Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/T7IjBrYrggA-fhq6ldUZ_3bbRAM.roa
File: T7IjBrYrggA-fhq6ldUZ_3bbRAM.roa (raw, json)
Hash identifier: uvE5iKVkYEQQo3ln8x8eOoRQL4ODeOvhvfo6hm9IKvw=
Subject key identifier: 4F:B2:23:06:B6:2B:82:00:3E:7E:1A:BA:95:D5:19:FF:76:DB:44:03
Certificate issuer: /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial: 019999789E78F8D592BE876B7EF4CE525D21
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/T7IjBrYrggA-fhq6ldUZ_3bbRAM.roa
Signing time: Tue 30 Sep 2025 07:14:02 +0000
ROA not before: Tue 30 Sep 2025 07:14:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214922
IP address blocks: 85.133.201.0/24 maxlen: 24
85.133.202.0/24 maxlen: 24
85.133.203.0/24 maxlen: 24
85.133.204.0/24 maxlen: 24
85.133.228.0/24 maxlen: 24
85.133.238.0/24 maxlen: 24
85.133.241.0/24 maxlen: 24
85.133.247.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:99:78:9e:78:f8:d5:92:be:87:6b:7e:f4:ce:52:5d:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Validity
Not Before: Sep 30 07:14:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4fb22306b62b82003e7e1aba95d519ff76db4403
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:a7:7c:21:d9:4b:f7:01:ed:81:45:46:36:b3:
f9:5c:c3:4a:2b:4a:39:80:c9:c0:f9:b0:98:ee:dd:
72:7e:27:d9:ee:f5:35:5b:ed:f7:2f:a4:0d:05:1a:
08:42:37:38:59:d0:45:26:d0:4e:e1:f5:bc:75:80:
d9:65:35:59:3f:28:10:dd:a8:5d:fb:4c:4e:57:49:
08:29:1e:08:4c:99:a8:76:71:79:d8:9f:f2:e1:5f:
cd:30:4e:33:8c:f8:02:7b:db:86:d8:62:11:07:2d:
69:6f:51:cf:b8:09:2f:bb:98:bd:fa:ca:e3:d4:c0:
46:c2:dd:e7:8b:48:f0:43:8c:0d:b0:e8:71:0b:aa:
e7:b9:27:04:37:a0:75:35:92:3a:08:bb:a0:24:b5:
90:f7:eb:64:33:b9:75:bd:0b:c9:fd:3d:1f:1d:46:
af:ad:7e:14:ac:04:34:32:79:a5:b7:d3:e5:03:51:
32:65:74:51:1f:80:a5:7e:28:e2:f0:ce:16:36:56:
09:e4:1b:e4:d4:ce:a7:83:e6:77:bb:fb:6f:e3:c3:
6c:f4:a8:04:b3:6f:a5:25:c6:ff:2d:e4:c3:e5:af:
36:55:52:49:b7:f8:f1:a3:dc:78:99:5f:60:90:e8:
d1:08:6a:ea:6b:7c:8c:9c:25:80:35:ea:59:83:bf:
82:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:B2:23:06:B6:2B:82:00:3E:7E:1A:BA:95:D5:19:FF:76:DB:44:03
X509v3 Authority Key Identifier:
keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/T7IjBrYrggA-fhq6ldUZ_3bbRAM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.133.201.0-85.133.204.255
85.133.228.0/24
85.133.238.0/24
85.133.241.0/24
85.133.247.0/24
Signature Algorithm: sha256WithRSAEncryption
03:ca:93:61:82:b2:fb:61:1a:36:c7:b4:9b:0b:8b:57:9f:f8:
ce:dc:0b:fe:09:81:5f:42:06:fb:12:44:c1:cd:36:f3:18:f7:
2a:9a:8b:87:a3:d9:4f:53:2e:48:28:f4:22:77:b1:9b:9f:b9:
c8:5e:81:f4:48:10:ff:10:8a:fd:43:d1:af:b6:4c:67:11:ad:
ed:e3:da:00:22:db:55:38:d6:6a:f0:37:ff:39:0d:48:76:12:
fc:9a:35:58:32:b0:4c:a2:d0:6e:63:59:45:39:6d:f6:84:ab:
3a:72:fa:be:6d:ef:a5:99:f3:b6:17:71:55:69:5c:e4:3f:a1:
77:e8:6f:4b:e1:8f:1a:d5:27:b8:c3:ee:ee:b1:21:1e:87:19:
6f:8f:b8:fc:c5:f8:3b:e0:b7:03:c9:85:20:f3:f4:18:fb:73:
88:04:8c:8b:10:da:46:22:06:a3:8f:95:75:81:66:49:0b:0d:
08:fd:69:37:89:1f:6b:ab:2d:12:93:e9:b5:7b:a5:1e:17:52:
d6:aa:1b:ba:42:16:2e:e1:3e:16:57:42:c6:25:a0:99:22:ab:
ab:af:70:c0:9c:2f:45:c0:26:2e:c3:0a:68:bf:7c:f7:37:5b:
b4:59:7c:72:1d:c9:3a:0c:32:7c:df:19:a6:6d:62:eb:eb:fb:
51:59:51:56
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZmZeJ54+NWSvodrfvTOUl0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwOTMwMDcxNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmIyMjMwNmI2MmI4MjAwM2U3ZTFhYmE5NWQ1MTlmZjc2ZGI0NDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKd8IdlL9wHtgUVGNrP5XMNKK0o5
gMnA+bCY7t1yfifZ7vU1W+33L6QNBRoIQjc4WdBFJtBO4fW8dYDZZTVZPygQ3ahd
+0xOV0kIKR4ITJmodnF52J/y4V/NME4zjPgCe9uG2GIRBy1pb1HPuAkvu5i9+srj
1MBGwt3ni0jwQ4wNsOhxC6rnuScEN6B1NZI6CLugJLWQ9+tkM7l1vQvJ/T0fHUav
rX4UrAQ0Mnmlt9PlA1EyZXRRH4Clfiji8M4WNlYJ5Bvk1M6ng+Z3u/tv48Ns9KgE
s2+lJcb/LeTD5a82VVJJt/jxo9x4mV9gkOjRCGrqa3yMnCWANepZg7+CoQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFE+yIwa2K4IAPn4aupXVGf9220QDMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvVDdJakJyWXJnZ0EtZmhxNmxkVVpfM2JiUkFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBABVhckD
BABVhcwDBABVheQDBABVhe4DBABVhfEDBABVhfcwDQYJKoZIhvcNAQELBQADggEB
AAPKk2GCsvthGjbHtJsLi1ef+M7cC/4JgV9CBvsSRMHNNvMY9yqai4ej2U9TLkgo
9CJ3sZufuchegfRIEP8Qiv1D0a+2TGcRre3j2gAi21U41mrwN/85DUh2EvyaNVgy
sEyi0G5jWUU5bfaEqzpy+r5t76WZ87YXcVVpXOQ/oXfob0vhjxrVJ7jD7u6xIR6H
GW+PuPzF+DvgtwPJhSDz9Bj7c4gEjIsQ2kYiBqOPlXWBZkkLDQj9aTeJH2urLRKT
6bV7pR4XUtaqG7pCFi7hPhZXQsYloJkiq6uvcMCcL0XAJi7DCmi/fPc3W7RZfHId
yToMMnzfGaZtYuvr+1FZUVY=
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:16:04 2025 by rpki-client