Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/04292f-f104-417c-acda-571af066cf1e/1/bQmiKmxRas6gwm4qSwSUII9p9mU.roa
File: bQmiKmxRas6gwm4qSwSUII9p9mU.roa (raw, json)
Hash identifier: jmcf31yXuENJXS3Y84r9JPwgzj5rMdnN5KsOAuYq2Uc=
Subject key identifier: 6D:09:A2:2A:6C:51:6A:CE:A0:C2:6E:2A:4B:04:94:20:8F:69:F6:65
Certificate issuer: /CN=574e25a16e5d3aa110ac5e8335f88f63e54b42f1
Certificate serial: 019A0AC7471D03DAF3A1534A75C146A1BBC6
Authority key identifier: 57:4E:25:A1:6E:5D:3A:A1:10:AC:5E:83:35:F8:8F:63:E5:4B:42:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/V04loW5dOqEQrF6DNfiPY-VLQvE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a4/04292f-f104-417c-acda-571af066cf1e/1/bQmiKmxRas6gwm4qSwSUII9p9mU.roa
Signing time: Wed 22 Oct 2025 07:17:03 +0000
ROA not before: Wed 22 Oct 2025 07:17:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202214
IP address blocks: 185.50.64.0/23 maxlen: 23
185.50.64.0/24 maxlen: 24
185.50.65.0/24 maxlen: 24
185.50.65.66/32 maxlen: 32
185.50.66.0/23 maxlen: 23
185.50.66.0/24 maxlen: 24
185.50.67.0/24 maxlen: 24
2a01:a6a0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a4/04292f-f104-417c-acda-571af066cf1e/1/V04loW5dOqEQrF6DNfiPY-VLQvE.crl
rsync://rpki.ripe.net/repository/DEFAULT/a4/04292f-f104-417c-acda-571af066cf1e/1/V04loW5dOqEQrF6DNfiPY-VLQvE.mft
rsync://rpki.ripe.net/repository/DEFAULT/V04loW5dOqEQrF6DNfiPY-VLQvE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:0a:c7:47:1d:03:da:f3:a1:53:4a:75:c1:46:a1:bb:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=574e25a16e5d3aa110ac5e8335f88f63e54b42f1
Validity
Not Before: Oct 22 07:17:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6d09a22a6c516acea0c26e2a4b0494208f69f665
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:72:29:c1:3c:f4:6b:f6:e6:26:48:5c:f2:25:
6f:d4:83:6a:50:30:55:e1:8d:cf:2f:c9:90:89:22:
ac:62:ee:9e:d3:0d:fe:54:2b:be:8b:7d:ea:46:20:
35:5e:e6:45:48:bb:a2:93:17:9e:b8:3d:82:df:bc:
79:fe:1b:26:30:76:d4:23:17:e4:ea:e4:fa:21:46:
7c:b3:f1:01:f5:53:47:f1:61:2b:52:48:ae:68:46:
0b:33:b0:c8:78:78:7a:3f:cf:6e:5f:44:35:6c:2d:
3d:27:27:21:20:b3:57:31:09:36:c8:14:16:93:04:
69:1e:dc:9c:d6:ae:e2:f0:72:55:1c:b3:d7:53:a8:
1d:83:50:8f:46:76:f5:f0:6a:f6:55:6f:62:82:9c:
62:f9:86:9a:68:7c:7c:18:31:b6:2e:74:14:c4:73:
d3:19:cd:60:2b:7b:72:0e:8d:c0:36:9d:e2:96:ad:
e3:be:dd:44:2f:18:38:f4:58:99:d7:ce:7b:9f:11:
b7:e0:b4:b8:fd:ec:21:21:4c:d2:75:06:45:bf:74:
7d:e0:81:0b:80:84:e5:8b:f1:3f:a0:ce:f6:a6:78:
22:a3:69:11:27:41:85:dc:05:03:50:f1:74:98:41:
b5:b5:6b:ed:12:65:df:e8:b6:e5:11:14:d3:1f:df:
f0:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:09:A2:2A:6C:51:6A:CE:A0:C2:6E:2A:4B:04:94:20:8F:69:F6:65
X509v3 Authority Key Identifier:
keyid:57:4E:25:A1:6E:5D:3A:A1:10:AC:5E:83:35:F8:8F:63:E5:4B:42:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V04loW5dOqEQrF6DNfiPY-VLQvE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/04292f-f104-417c-acda-571af066cf1e/1/bQmiKmxRas6gwm4qSwSUII9p9mU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/04292f-f104-417c-acda-571af066cf1e/1/V04loW5dOqEQrF6DNfiPY-VLQvE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.50.64.0/22
IPv6:
2a01:a6a0::/32
Signature Algorithm: sha256WithRSAEncryption
5e:fa:ce:a6:fd:6d:08:f4:6d:00:7b:d9:12:28:07:7e:9c:42:
d9:63:07:29:c9:6b:15:dd:46:53:40:0b:43:c4:d0:cd:e6:9f:
d0:57:01:3d:d3:5d:78:b1:e8:56:5d:0e:18:f1:78:64:ec:b5:
02:a2:54:60:09:c8:e9:e5:80:51:7a:4b:0f:a8:80:7c:19:0d:
9d:71:90:8c:ac:2f:ef:2f:0f:19:20:9b:07:87:f4:be:dd:54:
88:ab:ee:2f:ab:18:26:5f:9c:d5:04:d2:0d:d8:42:ba:99:20:
06:dc:cc:4d:22:c7:2b:98:b8:c7:58:de:68:ff:b9:3a:ca:09:
8f:73:79:66:12:32:4c:9f:ea:0e:16:68:0d:33:dd:aa:da:02:
b5:88:99:95:52:43:7a:10:13:46:c2:f3:14:08:84:78:66:60:
33:93:c5:3d:ea:e3:1a:e9:64:c3:32:d4:7c:5f:62:cb:47:c2:
77:10:1a:cd:29:3c:d3:ee:a7:c8:36:bc:e7:58:dc:e7:28:72:
86:f2:ce:16:bb:99:c5:dc:88:79:7d:e2:09:7f:8f:49:bc:09:
5e:d8:40:d4:76:2d:08:50:f6:19:e9:73:94:14:c5:c4:25:31:
6f:c6:09:a7:ce:b9:2b:fd:7e:e9:70:e8:dc:26:3a:43:e0:37:
ea:f6:dd:2f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZoKx0cdA9rzoVNKdcFGobvGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NGUyNWExNmU1ZDNhYTExMGFjNWU4MzM1Zjg4ZjYzZTU0
YjQyZjEwHhcNMjUxMDIyMDcxNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDA5YTIyYTZjNTE2YWNlYTBjMjZlMmE0YjA0OTQyMDhmNjlmNjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynIpwTz0a/bmJkhc8iVv1INqUDBV
4Y3PL8mQiSKsYu6e0w3+VCu+i33qRiA1XuZFSLuikxeeuD2C37x5/hsmMHbUIxfk
6uT6IUZ8s/EB9VNH8WErUkiuaEYLM7DIeHh6P89uX0Q1bC09JychILNXMQk2yBQW
kwRpHtyc1q7i8HJVHLPXU6gdg1CPRnb18Gr2VW9igpxi+YaaaHx8GDG2LnQUxHPT
Gc1gK3tyDo3ANp3ilq3jvt1ELxg49FiZ1857nxG34LS4/ewhIUzSdQZFv3R94IEL
gITli/E/oM72pngio2kRJ0GF3AUDUPF0mEG1tWvtEmXf6LblERTTH9/wTwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG0JoipsUWrOoMJuKksElCCPafZlMB8GA1UdIwQY
MBaAFFdOJaFuXTqhEKxegzX4j2PlS0LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjA0bG9XNWRPcUVRckY2RE5maVBZLVZMUXZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8wNDI5MmYtZjEwNC00MTdjLWFjZGEt
NTcxYWYwNjZjZjFlLzEvYlFtaUtteFJhczZnd200cVN3U1VJSTlwOW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8wNDI5MmYtZjEwNC00MTdjLWFjZGEtNTcxYWYwNjZjZjFl
LzEvVjA0bG9XNWRPcUVRckY2RE5maVBZLVZMUXZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTJAMA0E
AgACMAcDBQAqAaagMA0GCSqGSIb3DQEBCwUAA4IBAQBe+s6m/W0I9G0Ae9kSKAd+
nELZYwcpyWsV3UZTQAtDxNDN5p/QVwE90114sehWXQ4Y8Xhk7LUColRgCcjp5YBR
eksPqIB8GQ2dcZCMrC/vLw8ZIJsHh/S+3VSIq+4vqxgmX5zVBNIN2EK6mSAG3MxN
IscrmLjHWN5o/7k6ygmPc3lmEjJMn+oOFmgNM92q2gK1iJmVUkN6EBNGwvMUCIR4
ZmAzk8U96uMa6WTDMtR8X2LLR8J3EBrNKTzT7qfINrznWNznKHKG8s4Wu5nF3Ih5
feIJf49JvAle2EDUdi0IUPYZ6XOUFMXEJTFvxgmnzrkr/X7pcOjcJjpD4Dfq9t0v
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:23:40 2025 by rpki-client