Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/cU6CsVDfHQhJQjFWuDSdWMXOY-Y.roa
File: cU6CsVDfHQhJQjFWuDSdWMXOY-Y.roa (raw, json)
Hash identifier: yMJ3yAkAsU6jX+mte3bhagIJyR+dnrQ4Zb8Q4qcTWso=
Subject key identifier: 71:4E:82:B1:50:DF:1D:08:49:42:31:56:B8:34:9D:58:C5:CE:63:E6
Certificate issuer: /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial: 019DEC951FFA7B532DDA05275D9A4669373C
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/cU6CsVDfHQhJQjFWuDSdWMXOY-Y.roa
Signing time: Sun 03 May 2026 06:44:49 +0000
ROA not before: Sun 03 May 2026 06:44:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 39074
IP address blocks: 85.133.128.0/22 maxlen: 22
85.133.128.0/24 maxlen: 24
85.133.129.0/24 maxlen: 24
85.133.130.0/24 maxlen: 24
85.133.131.0/24 maxlen: 24
85.133.132.0/24 maxlen: 24
85.133.133.0/24 maxlen: 24
85.133.134.0/24 maxlen: 24
85.133.135.0/24 maxlen: 24
85.133.136.0/24 maxlen: 24
85.133.137.0/24 maxlen: 24
85.133.138.0/24 maxlen: 24
85.133.139.0/24 maxlen: 24
85.133.141.0/24 maxlen: 24
85.133.142.0/24 maxlen: 24
85.133.143.0/24 maxlen: 24
85.133.144.0/24 maxlen: 24
85.133.145.0/24 maxlen: 24
85.133.146.0/24 maxlen: 24
85.133.147.0/24 maxlen: 24
85.133.148.0/24 maxlen: 24
85.133.149.0/24 maxlen: 24
85.133.150.0/24 maxlen: 24
85.133.151.0/24 maxlen: 24
85.133.152.0/24 maxlen: 24
85.133.154.0/24 maxlen: 24
85.133.155.0/24 maxlen: 24
85.133.156.0/24 maxlen: 24
85.133.157.0/24 maxlen: 24
85.133.158.0/24 maxlen: 24
85.133.159.0/24 maxlen: 24
85.133.164.0/24 maxlen: 24
85.133.165.0/24 maxlen: 24
85.133.166.0/24 maxlen: 24
85.133.167.0/24 maxlen: 24
85.133.168.0/22 maxlen: 24
85.133.168.0/24 maxlen: 24
85.133.171.0/24 maxlen: 24
85.133.172.0/22 maxlen: 24
85.133.172.0/24 maxlen: 24
85.133.173.0/24 maxlen: 24
85.133.175.0/24 maxlen: 24
85.133.176.0/22 maxlen: 24
85.133.176.0/24 maxlen: 24
85.133.177.0/24 maxlen: 24
85.133.178.0/24 maxlen: 24
85.133.179.0/24 maxlen: 24
85.133.180.0/22 maxlen: 24
85.133.180.0/24 maxlen: 24
85.133.181.0/24 maxlen: 24
85.133.182.0/24 maxlen: 24
85.133.183.0/24 maxlen: 24
85.133.184.0/22 maxlen: 24
85.133.184.0/24 maxlen: 24
85.133.185.0/24 maxlen: 24
85.133.186.0/24 maxlen: 24
85.133.187.0/24 maxlen: 24
85.133.188.0/22 maxlen: 22
85.133.188.0/24 maxlen: 24
85.133.189.0/24 maxlen: 24
85.133.190.0/24 maxlen: 24
85.133.191.0/24 maxlen: 24
85.133.192.0/24 maxlen: 24
85.133.194.0/24 maxlen: 24
85.133.196.0/24 maxlen: 24
85.133.197.0/24 maxlen: 24
85.133.199.0/24 maxlen: 24
85.133.201.0/24 maxlen: 24
85.133.203.0/24 maxlen: 24
85.133.204.0/24 maxlen: 24
85.133.207.0/24 maxlen: 24
85.133.208.0/24 maxlen: 24
85.133.209.0/24 maxlen: 24
85.133.210.0/23 maxlen: 24
85.133.210.0/24 maxlen: 24
85.133.211.0/24 maxlen: 24
85.133.212.0/24 maxlen: 24
85.133.213.0/24 maxlen: 24
85.133.214.0/24 maxlen: 24
85.133.215.0/24 maxlen: 24
85.133.216.0/24 maxlen: 24
85.133.218.0/24 maxlen: 24
85.133.219.0/24 maxlen: 24
85.133.222.0/24 maxlen: 24
85.133.223.0/24 maxlen: 24
85.133.224.0/24 maxlen: 24
85.133.226.0/24 maxlen: 24
85.133.228.0/24 maxlen: 24
85.133.231.0/24 maxlen: 24
85.133.232.0/24 maxlen: 24
85.133.234.0/24 maxlen: 24
85.133.235.0/24 maxlen: 24
85.133.236.0/24 maxlen: 24
85.133.237.0/24 maxlen: 24
85.133.238.0/24 maxlen: 24
85.133.241.0/24 maxlen: 24
85.133.244.0/24 maxlen: 24
85.133.245.0/24 maxlen: 24
85.133.246.0/24 maxlen: 24
85.133.247.0/24 maxlen: 24
85.133.251.0/24 maxlen: 24
85.133.253.0/24 maxlen: 24
85.133.254.0/24 maxlen: 24
85.133.255.0/24 maxlen: 24
2a04:87c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:ec:95:1f:fa:7b:53:2d:da:05:27:5d:9a:46:69:37:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Validity
Not Before: May 3 06:44:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=714e82b150df1d0849423156b8349d58c5ce63e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:d2:b5:c0:f0:a4:6b:e2:39:7d:ce:68:c1:c1:
28:2b:47:ac:ea:ec:75:ae:ac:bc:e1:ab:23:90:36:
39:3f:94:44:ff:e0:54:8e:f6:62:4d:9c:30:c5:c1:
48:ce:0f:81:7e:15:53:ab:cb:38:75:83:fd:fa:71:
2b:dd:24:f6:37:7a:bb:a5:71:99:88:1d:67:e4:f2:
49:3b:14:d0:a9:9d:b2:89:86:c1:de:0d:45:7d:83:
2a:b1:a5:34:da:34:2d:b9:ed:a2:c1:e2:6a:d6:f7:
62:6b:d2:a4:0c:bc:78:d9:39:a4:70:77:42:d4:58:
e3:29:63:ab:b2:5e:68:20:99:f2:fe:cf:8b:f0:59:
90:62:0b:c1:12:cc:6e:4a:af:72:9f:23:15:b6:ab:
71:be:3a:2f:49:33:02:59:89:03:01:f1:3e:d8:35:
59:98:9a:18:91:c6:a7:36:57:ce:f6:47:f0:7c:72:
cd:96:40:08:1d:e6:94:8b:d1:c0:72:c9:0b:b1:59:
b9:74:ca:d3:c0:a1:df:b5:96:dc:f2:47:49:07:d0:
52:8c:ba:3f:5d:a6:73:23:bb:c4:f4:ea:7f:d9:ef:
8d:03:4d:b6:e9:3d:da:61:6f:e0:d2:09:c4:21:6a:
79:a5:76:91:76:7b:0e:fa:bb:2e:1a:22:8b:8a:ec:
30:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:4E:82:B1:50:DF:1D:08:49:42:31:56:B8:34:9D:58:C5:CE:63:E6
X509v3 Authority Key Identifier:
keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/cU6CsVDfHQhJQjFWuDSdWMXOY-Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.133.128.0-85.133.139.255
85.133.141.0-85.133.152.255
85.133.154.0-85.133.159.255
85.133.164.0-85.133.192.255
85.133.194.0/24
85.133.196.0/23
85.133.199.0/24
85.133.201.0/24
85.133.203.0-85.133.204.255
85.133.207.0-85.133.216.255
85.133.218.0/23
85.133.222.0-85.133.224.255
85.133.226.0/24
85.133.228.0/24
85.133.231.0-85.133.232.255
85.133.234.0-85.133.238.255
85.133.241.0/24
85.133.244.0/22
85.133.251.0/24
85.133.253.0-85.133.255.255
IPv6:
2a04:87c0::/29
Signature Algorithm: sha256WithRSAEncryption
a9:42:8e:c2:19:1d:45:6a:fe:ff:0a:7d:8b:43:0a:26:07:dc:
04:fe:3f:9a:b8:f3:a7:3d:25:21:d9:c5:d7:1c:e7:8b:21:7f:
93:6d:16:43:fb:69:40:44:69:58:56:27:62:15:4c:c6:11:88:
84:74:30:7c:d8:16:40:4f:c8:04:59:83:e7:9e:51:16:2b:5e:
cb:86:6a:9c:0f:5e:e3:37:bb:a3:f9:ce:05:32:96:bf:eb:c8:
94:50:ea:cb:e1:a1:0b:19:38:10:29:7c:b4:f8:38:d5:89:d0:
a8:7d:35:f4:13:05:a1:7a:0d:39:cd:fc:d7:f2:b5:5d:95:dc:
82:21:94:de:a9:82:a3:8c:84:ed:e6:92:db:ff:22:f0:e9:b1:
7a:23:f3:e4:f5:b2:2e:fc:ed:31:47:d3:2c:a3:7d:ec:41:3c:
a5:8c:68:ee:c8:71:eb:cb:f2:a2:1a:63:98:d9:36:78:27:f4:
c5:9e:cb:be:6e:28:f4:42:65:62:1d:6e:08:44:65:13:ef:64:
74:f0:8c:d8:c8:04:1a:95:15:c7:e3:94:29:ee:99:65:0d:61:
90:7d:b2:42:a9:42:5e:fb:c0:50:ef:c6:bd:ea:30:ee:40:7d:
3f:9d:b6:8d:3d:61:93:23:cb:0f:bc:bc:ea:62:bd:1e:c8:11:
98:4a:f9:00
-----BEGIN CERTIFICATE-----
MIIF0jCCBLqgAwIBAgISAZ3slR/6e1Mt2gUnXZpGaTc8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwNTAzMDY0NDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTRlODJiMTUwZGYxZDA4NDk0MjMxNTZiODM0OWQ1OGM1Y2U2M2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytK1wPCka+I5fc5owcEoK0es6ux1
rqy84asjkDY5P5RE/+BUjvZiTZwwxcFIzg+BfhVTq8s4dYP9+nEr3ST2N3q7pXGZ
iB1n5PJJOxTQqZ2yiYbB3g1FfYMqsaU02jQtue2iweJq1vdia9KkDLx42TmkcHdC
1FjjKWOrsl5oIJny/s+L8FmQYgvBEsxuSq9ynyMVtqtxvjovSTMCWYkDAfE+2DVZ
mJoYkcanNlfO9kfwfHLNlkAIHeaUi9HAcskLsVm5dMrTwKHftZbc8kdJB9BSjLo/
XaZzI7vE9Op/2e+NA0226T3aYW/g0gnEIWp5pXaRdnsO+rsuGiKLiuwwgQIDAQAB
o4IC3jCCAtowHQYDVR0OBBYEFHFOgrFQ3x0ISUIxVrg0nVjFzmPmMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvY1U2Q3NWRGZIUWhKUWpGV3VEU2RXTVhPWS1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHzBggrBgEFBQcBBwEB/wSB4zCB4DCBzgQCAAEwgccwDAME
B1WFgAMEAlWFiDAMAwQAVYWNAwQAVYWYMAwDBAFVhZoDBAVVhYAwDAMEAlWFpAME
AFWFwAMEAFWFwgMEAVWFxAMEAFWFxwMEAFWFyTAMAwQAVYXLAwQAVYXMMAwDBABV
hc8DBABVhdgDBAFVhdowDAMEAVWF3gMEAFWF4AMEAFWF4gMEAFWF5DAMAwQAVYXn
AwQAVYXoMAwDBAFVheoDBABVhe4DBABVhfEDBAJVhfQDBABVhfswCwMEAFWF/QMD
AVWEMA0EAgACMAcDBQMqBIfAMA0GCSqGSIb3DQEBCwUAA4IBAQCpQo7CGR1Fav7/
Cn2LQwomB9wE/j+auPOnPSUh2cXXHOeLIX+TbRZD+2lARGlYVidiFUzGEYiEdDB8
2BZAT8gEWYPnnlEWK17LhmqcD17jN7uj+c4FMpa/68iUUOrL4aELGTgQKXy0+DjV
idCofTX0EwWheg05zfzX8rVdldyCIZTeqYKjjITt5pLb/yLw6bF6I/Pk9bIu/O0x
R9Mso33sQTyljGjuyHHry/KiGmOY2TZ4J/TFnsu+bij0QmViHW4IRGUT72R08IzY
yAQalRXH45Qp7pllDWGQfbJCqUJe+8BQ78a96jDuQH0/nbaNPWGTI8sPvLzqYr0e
yBGYSvkA
-----END CERTIFICATE-----
Generated at Tue May 12 21:38:37 2026 by rpki-client