:be:d6:a1:b5:7a:3c:56:9d:56:21:
4b:97:5d:7d:a8:7a:be:cf:b7:ff:a4:48:d4:25:16:c4:e0:51:
39:88:94:a2:e0:ed:cc:88:fb:28:5d:65:48:be:d7:bf:9e:d4:
b9:5b:9d:d2
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZ2HR3Vc2KrV1SK+Xvo7MRMFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwNDEzMTQzODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzdmNjRiYzNkMmFjMTA3MTJmNmJhZDVkZGUxOTRjOTg2OTc1YjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQrDz6xOV2IVkpkUj4MUSVqG6ywS
GlAk+V9UGJmhSAhYuSaQtlETBjbmqi+SI51A0ZjuyB1dG6VzScVcVhuCZEkrb9y0
rPs2EuaGnagwOgkdhEssFp6MzFPvWTJLnGUim2cyTCkaSbcVv0BlcOY8ofaR9mwV
+TUxOp87RpTCvjQVluAxN0PFjG4kdJqC1tupzh1OZmKcsomkXaRdHvfQXKvXiJSQ
8kGeCfI7CXEjbq2n6mmfvIdXS6xZtD86b2Hii7wudilGgg1PjMiwnM8P/pDlK+Je
fvGH1D+1E4jfXn2vUPBjuKDxJpRkknkBhovnM2fiZgpRa13A2lq7nQeuSwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGx/ZLw9KsEHEva61d3hlMmGl1sIMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvYkg5a3ZEMHF3UWNTOXJyVjNlR1V5WWFYV3dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG1BggrBgEFBQcBBwEB/wSBpTCBojB8BAIAATB2AwQAuVW9
AwQAuVYEAwQAuVYHAwQAuVYMAwQBuVYOAwQAuVaYAwQAuVabAwQAuVd4AwQCuVis
AwQAuWI+MAwDBAC5jSEDBAK5jSADBAK5uBgwDAMEA7m56AMEALm56gMEArnztAME
Arn+7AMEAsGgjAMEAsHfaDAiBAIAAjAcAwUDKgW/AAMFAyoH5wADBQMqCyeAAwUD
Kg1JwDANBgkqhkiG9w0BAQsFAAOCAQEAHhh4fYh1Tx/MpOVVtjncWKjzsS7HxDmx
ZRJ7+VopXzHzxBrxAGsPdJkHvE3qfmNlc1jRkcFKIsQ0IhkqDNgwRkWvpsjhm7fc
Dk6OqDGq/IZ4TglIthQ9i5eX8oplnicC7IvTcT6HvlOqqAnxeIQdRMyvOnK0RXLU
xBWPn36HcdebFCMB3P2yy8qHwBI0DiChEKTyxrZLXM+ee3NEX7SkuwjxTJbHASXp
McMgdB1Y8gZWSgah07M38nlQKThHYNb/D6p63wx5JAGwSm25LqS+1qG1ejxWnVYh
S5ddfah6vs+3/6RI1CUWxOBROYiUouDtzIj7KF1lSL7Xv57UuVud0g==
-----END CERTIFICATE-----
Generated at Fri Apr 17 11:59:54 2026 by rpki-client