Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/J0hUsRCIsJxqBDRWowURVzD64X4.roa
File: J0hUsRCIsJxqBDRWowURVzD64X4.roa (raw, json)
Hash identifier: He+iX00zjq0nvLNeHU3AImzUnMzLPp3BFiM+8qRicMw=
Subject key identifier: 27:48:54:B1:10:88:B0:9C:6A:04:34:56:A3:05:11:57:30:FA:E1:7E
Certificate issuer: /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial: 019C9A2A81CA0772E140A09C8EC326F8BA07
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/J0hUsRCIsJxqBDRWowURVzD64X4.roa
Signing time: Thu 26 Feb 2026 13:36:42 +0000
ROA not before: Thu 26 Feb 2026 13:36:42 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 39074
IP address blocks: 85.133.128.0/22 maxlen: 22
85.133.128.0/24 maxlen: 24
85.133.129.0/24 maxlen: 24
85.133.130.0/24 maxlen: 24
85.133.131.0/24 maxlen: 24
85.133.133.0/24 maxlen: 24
85.133.134.0/24 maxlen: 24
85.133.135.0/24 maxlen: 24
85.133.136.0/24 maxlen: 24
85.133.137.0/24 maxlen: 24
85.133.138.0/24 maxlen: 24
85.133.139.0/24 maxlen: 24
85.133.141.0/24 maxlen: 24
85.133.142.0/24 maxlen: 24
85.133.143.0/24 maxlen: 24
85.133.144.0/24 maxlen: 24
85.133.145.0/24 maxlen: 24
85.133.146.0/24 maxlen: 24
85.133.147.0/24 maxlen: 24
85.133.148.0/24 maxlen: 24
85.133.149.0/24 maxlen: 24
85.133.150.0/24 maxlen: 24
85.133.151.0/24 maxlen: 24
85.133.152.0/24 maxlen: 24
85.133.154.0/24 maxlen: 24
85.133.155.0/24 maxlen: 24
85.133.156.0/24 maxlen: 24
85.133.157.0/24 maxlen: 24
85.133.158.0/24 maxlen: 24
85.133.159.0/24 maxlen: 24
85.133.164.0/24 maxlen: 24
85.133.165.0/24 maxlen: 24
85.133.166.0/24 maxlen: 24
85.133.167.0/24 maxlen: 24
85.133.168.0/22 maxlen: 24
85.133.168.0/24 maxlen: 24
85.133.171.0/24 maxlen: 24
85.133.172.0/22 maxlen: 24
85.133.172.0/24 maxlen: 24
85.133.173.0/24 maxlen: 24
85.133.175.0/24 maxlen: 24
85.133.176.0/22 maxlen: 24
85.133.176.0/24 maxlen: 24
85.133.177.0/24 maxlen: 24
85.133.178.0/24 maxlen: 24
85.133.179.0/24 maxlen: 24
85.133.180.0/22 maxlen: 24
85.133.180.0/24 maxlen: 24
85.133.181.0/24 maxlen: 24
85.133.182.0/24 maxlen: 24
85.133.183.0/24 maxlen: 24
85.133.184.0/22 maxlen: 24
85.133.184.0/24 maxlen: 24
85.133.185.0/24 maxlen: 24
85.133.186.0/24 maxlen: 24
85.133.187.0/24 maxlen: 24
85.133.188.0/22 maxlen: 22
85.133.188.0/24 maxlen: 24
85.133.189.0/24 maxlen: 24
85.133.190.0/24 maxlen: 24
85.133.191.0/24 maxlen: 24
85.133.192.0/24 maxlen: 24
85.133.199.0/24 maxlen: 24
85.133.207.0/24 maxlen: 24
85.133.208.0/24 maxlen: 24
85.133.209.0/24 maxlen: 24
85.133.210.0/23 maxlen: 24
85.133.210.0/24 maxlen: 24
85.133.211.0/24 maxlen: 24
85.133.212.0/24 maxlen: 24
85.133.213.0/24 maxlen: 24
85.133.215.0/24 maxlen: 24
85.133.222.0/24 maxlen: 24
85.133.223.0/24 maxlen: 24
85.133.226.0/24 maxlen: 24
85.133.231.0/24 maxlen: 24
85.133.232.0/24 maxlen: 24
85.133.235.0/24 maxlen: 24
85.133.244.0/24 maxlen: 24
85.133.251.0/24 maxlen: 24
85.133.254.0/24 maxlen: 24
85.133.255.0/24 maxlen: 24
2a04:87c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 09:38:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:9a:2a:81:ca:07:72:e1:40:a0:9c:8e:c3:26:f8:ba:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Validity
Not Before: Feb 26 13:36:42 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=274854b11088b09c6a043456a305115730fae17e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:1c:e1:3d:29:57:60:71:97:a6:7d:86:8e:8c:
de:ec:aa:25:8a:c6:03:17:d1:67:44:0e:61:03:62:
74:1d:f8:e2:33:1c:f6:29:69:1d:f4:ea:f5:05:1d:
c2:57:5a:ad:92:13:58:12:79:ce:1b:0f:ac:40:33:
b4:5b:3d:98:da:16:5c:7d:df:f1:59:b7:cb:99:11:
a9:b0:b0:24:f5:c9:3c:fe:d9:15:ee:97:e0:a8:fe:
ae:fe:b4:56:8a:93:37:5e:27:14:de:e9:16:b9:18:
80:bf:5b:63:bc:55:69:d9:91:c2:b9:cb:9d:5e:cf:
ec:f3:ba:fe:46:45:b3:99:f9:a3:5b:81:5b:e4:ac:
2a:9e:30:56:b1:7c:93:a1:77:48:c9:92:44:5f:bf:
c5:18:c2:9b:fa:d2:ee:33:52:3f:4d:19:f8:96:02:
a7:0e:a8:d7:a0:a7:17:97:8e:32:34:08:45:4b:45:
5d:79:d9:27:36:bc:74:a2:41:93:3c:18:82:be:24:
83:6e:ea:80:af:3a:46:2e:45:5c:9b:5d:63:a3:6b:
81:84:8a:f3:d6:94:b6:a1:6b:8c:1a:a9:9c:4a:56:
fc:8c:3a:8c:a4:dc:81:a0:f2:73:ce:08:1e:29:34:
d7:57:1b:03:c9:0b:9d:20:90:d1:82:41:f0:ec:23:
6d:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:48:54:B1:10:88:B0:9C:6A:04:34:56:A3:05:11:57:30:FA:E1:7E
X509v3 Authority Key Identifier:
keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/J0hUsRCIsJxqBDRWowURVzD64X4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.133.128.0/22
85.133.133.0-85.133.139.255
85.133.141.0-85.133.152.255
85.133.154.0-85.133.159.255
85.133.164.0-85.133.192.255
85.133.199.0/24
85.133.207.0-85.133.213.255
85.133.215.0/24
85.133.222.0/23
85.133.226.0/24
85.133.231.0-85.133.232.255
85.133.235.0/24
85.133.244.0/24
85.133.251.0/24
85.133.254.0/23
IPv6:
2a04:87c0::/29
Signature Algorithm: sha256WithRSAEncryption
4e:5b:9f:04:0d:6f:2f:aa:f6:8e:80:e1:4b:f3:8b:5a:6e:08:
57:5b:7d:f7:d0:c3:ac:f5:73:e0:1b:03:72:95:9a:4d:e0:25:
6e:f5:e7:84:d9:80:e0:02:c0:03:62:0d:a6:2e:7b:55:8e:a3:
c2:bc:92:cf:fa:ca:95:e2:ee:73:3d:e7:a0:92:d2:be:a4:d9:
31:c1:e6:41:bb:ec:61:6d:7e:ee:a8:cf:b3:2c:0d:9e:48:d1:
96:35:49:8f:ad:20:27:57:9d:5c:a3:9f:4e:d2:ea:d9:e3:6a:
9d:df:27:b8:3e:6c:7b:d0:22:ce:da:cc:a7:55:6c:6b:0b:c4:
f1:45:2d:23:79:ce:f1:ee:66:7e:c9:57:43:9b:1c:31:c2:96:
ad:ce:6a:b1:f7:8c:c4:41:48:40:3b:9f:6f:9c:18:1e:84:90:
ea:c2:43:14:2a:d1:bc:60:ad:9d:5b:ed:2f:e1:1e:b4:38:6f:
a2:8e:0f:12:32:2e:0f:b7:2b:51:94:ab:be:0d:91:22:76:b7:
68:81:3b:36:54:1d:ef:dc:df:7d:24:a2:55:c6:4a:ff:4d:da:
07:13:26:43:4d:85:79:e9:61:48:90:e2:27:b0:92:df:b3:6e:
1f:0f:74:e5:50:7d:03:a3:b5:a9:4a:4e:27:be:86:0c:64:66:
c3:35:20:bd
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZyaKoHKB3LhQKCcjsMm+LoHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwMjI2MTMzNjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzQ4NTRiMTEwODhiMDljNmEwNDM0NTZhMzA1MTE1NzMwZmFlMTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRzhPSlXYHGXpn2Gjoze7KolisYD
F9FnRA5hA2J0HfjiMxz2KWkd9Or1BR3CV1qtkhNYEnnOGw+sQDO0Wz2Y2hZcfd/x
WbfLmRGpsLAk9ck8/tkV7pfgqP6u/rRWipM3XicU3ukWuRiAv1tjvFVp2ZHCucud
Xs/s87r+RkWzmfmjW4Fb5KwqnjBWsXyToXdIyZJEX7/FGMKb+tLuM1I/TRn4lgKn
DqjXoKcXl44yNAhFS0VdedknNrx0okGTPBiCviSDbuqArzpGLkVcm11jo2uBhIrz
1pS2oWuMGqmcSlb8jDqMpNyBoPJzzggeKTTXVxsDyQudIJDRgkHw7CNtjQIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFCdIVLEQiLCcagQ0VqMFEVcw+uF+MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvSjBoVXNSQ0lzSnhxQkRSV293VVJWekQ2NFg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG2BggrBgEFBQcBBwEB/wSBpjCBozCBkQQCAAEwgYoDBAJV
hYAwDAMEAFWFhQMEAlWFiDAMAwQAVYWNAwQAVYWYMAwDBAFVhZoDBAVVhYAwDAME
AlWFpAMEAFWFwAMEAFWFxzAMAwQAVYXPAwQBVYXUAwQAVYXXAwQBVYXeAwQAVYXi
MAwDBABVhecDBABVhegDBABVhesDBABVhfQDBABVhfsDBAFVhf4wDQQCAAIwBwMF
AyoEh8AwDQYJKoZIhvcNAQELBQADggEBAE5bnwQNby+q9o6A4Uvzi1puCFdbfffQ
w6z1c+AbA3KVmk3gJW7154TZgOACwANiDaYue1WOo8K8ks/6ypXi7nM956CS0r6k
2THB5kG77GFtfu6oz7MsDZ5I0ZY1SY+tICdXnVyjn07S6tnjap3fJ7g+bHvQIs7a
zKdVbGsLxPFFLSN5zvHuZn7JV0ObHDHClq3OarH3jMRBSEA7n2+cGB6EkOrCQxQq
0bxgrZ1b7S/hHrQ4b6KODxIyLg+3K1GUq74NkSJ2t2iBOzZUHe/c330kolXGSv9N
2gcTJkNNhXnpYUiQ4iewkt+zbh8PdOVQfQOjtalKTie+hgxkZsM1IL0=
-----END CERTIFICATE-----
Generated at Sun Mar 1 20:05:42 2026 by rpki-client