Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/XJ123o6tZlSfzKNNo89Uqq3cEoc.roa
File: XJ123o6tZlSfzKNNo89Uqq3cEoc.roa (raw, json)
Hash identifier: DDNQsDmpGvCIwHRzgWySzrbyMPFC2+Bkq7hUOsilKCE=
Subject key identifier: 5C:9D:76:DE:8E:AD:66:54:9F:CC:A3:4D:A3:CF:54:AA:AD:DC:12:87
Certificate issuer: /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial: 01972B87E29B42025D1FB1B856190FDDFD42
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/XJ123o6tZlSfzKNNo89Uqq3cEoc.roa
Signing time: Sun 01 Jun 2025 12:46:54 +0000
ROA not before: Sun 01 Jun 2025 12:46:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211056
IP address blocks: 85.133.193.0/24 maxlen: 24
85.133.214.0/24 maxlen: 24
85.133.216.0/24 maxlen: 24
85.133.234.0/24 maxlen: 24
85.133.236.0/24 maxlen: 24
85.133.237.0/24 maxlen: 24
85.133.253.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 03:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:2b:87:e2:9b:42:02:5d:1f:b1:b8:56:19:0f:dd:fd:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Validity
Not Before: Jun 1 12:46:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5c9d76de8ead66549fcca34da3cf54aaaddc1287
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:f5:8c:b7:8f:f1:33:76:66:11:ed:da:d9:13:
e9:ae:78:cf:4a:96:40:14:56:e7:2e:11:4d:3e:f4:
e3:64:12:12:39:da:cd:5d:0f:85:95:15:e9:db:37:
df:62:9d:83:f9:f3:1a:2a:81:10:e6:8f:8f:af:7d:
b9:34:fb:55:dd:f2:8b:55:d7:42:e2:9b:09:f8:a2:
fd:e7:d3:76:3e:71:60:f2:ee:cd:be:73:d6:4e:82:
53:3e:68:c9:81:16:e1:f6:a0:73:2a:43:cd:be:4b:
71:64:fa:d1:0d:8e:14:5b:d5:54:90:82:f1:74:44:
d1:9a:61:c3:0d:96:b0:00:77:86:5c:67:2f:80:1d:
15:73:3b:e9:48:a6:7b:87:55:60:cf:26:b7:bf:81:
cb:10:9c:0b:9a:ce:ce:19:bb:6f:1d:53:3c:0b:9c:
13:30:fb:dd:8c:b1:bd:39:8f:7c:37:6b:90:9c:b9:
3f:b9:df:f9:fc:e4:07:92:fe:64:b8:60:c2:ae:e7:
00:13:04:1f:27:f5:33:2c:2d:1e:b7:bb:77:7b:aa:
ff:7e:4e:67:58:bc:bb:fd:d4:b3:69:6e:d1:6a:b7:
a2:2d:37:21:ba:09:33:ac:ca:f7:91:50:47:3d:02:
2c:79:d0:6f:0b:12:b4:25:29:4d:61:b7:c9:e2:77:
48:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:9D:76:DE:8E:AD:66:54:9F:CC:A3:4D:A3:CF:54:AA:AD:DC:12:87
X509v3 Authority Key Identifier:
keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/XJ123o6tZlSfzKNNo89Uqq3cEoc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.133.193.0/24
85.133.214.0/24
85.133.216.0/24
85.133.234.0/24
85.133.236.0/23
85.133.253.0/24
Signature Algorithm: sha256WithRSAEncryption
0b:62:fe:11:d0:d3:63:d1:98:8d:1d:92:39:60:e3:4a:2b:97:
09:c0:1c:6d:97:a0:ff:0c:33:38:b7:dd:9e:5c:81:14:8f:d6:
18:0d:40:ed:e4:e6:0b:a3:71:10:5f:6b:60:cd:eb:06:43:ed:
4e:ea:b8:c4:c3:34:20:3d:8c:46:1f:9d:0a:3a:de:b0:f8:18:
8e:ea:c4:1e:84:23:9f:3f:7e:92:27:88:f0:1d:b1:01:cd:34:
ba:ad:3b:61:e3:a0:d1:05:f2:ef:e0:b4:80:a2:d8:0f:63:45:
35:a2:13:a7:1d:1f:70:40:53:c3:df:23:9b:d6:e0:64:7d:3f:
bc:38:92:fe:dc:d5:aa:d9:06:3b:e3:06:61:94:1f:9d:ab:46:
c9:7e:ae:bc:a8:42:b5:46:d3:ba:cf:f6:81:7e:6c:71:d7:79:
37:41:13:fe:ae:85:f0:99:44:0b:ea:10:40:85:d8:14:10:59:
46:71:d3:c8:a7:bd:34:8c:1b:99:7e:a5:63:50:0c:38:cb:54:
7c:31:24:87:d8:bf:31:0e:6f:79:f8:4e:a3:a6:09:6c:f2:fa:
5a:27:8b:62:71:b8:34:5f:7d:10:1b:59:62:c9:82:bb:db:5d:
5a:19:38:af:2f:b8:5e:31:c6:54:3d:56:f6:ba:6f:29:0a:66:
4b:e2:35:91
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZcrh+KbQgJdH7G4VhkP3f1CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwNjAxMTI0NjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzlkNzZkZThlYWQ2NjU0OWZjY2EzNGRhM2NmNTRhYWFkZGMxMjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PWMt4/xM3ZmEe3a2RPprnjPSpZA
FFbnLhFNPvTjZBISOdrNXQ+FlRXp2zffYp2D+fMaKoEQ5o+Pr325NPtV3fKLVddC
4psJ+KL959N2PnFg8u7NvnPWToJTPmjJgRbh9qBzKkPNvktxZPrRDY4UW9VUkILx
dETRmmHDDZawAHeGXGcvgB0VczvpSKZ7h1Vgzya3v4HLEJwLms7OGbtvHVM8C5wT
MPvdjLG9OY98N2uQnLk/ud/5/OQHkv5kuGDCrucAEwQfJ/UzLC0et7t3e6r/fk5n
WLy7/dSzaW7RareiLTchugkzrMr3kVBHPQIsedBvCxK0JSlNYbfJ4ndI4wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFFyddt6OrWZUn8yjTaPPVKqt3BKHMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvWEoxMjNvNnRabFNmektOTm84OVVxcTNjRW9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAVYXBAwQA
VYXWAwQAVYXYAwQAVYXqAwQBVYXsAwQAVYX9MA0GCSqGSIb3DQEBCwUAA4IBAQAL
Yv4R0NNj0ZiNHZI5YONKK5cJwBxtl6D/DDM4t92eXIEUj9YYDUDt5OYLo3EQX2tg
zesGQ+1O6rjEwzQgPYxGH50KOt6w+BiO6sQehCOfP36SJ4jwHbEBzTS6rTth46DR
BfLv4LSAotgPY0U1ohOnHR9wQFPD3yOb1uBkfT+8OJL+3NWq2QY74wZhlB+dq0bJ
fq68qEK1RtO6z/aBfmxx13k3QRP+roXwmUQL6hBAhdgUEFlGcdPIp700jBuZfqVj
UAw4y1R8MSSH2L8xDm95+E6jpgls8vpaJ4ticbg0X30QG1liyYK7211aGTivL7he
McZUPVb2um8pCmZL4jWR
-----END CERTIFICATE-----
Generated at Sun Jun 8 13:46:06 2025 by rpki-client