Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/qefifCfsjBjOpKdBzPc3xkN2Mz8.roa
File: qefifCfsjBjOpKdBzPc3xkN2Mz8.roa (raw, json)
Hash identifier: wHCietdRU6Rwvqkj5TECYFlUlpBy/cOV7Tv62CiYpaw=
Subject key identifier: A9:E7:E2:7C:27:EC:8C:18:CE:A4:A7:41:CC:F7:37:C6:43:76:33:3F
Certificate issuer: /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial: 019A53C8D9FF513D16C4246EF20ADB5E8A77
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/qefifCfsjBjOpKdBzPc3xkN2Mz8.roa
Signing time: Wed 05 Nov 2025 11:31:03 +0000
ROA not before: Wed 05 Nov 2025 11:31:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39074
IP address blocks: 85.133.128.0/22 maxlen: 22
85.133.128.0/24 maxlen: 24
85.133.129.0/24 maxlen: 24
85.133.130.0/24 maxlen: 24
85.133.131.0/24 maxlen: 24
85.133.132.0/24 maxlen: 24
85.133.133.0/24 maxlen: 24
85.133.134.0/24 maxlen: 24
85.133.135.0/24 maxlen: 24
85.133.136.0/24 maxlen: 24
85.133.137.0/24 maxlen: 24
85.133.138.0/24 maxlen: 24
85.133.139.0/24 maxlen: 24
85.133.140.0/22 maxlen: 22
85.133.140.0/24 maxlen: 24
85.133.141.0/24 maxlen: 24
85.133.142.0/24 maxlen: 24
85.133.143.0/24 maxlen: 24
85.133.144.0/24 maxlen: 24
85.133.145.0/24 maxlen: 24
85.133.146.0/24 maxlen: 24
85.133.147.0/24 maxlen: 24
85.133.148.0/24 maxlen: 24
85.133.149.0/24 maxlen: 24
85.133.150.0/24 maxlen: 24
85.133.151.0/24 maxlen: 24
85.133.152.0/24 maxlen: 24
85.133.154.0/24 maxlen: 24
85.133.155.0/24 maxlen: 24
85.133.156.0/24 maxlen: 24
85.133.157.0/24 maxlen: 24
85.133.158.0/24 maxlen: 24
85.133.159.0/24 maxlen: 24
85.133.164.0/24 maxlen: 24
85.133.165.0/24 maxlen: 24
85.133.166.0/24 maxlen: 24
85.133.167.0/24 maxlen: 24
85.133.168.0/22 maxlen: 24
85.133.168.0/24 maxlen: 24
85.133.171.0/24 maxlen: 24
85.133.172.0/22 maxlen: 24
85.133.172.0/24 maxlen: 24
85.133.173.0/24 maxlen: 24
85.133.175.0/24 maxlen: 24
85.133.176.0/22 maxlen: 24
85.133.176.0/24 maxlen: 24
85.133.177.0/24 maxlen: 24
85.133.178.0/24 maxlen: 24
85.133.179.0/24 maxlen: 24
85.133.180.0/22 maxlen: 24
85.133.180.0/24 maxlen: 24
85.133.181.0/24 maxlen: 24
85.133.182.0/24 maxlen: 24
85.133.183.0/24 maxlen: 24
85.133.184.0/22 maxlen: 24
85.133.184.0/24 maxlen: 24
85.133.185.0/24 maxlen: 24
85.133.186.0/24 maxlen: 24
85.133.187.0/24 maxlen: 24
85.133.188.0/22 maxlen: 22
85.133.188.0/24 maxlen: 24
85.133.189.0/24 maxlen: 24
85.133.190.0/24 maxlen: 24
85.133.191.0/24 maxlen: 24
85.133.192.0/24 maxlen: 24
85.133.207.0/24 maxlen: 24
85.133.209.0/24 maxlen: 24
85.133.210.0/23 maxlen: 24
85.133.210.0/24 maxlen: 24
85.133.211.0/24 maxlen: 24
85.133.212.0/24 maxlen: 24
85.133.213.0/24 maxlen: 24
85.133.215.0/24 maxlen: 24
85.133.222.0/24 maxlen: 24
85.133.223.0/24 maxlen: 24
85.133.226.0/24 maxlen: 24
85.133.231.0/24 maxlen: 24
85.133.232.0/24 maxlen: 24
85.133.235.0/24 maxlen: 24
85.133.239.0/24 maxlen: 24
85.133.244.0/24 maxlen: 24
85.133.251.0/24 maxlen: 24
85.133.255.0/24 maxlen: 24
2a04:87c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 11:31:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:53:c8:d9:ff:51:3d:16:c4:24:6e:f2:0a:db:5e:8a:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Validity
Not Before: Nov 5 11:31:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a9e7e27c27ec8c18cea4a741ccf737c64376333f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:da:e1:d5:83:66:29:7c:c8:ef:72:23:fa:dd:
77:40:ff:87:49:c8:78:54:e8:dc:3f:a7:50:44:af:
36:8f:49:7f:01:70:1e:5a:d6:02:de:05:50:00:3a:
8a:e1:23:06:fd:5c:41:51:f8:7a:53:f2:2f:ae:94:
90:33:87:87:c9:b8:c8:5f:30:4d:2d:03:cb:01:48:
eb:2d:d7:81:60:d2:ed:ef:a4:94:f6:a4:b1:8d:69:
50:ba:b3:c1:7f:fd:7b:77:fd:a9:31:0a:58:38:2e:
31:fe:87:b2:16:1f:75:66:3a:10:93:5d:94:ef:96:
4f:a3:d5:8e:18:e4:b0:4c:9a:9f:6e:8c:9a:ce:c6:
ad:f0:b1:e9:d4:66:5f:d7:52:a6:11:e0:ce:76:ea:
d1:54:af:2e:b8:d4:c9:61:78:69:75:a0:ff:b1:d3:
55:3d:e9:9e:28:68:7e:3c:da:d3:14:dc:fc:73:8e:
69:44:9d:09:34:f7:71:b7:ff:3a:2f:05:ec:dd:d2:
47:69:05:d6:c6:e4:5a:b2:48:c0:f7:44:14:02:2e:
30:4c:db:16:d4:ca:da:71:fa:96:95:34:89:51:29:
45:b0:9f:8c:1f:6a:fb:26:0a:0d:d5:57:6e:b5:89:
83:6a:7e:83:69:de:88:cd:09:7e:0f:98:af:59:c4:
b5:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:E7:E2:7C:27:EC:8C:18:CE:A4:A7:41:CC:F7:37:C6:43:76:33:3F
X509v3 Authority Key Identifier:
keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/qefifCfsjBjOpKdBzPc3xkN2Mz8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.133.128.0-85.133.152.255
85.133.154.0-85.133.159.255
85.133.164.0-85.133.192.255
85.133.207.0/24
85.133.209.0-85.133.213.255
85.133.215.0/24
85.133.222.0/23
85.133.226.0/24
85.133.231.0-85.133.232.255
85.133.235.0/24
85.133.239.0/24
85.133.244.0/24
85.133.251.0/24
85.133.255.0/24
IPv6:
2a04:87c0::/29
Signature Algorithm: sha256WithRSAEncryption
0e:1c:4b:08:39:72:b9:8e:ca:72:69:6e:34:c8:b9:99:16:f5:
06:8f:7c:ac:e4:eb:97:e9:32:94:e3:84:6a:de:1e:ea:a9:25:
53:e8:30:a8:a1:44:d7:ac:73:13:7b:9b:56:32:94:0d:e9:d8:
d7:0f:56:82:b4:88:b0:11:ab:e2:ac:9f:4c:9b:3a:f9:19:f7:
48:54:e6:ba:9f:ca:b1:7d:b8:d3:7e:25:f2:9a:08:a5:86:45:
d4:73:08:d4:1c:b0:69:94:8d:a0:e7:6a:2d:0a:37:f6:78:a6:
dc:d3:58:a7:8b:23:23:50:f6:1e:39:a9:fa:83:36:bf:76:64:
0f:c7:3d:e5:b9:6d:e0:9c:fe:4f:73:75:45:2d:65:ba:7c:d1:
55:93:95:4c:dc:00:9c:db:7e:41:3e:ea:c9:a4:00:8a:3e:4c:
0e:12:50:e6:08:a5:12:a0:be:7e:32:87:eb:c4:a7:5d:9b:73:
4f:b9:d7:c9:a0:94:02:6b:ef:04:32:e4:5e:99:49:98:79:30:
22:ff:ca:5a:64:7b:f5:ce:54:b1:05:e1:e6:41:57:9d:79:47:
fb:fa:d9:90:2e:e6:9b:59:85:06:30:b9:92:93:0e:61:fa:03:
42:07:5e:a4:b6:79:82:77:eb:57:9d:16:a6:5f:a2:10:81:39:
75:58:3a:ff
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAZpTyNn/UT0WxCRu8grbXop3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUxMTA1MTEzMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWU3ZTI3YzI3ZWM4YzE4Y2VhNGE3NDFjY2Y3MzdjNjQzNzYzMzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldrh1YNmKXzI73Ij+t13QP+HSch4
VOjcP6dQRK82j0l/AXAeWtYC3gVQADqK4SMG/VxBUfh6U/IvrpSQM4eHybjIXzBN
LQPLAUjrLdeBYNLt76SU9qSxjWlQurPBf/17d/2pMQpYOC4x/oeyFh91ZjoQk12U
75ZPo9WOGOSwTJqfboyazsat8LHp1GZf11KmEeDOdurRVK8uuNTJYXhpdaD/sdNV
PemeKGh+PNrTFNz8c45pRJ0JNPdxt/86LwXs3dJHaQXWxuRaskjA90QUAi4wTNsW
1MracfqWlTSJUSlFsJ+MH2r7JgoN1VdutYmDan6Dad6IzQl+D5ivWcS1XQIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFKnn4nwn7IwYzqSnQcz3N8ZDdjM/MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvcWVmaWZDZnNqQmpPcEtkQnpQYzN4a04yTXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGnBggrBgEFBQcBBwEB/wSBlzCBlDCBggQCAAEwfDAMAwQH
VYWAAwQAVYWYMAwDBAFVhZoDBAVVhYAwDAMEAlWFpAMEAFWFwAMEAFWFzzAMAwQA
VYXRAwQBVYXUAwQAVYXXAwQBVYXeAwQAVYXiMAwDBABVhecDBABVhegDBABVhesD
BABVhe8DBABVhfQDBABVhfsDBABVhf8wDQQCAAIwBwMFAyoEh8AwDQYJKoZIhvcN
AQELBQADggEBAA4cSwg5crmOynJpbjTIuZkW9QaPfKzk65fpMpTjhGreHuqpJVPo
MKihRNescxN7m1YylA3p2NcPVoK0iLARq+Ksn0ybOvkZ90hU5rqfyrF9uNN+JfKa
CKWGRdRzCNQcsGmUjaDnai0KN/Z4ptzTWKeLIyNQ9h45qfqDNr92ZA/HPeW5beCc
/k9zdUUtZbp80VWTlUzcAJzbfkE+6smkAIo+TA4SUOYIpRKgvn4yh+vEp12bc0+5
18mglAJr7wQy5F6ZSZh5MCL/ylpke/XOVLEF4eZBV515R/v62ZAu5ptZhQYwuZKT
DmH6A0IHXqS2eYJ361edFqZfohCBOXVYOv8=
-----END CERTIFICATE-----
Generated at Wed Nov 5 18:14:52 2025 by rpki-client