Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/BMuBklg-1qqFWSCaxqVrvfJYvzg.roa
File: BMuBklg-1qqFWSCaxqVrvfJYvzg.roa (raw, json)
Hash identifier: ProzdZwrwBzGwpQe+ODYi2cz+OG77OxUxGKMXaKUz7c=
Subject key identifier: 04:CB:81:92:58:3E:D6:AA:85:59:20:9A:C6:A5:6B:BD:F2:58:BF:38
Certificate issuer: /CN=6a8edda2f21c885fbe67286218b8318d6ad23896
Certificate serial: 019D5773473596AF5EF540CF92083C09B17E
Authority key identifier: 6A:8E:DD:A2:F2:1C:88:5F:BE:67:28:62:18:B8:31:8D:6A:D2:38:96
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/BMuBklg-1qqFWSCaxqVrvfJYvzg.roa
Signing time: Sat 04 Apr 2026 07:44:25 +0000
ROA not before: Sat 04 Apr 2026 07:44:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 269822
IP address blocks: 185.91.192.0/22 maxlen: 22
185.91.192.0/24 maxlen: 24
185.91.193.0/24 maxlen: 24
185.91.194.0/24 maxlen: 24
185.91.195.0/24 maxlen: 24
185.104.164.0/22 maxlen: 22
185.104.164.0/24 maxlen: 24
185.104.165.0/24 maxlen: 24
185.104.166.0/23 maxlen: 23
185.104.166.0/24 maxlen: 24
185.104.167.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/ao7dovIciF--ZyhiGLgxjWrSOJY.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/ao7dovIciF--ZyhiGLgxjWrSOJY.mft
rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 10:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:57:73:47:35:96:af:5e:f5:40:cf:92:08:3c:09:b1:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6a8edda2f21c885fbe67286218b8318d6ad23896
Validity
Not Before: Apr 4 07:44:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=04cb8192583ed6aa8559209ac6a56bbdf258bf38
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:6c:f8:ae:43:11:d7:5c:86:ee:34:24:42:6c:
e4:b8:76:06:28:89:5f:6d:5d:4a:b3:9f:55:2d:09:
ec:50:62:0f:42:c8:c4:89:87:b2:53:a6:5c:e0:6e:
81:a3:83:4b:42:01:74:9e:98:78:9e:24:e5:ea:c0:
75:bc:37:4d:2f:a2:1b:91:66:df:b2:c0:3f:2d:a4:
5c:60:af:e6:e5:3e:b8:bb:27:19:c5:18:20:d5:e0:
2a:25:f6:87:29:de:ef:20:9d:02:64:91:fe:71:97:
e7:00:8b:e8:a2:34:0c:7f:a3:d3:d9:a3:ff:57:26:
88:7c:0b:51:cd:ee:9c:68:68:c1:36:c5:9c:e5:a3:
75:f0:7e:a5:a9:06:d0:d5:f6:bb:c0:cb:a3:1a:1c:
43:da:2c:0b:36:ec:0e:66:9a:e3:47:49:d8:60:e0:
9f:c3:c7:09:3a:47:3a:4b:5e:ec:73:bf:4f:12:0a:
92:c6:69:4f:39:5a:73:40:9b:c6:5f:98:a4:f6:f8:
45:22:0f:4c:f2:f6:5d:39:bc:56:0b:8f:31:c5:fe:
97:3e:cc:fe:8d:8e:8e:fe:0b:f1:24:79:ad:02:36:
4a:36:78:cb:3e:56:02:36:d8:86:85:ec:61:bb:aa:
b4:b8:69:0c:73:43:4c:03:e3:7c:1e:be:3c:74:3b:
4b:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:CB:81:92:58:3E:D6:AA:85:59:20:9A:C6:A5:6B:BD:F2:58:BF:38
X509v3 Authority Key Identifier:
keyid:6A:8E:DD:A2:F2:1C:88:5F:BE:67:28:62:18:B8:31:8D:6A:D2:38:96
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/BMuBklg-1qqFWSCaxqVrvfJYvzg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/ao7dovIciF--ZyhiGLgxjWrSOJY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.91.192.0/22
185.104.164.0/22
Signature Algorithm: sha256WithRSAEncryption
61:c8:69:2f:06:43:cb:a8:cf:83:38:0a:02:03:17:d2:fd:96:
22:1b:c2:04:80:50:fe:c2:1a:71:09:1e:37:54:49:37:f4:ec:
f5:31:1e:c7:b5:f6:03:a5:08:81:ec:3f:b7:ad:11:03:f3:c4:
15:c0:54:d0:82:ee:91:04:f0:19:50:92:b6:29:98:1f:a6:05:
d7:4e:84:33:31:38:df:d4:50:6e:b3:07:11:2a:78:92:b2:d7:
3b:ef:6e:ae:c7:1a:95:d7:5a:94:fa:08:38:b2:26:50:af:51:
a4:a7:44:0c:58:56:d2:00:6f:f6:12:00:e1:fb:e1:27:64:57:
05:af:a5:88:e3:e3:17:4f:bc:2a:02:66:17:25:dc:51:8a:e6:
fa:a1:c8:7e:59:28:47:fe:97:98:4e:f0:46:5e:42:e3:ef:24:
94:0b:cc:b3:22:84:c9:0a:1d:ca:91:3d:68:90:2c:0a:5b:46:
0a:e4:b8:a7:7e:60:51:c0:50:04:8f:a8:e3:7f:d4:bc:db:14:
3a:36:e7:69:e5:f1:09:09:85:b3:32:70:e7:a7:47:4d:25:e5:
b4:10:70:f1:50:06:4e:b3:6f:62:61:a7:d5:47:94:4d:52:99:
80:5d:6a:82:34:bd:21:49:e2:1d:9e:d1:96:7f:b7:db:d7:ab:
11:8f:de:95
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1Xc0c1lq9e9UDPkgg8CbF+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhOGVkZGEyZjIxYzg4NWZiZTY3Mjg2MjE4YjgzMThkNmFk
MjM4OTYwHhcNMjYwNDA0MDc0NDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGNiODE5MjU4M2VkNmFhODU1OTIwOWFjNmE1NmJiZGYyNThiZjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2z4rkMR11yG7jQkQmzkuHYGKIlf
bV1Ks59VLQnsUGIPQsjEiYeyU6Zc4G6Bo4NLQgF0nph4niTl6sB1vDdNL6IbkWbf
ssA/LaRcYK/m5T64uycZxRgg1eAqJfaHKd7vIJ0CZJH+cZfnAIvoojQMf6PT2aP/
VyaIfAtRze6caGjBNsWc5aN18H6lqQbQ1fa7wMujGhxD2iwLNuwOZprjR0nYYOCf
w8cJOkc6S17sc79PEgqSxmlPOVpzQJvGX5ik9vhFIg9M8vZdObxWC48xxf6XPsz+
jY6O/gvxJHmtAjZKNnjLPlYCNtiGhexhu6q0uGkMc0NMA+N8Hr48dDtLWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFATLgZJYPtaqhVkgmsala73yWL84MB8GA1UdIwQY
MBaAFGqO3aLyHIhfvmcoYhi4MY1q0jiWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW83ZG92SWNpRi0tWnloaUdMZ3hqV3JTT0pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82ZGI3OTctYTNkMy00MjQxLTkwM2Et
MGM2Njg0MDE5OGQwLzEvQk11QmtsZy0xcXFGV1NDYXhxVnJ2ZkpZdnpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82ZGI3OTctYTNkMy00MjQxLTkwM2EtMGM2Njg0MDE5OGQw
LzEvYW83ZG92SWNpRi0tWnloaUdMZ3hqV3JTT0pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuVvAAwQC
uWikMA0GCSqGSIb3DQEBCwUAA4IBAQBhyGkvBkPLqM+DOAoCAxfS/ZYiG8IEgFD+
whpxCR43VEk39Oz1MR7HtfYDpQiB7D+3rRED88QVwFTQgu6RBPAZUJK2KZgfpgXX
ToQzMTjf1FBuswcRKniSstc7726uxxqV11qU+gg4siZQr1Gkp0QMWFbSAG/2EgDh
++EnZFcFr6WI4+MXT7wqAmYXJdxRiub6och+WShH/peYTvBGXkLj7ySUC8yzIoTJ
Ch3KkT1okCwKW0YK5LinfmBRwFAEj6jjf9S82xQ6Nudp5fEJCYWzMnDnp0dNJeW0
EHDxUAZOs29iYafVR5RNUpmAXWqCNL0hSeIdntGWf7fb16sRj96V
-----END CERTIFICATE-----
Generated at Fri Apr 17 19:09:37 2026 by rpki-client