Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/fJpkT-437me05--9YcoG-Z-gtp0.roa
File: fJpkT-437me05--9YcoG-Z-gtp0.roa (raw, json)
Hash identifier: S3/+Mf1eiHqBI2upibbtw3ImJd6HoVXmnaOiOtu8vFs=
Subject key identifier: 7C:9A:64:4F:EE:37:EE:67:B4:E7:EF:BD:61:CA:06:F9:9F:A0:B6:9D
Certificate issuer: /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial: 019999789E27FDC1EAE1774584F51F2AB3D0
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/fJpkT-437me05--9YcoG-Z-gtp0.roa
Signing time: Tue 30 Sep 2025 07:14:02 +0000
ROA not before: Tue 30 Sep 2025 07:14:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39074
IP address blocks: 85.133.128.0/22 maxlen: 22
85.133.128.0/24 maxlen: 24
85.133.129.0/24 maxlen: 24
85.133.130.0/24 maxlen: 24
85.133.131.0/24 maxlen: 24
85.133.132.0/24 maxlen: 24
85.133.133.0/24 maxlen: 24
85.133.134.0/24 maxlen: 24
85.133.135.0/24 maxlen: 24
85.133.136.0/24 maxlen: 24
85.133.137.0/24 maxlen: 24
85.133.138.0/24 maxlen: 24
85.133.139.0/24 maxlen: 24
85.133.140.0/22 maxlen: 22
85.133.140.0/24 maxlen: 24
85.133.141.0/24 maxlen: 24
85.133.142.0/24 maxlen: 24
85.133.143.0/24 maxlen: 24
85.133.144.0/22 maxlen: 22
85.133.144.0/24 maxlen: 24
85.133.145.0/24 maxlen: 24
85.133.147.0/24 maxlen: 24
85.133.148.0/22 maxlen: 22
85.133.148.0/24 maxlen: 24
85.133.149.0/24 maxlen: 24
85.133.150.0/24 maxlen: 24
85.133.151.0/24 maxlen: 24
85.133.152.0/24 maxlen: 24
85.133.154.0/24 maxlen: 24
85.133.155.0/24 maxlen: 24
85.133.156.0/24 maxlen: 24
85.133.157.0/24 maxlen: 24
85.133.158.0/24 maxlen: 24
85.133.159.0/24 maxlen: 24
85.133.164.0/24 maxlen: 24
85.133.165.0/24 maxlen: 24
85.133.166.0/24 maxlen: 24
85.133.167.0/24 maxlen: 24
85.133.168.0/22 maxlen: 24
85.133.168.0/24 maxlen: 24
85.133.171.0/24 maxlen: 24
85.133.172.0/22 maxlen: 24
85.133.172.0/24 maxlen: 24
85.133.173.0/24 maxlen: 24
85.133.175.0/24 maxlen: 24
85.133.176.0/22 maxlen: 24
85.133.176.0/24 maxlen: 24
85.133.177.0/24 maxlen: 24
85.133.178.0/24 maxlen: 24
85.133.179.0/24 maxlen: 24
85.133.180.0/22 maxlen: 24
85.133.180.0/24 maxlen: 24
85.133.181.0/24 maxlen: 24
85.133.182.0/24 maxlen: 24
85.133.183.0/24 maxlen: 24
85.133.184.0/22 maxlen: 24
85.133.184.0/24 maxlen: 24
85.133.185.0/24 maxlen: 24
85.133.186.0/24 maxlen: 24
85.133.187.0/24 maxlen: 24
85.133.188.0/22 maxlen: 22
85.133.188.0/24 maxlen: 24
85.133.189.0/24 maxlen: 24
85.133.190.0/24 maxlen: 24
85.133.191.0/24 maxlen: 24
85.133.192.0/24 maxlen: 24
85.133.207.0/24 maxlen: 24
85.133.209.0/24 maxlen: 24
85.133.210.0/23 maxlen: 24
85.133.210.0/24 maxlen: 24
85.133.211.0/24 maxlen: 24
85.133.212.0/24 maxlen: 24
85.133.213.0/24 maxlen: 24
85.133.215.0/24 maxlen: 24
85.133.222.0/24 maxlen: 24
85.133.223.0/24 maxlen: 24
85.133.226.0/24 maxlen: 24
85.133.231.0/24 maxlen: 24
85.133.232.0/24 maxlen: 24
85.133.235.0/24 maxlen: 24
85.133.239.0/24 maxlen: 24
85.133.244.0/24 maxlen: 24
85.133.251.0/24 maxlen: 24
85.133.255.0/24 maxlen: 24
2a04:87c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:99:78:9e:27:fd:c1:ea:e1:77:45:84:f5:1f:2a:b3:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Validity
Not Before: Sep 30 07:14:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7c9a644fee37ee67b4e7efbd61ca06f99fa0b69d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:92:34:cb:97:aa:04:04:c2:55:0a:71:35:b5:
50:72:f3:c5:8c:a9:99:9a:43:f5:0f:dd:5b:c8:ac:
61:2a:a9:86:55:cb:9d:af:4e:c4:9d:4e:13:66:1a:
fc:58:84:a8:8a:c5:2c:72:03:30:25:bd:90:9f:ef:
ae:81:52:1b:42:b6:34:94:ac:28:7e:61:58:54:40:
eb:94:fe:77:51:55:bd:72:d0:21:f4:7b:ef:2b:bd:
9c:dd:2c:d9:77:f2:1c:86:91:cd:08:24:65:30:6f:
d6:f5:5c:12:29:64:ae:b1:20:58:41:5e:97:c5:4b:
0b:ba:b1:62:1c:01:f7:42:44:71:6f:bc:86:b5:b3:
dd:34:92:01:8d:43:a6:0b:e4:c9:52:73:4c:a6:7a:
c9:bf:0c:41:c2:a2:83:6d:3f:53:e4:30:b5:43:86:
0e:45:eb:b2:7c:42:2b:27:84:56:43:7c:bd:be:e8:
7c:6d:b0:87:52:4d:a4:8e:2a:ed:c5:b6:6e:cc:fe:
0c:ce:db:d0:1b:0c:35:f2:4a:87:17:c1:3c:2f:f3:
de:fa:ab:9e:16:e3:6c:70:f3:08:17:1e:b1:a1:7b:
2c:b9:d4:fd:b5:ba:71:34:e1:37:6f:c6:9e:e9:23:
0b:7b:9f:ef:72:a5:9b:1b:a7:07:2f:f5:5a:e7:44:
18:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:9A:64:4F:EE:37:EE:67:B4:E7:EF:BD:61:CA:06:F9:9F:A0:B6:9D
X509v3 Authority Key Identifier:
keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/fJpkT-437me05--9YcoG-Z-gtp0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.133.128.0-85.133.152.255
85.133.154.0-85.133.159.255
85.133.164.0-85.133.192.255
85.133.207.0/24
85.133.209.0-85.133.213.255
85.133.215.0/24
85.133.222.0/23
85.133.226.0/24
85.133.231.0-85.133.232.255
85.133.235.0/24
85.133.239.0/24
85.133.244.0/24
85.133.251.0/24
85.133.255.0/24
IPv6:
2a04:87c0::/29
Signature Algorithm: sha256WithRSAEncryption
b2:32:55:4b:a9:29:db:a6:50:73:ff:26:1b:5e:86:76:00:d5:
6e:40:6f:28:da:43:b8:fd:0e:d2:b5:ee:17:19:73:d2:4d:94:
2c:68:13:17:e3:de:57:e3:48:af:2f:21:c4:b4:26:09:77:7b:
dd:a4:cc:19:6a:1c:c9:73:ff:1d:78:9e:a8:80:53:a6:6f:56:
f2:74:f8:98:7b:67:e3:e4:d8:d2:7d:5b:0a:fe:02:e1:ee:1f:
1f:a4:b7:49:bd:df:9a:73:86:61:da:18:cc:af:9c:e8:c7:98:
4e:48:7f:c8:26:e4:66:f1:18:9e:78:89:59:18:08:dc:21:af:
37:7f:b9:e1:b4:ce:ec:16:e4:ca:2e:77:12:41:87:69:90:73:
a5:d0:cc:38:00:89:15:c7:ba:82:5b:8e:56:d4:6e:9a:5f:ed:
77:f0:18:9f:10:da:ae:6b:18:ef:30:d8:66:e6:55:b9:8c:10:
72:02:47:87:d2:41:b7:41:24:4a:12:36:a6:3b:31:f1:98:73:
aa:23:ca:0f:85:d5:8e:d4:e7:f4:87:41:a3:f9:85:34:06:89:
18:e2:da:a6:cc:24:83:e6:95:28:88:a6:a2:f8:b5:95:17:7c:
3d:0e:35:fc:0d:ba:75:56:7c:97:b8:cc:db:59:be:f8:87:1c:
cb:6e:de:b4
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAZmZeJ4n/cHq4XdFhPUfKrPQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwOTMwMDcxNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzlhNjQ0ZmVlMzdlZTY3YjRlN2VmYmQ2MWNhMDZmOTlmYTBiNjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5I0y5eqBATCVQpxNbVQcvPFjKmZ
mkP1D91byKxhKqmGVcudr07EnU4TZhr8WISoisUscgMwJb2Qn++ugVIbQrY0lKwo
fmFYVEDrlP53UVW9ctAh9HvvK72c3SzZd/IchpHNCCRlMG/W9VwSKWSusSBYQV6X
xUsLurFiHAH3QkRxb7yGtbPdNJIBjUOmC+TJUnNMpnrJvwxBwqKDbT9T5DC1Q4YO
ReuyfEIrJ4RWQ3y9vuh8bbCHUk2kjirtxbZuzP4MztvQGww18kqHF8E8L/Pe+que
FuNscPMIFx6xoXssudT9tbpxNOE3b8ae6SMLe5/vcqWbG6cHL/Va50QYuQIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFHyaZE/uN+5ntOfvvWHKBvmfoLadMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvZkpwa1QtNDM3bWUwNS0tOVljb0ctWi1ndHAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGnBggrBgEFBQcBBwEB/wSBlzCBlDCBggQCAAEwfDAMAwQH
VYWAAwQAVYWYMAwDBAFVhZoDBAVVhYAwDAMEAlWFpAMEAFWFwAMEAFWFzzAMAwQA
VYXRAwQBVYXUAwQAVYXXAwQBVYXeAwQAVYXiMAwDBABVhecDBABVhegDBABVhesD
BABVhe8DBABVhfQDBABVhfsDBABVhf8wDQQCAAIwBwMFAyoEh8AwDQYJKoZIhvcN
AQELBQADggEBALIyVUupKdumUHP/JhtehnYA1W5AbyjaQ7j9DtK17hcZc9JNlCxo
Exfj3lfjSK8vIcS0Jgl3e92kzBlqHMlz/x14nqiAU6ZvVvJ0+Jh7Z+Pk2NJ9Wwr+
AuHuHx+kt0m935pzhmHaGMyvnOjHmE5If8gm5GbxGJ54iVkYCNwhrzd/ueG0zuwW
5MoudxJBh2mQc6XQzDgAiRXHuoJbjlbUbppf7XfwGJ8Q2q5rGO8w2GbmVbmMEHIC
R4fSQbdBJEoSNqY7MfGYc6ojyg+F1Y7U5/SHQaP5hTQGiRji2qbMJIPmlSiIpqL4
tZUXfD0ONfwNunVWfJe4zNtZvviHHMtu3rQ=
-----END CERTIFICATE-----
Generated at Mon Oct 20 00:49:25 2025 by rpki-client