Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/vjp69wI-uf-qQ3lAEHlJYb3cyoI.roa
File: vjp69wI-uf-qQ3lAEHlJYb3cyoI.roa (raw, json)
Hash identifier: 2takcfm8SJ1IG9E6kF9K6s3hfjJSIwGI+MPRQecw4xM=
Subject key identifier: BE:3A:7A:F7:02:3E:B9:FF:AA:43:79:40:10:79:49:61:BD:DC:CA:82
Certificate issuer: /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial: 019D9701F324B530C7591D6644339AA3B5D3
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/vjp69wI-uf-qQ3lAEHlJYb3cyoI.roa
Signing time: Thu 16 Apr 2026 15:56:20 +0000
ROA not before: Thu 16 Apr 2026 15:56:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 39074
IP address blocks: 85.133.128.0/22 maxlen: 22
85.133.128.0/24 maxlen: 24
85.133.129.0/24 maxlen: 24
85.133.130.0/24 maxlen: 24
85.133.131.0/24 maxlen: 24
85.133.132.0/24 maxlen: 24
85.133.133.0/24 maxlen: 24
85.133.134.0/24 maxlen: 24
85.133.135.0/24 maxlen: 24
85.133.136.0/24 maxlen: 24
85.133.137.0/24 maxlen: 24
85.133.138.0/24 maxlen: 24
85.133.139.0/24 maxlen: 24
85.133.141.0/24 maxlen: 24
85.133.142.0/24 maxlen: 24
85.133.143.0/24 maxlen: 24
85.133.144.0/24 maxlen: 24
85.133.145.0/24 maxlen: 24
85.133.146.0/24 maxlen: 24
85.133.147.0/24 maxlen: 24
85.133.148.0/24 maxlen: 24
85.133.149.0/24 maxlen: 24
85.133.150.0/24 maxlen: 24
85.133.151.0/24 maxlen: 24
85.133.152.0/24 maxlen: 24
85.133.154.0/24 maxlen: 24
85.133.155.0/24 maxlen: 24
85.133.156.0/24 maxlen: 24
85.133.157.0/24 maxlen: 24
85.133.158.0/24 maxlen: 24
85.133.159.0/24 maxlen: 24
85.133.164.0/24 maxlen: 24
85.133.165.0/24 maxlen: 24
85.133.166.0/24 maxlen: 24
85.133.167.0/24 maxlen: 24
85.133.168.0/22 maxlen: 24
85.133.168.0/24 maxlen: 24
85.133.171.0/24 maxlen: 24
85.133.172.0/22 maxlen: 24
85.133.172.0/24 maxlen: 24
85.133.173.0/24 maxlen: 24
85.133.175.0/24 maxlen: 24
85.133.176.0/22 maxlen: 24
85.133.176.0/24 maxlen: 24
85.133.177.0/24 maxlen: 24
85.133.178.0/24 maxlen: 24
85.133.179.0/24 maxlen: 24
85.133.180.0/22 maxlen: 24
85.133.180.0/24 maxlen: 24
85.133.181.0/24 maxlen: 24
85.133.182.0/24 maxlen: 24
85.133.183.0/24 maxlen: 24
85.133.184.0/22 maxlen: 24
85.133.184.0/24 maxlen: 24
85.133.185.0/24 maxlen: 24
85.133.186.0/24 maxlen: 24
85.133.187.0/24 maxlen: 24
85.133.188.0/22 maxlen: 22
85.133.188.0/24 maxlen: 24
85.133.189.0/24 maxlen: 24
85.133.190.0/24 maxlen: 24
85.133.191.0/24 maxlen: 24
85.133.192.0/24 maxlen: 24
85.133.194.0/24 maxlen: 24
85.133.196.0/24 maxlen: 24
85.133.197.0/24 maxlen: 24
85.133.199.0/24 maxlen: 24
85.133.201.0/24 maxlen: 24
85.133.203.0/24 maxlen: 24
85.133.204.0/24 maxlen: 24
85.133.207.0/24 maxlen: 24
85.133.208.0/24 maxlen: 24
85.133.209.0/24 maxlen: 24
85.133.210.0/23 maxlen: 24
85.133.210.0/24 maxlen: 24
85.133.211.0/24 maxlen: 24
85.133.212.0/24 maxlen: 24
85.133.213.0/24 maxlen: 24
85.133.214.0/24 maxlen: 24
85.133.215.0/24 maxlen: 24
85.133.216.0/24 maxlen: 24
85.133.218.0/24 maxlen: 24
85.133.219.0/24 maxlen: 24
85.133.222.0/24 maxlen: 24
85.133.223.0/24 maxlen: 24
85.133.224.0/24 maxlen: 24
85.133.226.0/24 maxlen: 24
85.133.228.0/24 maxlen: 24
85.133.231.0/24 maxlen: 24
85.133.232.0/24 maxlen: 24
85.133.234.0/24 maxlen: 24
85.133.235.0/24 maxlen: 24
85.133.236.0/24 maxlen: 24
85.133.237.0/24 maxlen: 24
85.133.238.0/24 maxlen: 24
85.133.241.0/24 maxlen: 24
85.133.244.0/24 maxlen: 24
85.133.246.0/24 maxlen: 24
85.133.247.0/24 maxlen: 24
85.133.251.0/24 maxlen: 24
85.133.253.0/24 maxlen: 24
85.133.255.0/24 maxlen: 24
2a04:87c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:97:01:f3:24:b5:30:c7:59:1d:66:44:33:9a:a3:b5:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Validity
Not Before: Apr 16 15:56:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=be3a7af7023eb9ffaa43794010794961bddcca82
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:29:88:73:28:05:27:26:2e:20:8a:58:30:11:
43:6a:21:68:a5:bf:82:3f:0d:34:9d:34:44:f6:48:
2c:92:d7:34:98:07:b5:3a:3e:a0:7b:08:0f:9d:6f:
f9:8b:39:5c:bb:88:ad:bb:ed:36:29:9c:12:38:a2:
15:c3:bb:a8:ef:48:58:b2:44:20:09:04:f6:21:44:
06:1c:04:5d:99:d7:18:4e:50:16:0c:85:b7:4e:b0:
53:f4:a9:4e:a6:77:ba:ba:b9:d1:e8:a8:d1:c4:19:
26:a8:9e:3d:84:59:4a:7f:40:9f:62:a7:b8:ed:0d:
73:0e:fc:b3:07:65:0a:85:98:fb:fe:51:fc:00:51:
8a:8a:f3:e1:e9:ec:1e:30:2a:0d:ac:fc:ca:4a:7d:
dc:5a:65:98:f0:39:e7:4d:e9:99:15:af:2d:ce:0b:
f2:1c:0f:83:40:82:d7:b6:23:eb:21:9a:54:81:0f:
92:cc:d5:8e:ab:dc:60:4d:3a:60:6b:32:8c:09:38:
a1:44:fc:10:d7:d7:4a:9a:ce:93:bd:65:a4:aa:68:
e8:2b:4d:ce:99:d6:1f:11:d0:a0:40:2c:0b:b0:b1:
46:cc:13:7c:48:1e:9b:27:81:f4:94:46:b6:b0:b7:
e9:9d:87:84:a4:04:74:60:d8:1f:a6:2a:0c:3d:60:
79:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:3A:7A:F7:02:3E:B9:FF:AA:43:79:40:10:79:49:61:BD:DC:CA:82
X509v3 Authority Key Identifier:
keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/vjp69wI-uf-qQ3lAEHlJYb3cyoI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.133.128.0-85.133.139.255
85.133.141.0-85.133.152.255
85.133.154.0-85.133.159.255
85.133.164.0-85.133.192.255
85.133.194.0/24
85.133.196.0/23
85.133.199.0/24
85.133.201.0/24
85.133.203.0-85.133.204.255
85.133.207.0-85.133.216.255
85.133.218.0/23
85.133.222.0-85.133.224.255
85.133.226.0/24
85.133.228.0/24
85.133.231.0-85.133.232.255
85.133.234.0-85.133.238.255
85.133.241.0/24
85.133.244.0/24
85.133.246.0/23
85.133.251.0/24
85.133.253.0/24
85.133.255.0/24
IPv6:
2a04:87c0::/29
Signature Algorithm: sha256WithRSAEncryption
78:25:ce:59:01:79:ff:3f:30:6b:66:44:f1:99:57:67:2a:21:
83:18:f5:2e:7e:51:bd:72:94:ed:14:63:1c:52:e8:b5:55:9a:
5a:26:9b:cc:56:6a:c6:be:ba:32:d7:c2:e4:79:49:07:92:1f:
93:3b:1b:27:49:d3:76:f0:c7:61:e2:ad:bc:4d:bf:36:93:d7:
dc:b5:db:af:6e:54:7a:af:80:e2:27:36:86:90:3a:97:63:fb:
35:97:df:3e:82:c7:ac:2c:48:6c:b0:95:8b:8f:3c:94:9a:ab:
cc:6c:28:09:3c:85:f9:b5:49:d2:b5:77:d3:74:4d:e1:07:47:
e6:8c:b5:40:f6:cc:c7:36:b6:c9:5b:03:eb:95:75:4e:96:fe:
bf:f5:d2:14:3d:d5:e8:5a:1d:bb:88:bc:68:30:24:63:74:da:
1b:5e:63:7e:0a:4e:f7:07:79:fd:dc:4f:71:07:4c:2f:57:cc:
1e:fa:0d:c5:1d:80:d7:9f:7d:68:0c:0b:1a:ad:04:ff:47:18:
22:9e:11:66:1e:b3:7a:a5:dd:43:3b:16:05:1d:11:3a:39:62:
74:fb:2a:e1:5b:2e:ce:5b:32:c0:2b:86:ac:40:bc:02:a6:92:
46:8a:79:52:1f:1e:12:69:4e:38:98:52:91:4e:81:e2:5e:dc:
74:f3:59:dc
-----BEGIN CERTIFICATE-----
MIIF1zCCBL+gAwIBAgISAZ2XAfMktTDHWR1mRDOao7XTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwNDE2MTU1NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTNhN2FmNzAyM2ViOWZmYWE0Mzc5NDAxMDc5NDk2MWJkZGNjYTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCmIcygFJyYuIIpYMBFDaiFopb+C
Pw00nTRE9kgsktc0mAe1Oj6gewgPnW/5izlcu4itu+02KZwSOKIVw7uo70hYskQg
CQT2IUQGHARdmdcYTlAWDIW3TrBT9KlOpne6urnR6KjRxBkmqJ49hFlKf0CfYqe4
7Q1zDvyzB2UKhZj7/lH8AFGKivPh6eweMCoNrPzKSn3cWmWY8DnnTemZFa8tzgvy
HA+DQILXtiPrIZpUgQ+SzNWOq9xgTTpgazKMCTihRPwQ19dKms6TvWWkqmjoK03O
mdYfEdCgQCwLsLFGzBN8SB6bJ4H0lEa2sLfpnYeEpAR0YNgfpioMPWB5cwIDAQAB
o4IC4zCCAt8wHQYDVR0OBBYEFL46evcCPrn/qkN5QBB5SWG93MqCMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvdmpwNjl3SS11Zi1xUTNsQUVIbEpZYjNjeW9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH4BggrBgEFBQcBBwEB/wSB6DCB5TCB0wQCAAEwgcwwDAME
B1WFgAMEAlWFiDAMAwQAVYWNAwQAVYWYMAwDBAFVhZoDBAVVhYAwDAMEAlWFpAME
AFWFwAMEAFWFwgMEAVWFxAMEAFWFxwMEAFWFyTAMAwQAVYXLAwQAVYXMMAwDBABV
hc8DBABVhdgDBAFVhdowDAMEAVWF3gMEAFWF4AMEAFWF4gMEAFWF5DAMAwQAVYXn
AwQAVYXoMAwDBAFVheoDBABVhe4DBABVhfEDBABVhfQDBAFVhfYDBABVhfsDBABV
hf0DBABVhf8wDQQCAAIwBwMFAyoEh8AwDQYJKoZIhvcNAQELBQADggEBAHglzlkB
ef8/MGtmRPGZV2cqIYMY9S5+Ub1ylO0UYxxS6LVVmlomm8xWasa+ujLXwuR5SQeS
H5M7GydJ03bwx2HirbxNvzaT19y1269uVHqvgOInNoaQOpdj+zWX3z6Cx6wsSGyw
lYuPPJSaq8xsKAk8hfm1SdK1d9N0TeEHR+aMtUD2zMc2tslbA+uVdU6W/r/10hQ9
1ehaHbuIvGgwJGN02hteY34KTvcHef3cT3EHTC9XzB76DcUdgNeffWgMCxqtBP9H
GCKeEWYes3ql3UM7FgUdETo5YnT7KuFbLs5bMsArhqxAvAKmkkaKeVIfHhJpTjiY
UpFOgeJe3HTzWdw=
-----END CERTIFICATE-----
Generated at Fri Apr 17 16:37:25 2026 by rpki-client