Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS209737.roa
File: AS209737.roa (raw, json)
Hash identifier: QAXZJaEg+TvYjytuyG5KolsV5+ReTtDQGoAiawRV2MM=
Subject key identifier: 7C:D6:FF:DA:ED:5D:B9:2D:EF:0E:27:68:4F:FB:85:E2:83:AE:CF:E9
Certificate issuer: /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial: 0F359A161725B99FEFD40717F203F1119D829FA0
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS209737.roa
Signing time: Wed 18 Feb 2026 12:01:37 +0000
ROA not before: Wed 18 Feb 2026 11:56:37 +0000
ROA not after: Wed 17 Feb 2027 12:01:37 +0000
asID: 209737
IP address blocks: 5.133.101.0/24 maxlen: 24
31.40.197.0/24 maxlen: 24
31.40.205.0/24 maxlen: 24
85.235.73.0/24 maxlen: 24
85.235.74.0/24 maxlen: 24
92.249.62.0/24 maxlen: 24
176.96.128.0/24 maxlen: 24
193.111.76.0/24 maxlen: 24
193.111.79.0/24 maxlen: 24
217.18.208.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0f:35:9a:16:17:25:b9:9f:ef:d4:07:17:f2:03:f1:11:9d:82:9f:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Validity
Not Before: Feb 18 11:56:37 2026 GMT
Not After : Feb 17 12:01:37 2027 GMT
Subject: CN=7CD6FFDAED5DB92DEF0E27684FFB85E283AECFE9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:66:60:da:c5:60:ca:50:d5:d6:36:ab:9c:09:
31:ab:fe:35:e3:63:b9:47:43:fa:49:38:23:da:11:
ea:ee:01:04:11:cf:56:3d:51:88:29:2e:1d:c8:40:
0e:47:f7:df:c0:41:f8:23:6e:84:1a:26:9f:d5:91:
40:c1:0f:b4:67:6c:94:2d:d2:fb:8f:97:11:f2:f2:
65:fc:10:9a:8c:82:6f:d3:78:99:26:6c:e2:af:ff:
43:98:5f:3d:34:f3:2d:08:03:c1:d2:de:aa:8a:22:
0a:2e:6b:3b:21:e2:e0:9d:f8:7e:23:11:db:91:14:
a8:3d:53:72:03:5d:ea:4b:e8:55:bc:eb:fb:28:32:
5f:04:14:18:75:70:02:34:4f:17:a6:c2:c4:28:11:
a4:9a:7f:52:f9:80:c5:1a:dd:36:6e:5b:e3:11:d3:
45:0d:95:50:05:19:12:5f:f1:4a:f5:e8:26:bd:fe:
0f:a1:64:4f:d8:85:93:35:c8:41:25:03:bd:db:d2:
b8:d4:c2:07:4d:2b:88:ee:4a:8e:1c:76:82:02:bd:
48:c7:7a:39:ee:58:60:59:1b:a5:38:37:29:9a:36:
05:c8:3e:18:f7:7f:42:8f:79:a6:82:5d:23:a7:4f:
96:bf:a2:9c:41:ec:67:5c:97:96:17:e3:d1:21:3c:
b1:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:D6:FF:DA:ED:5D:B9:2D:EF:0E:27:68:4F:FB:85:E2:83:AE:CF:E9
X509v3 Authority Key Identifier:
keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS209737.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.133.101.0/24
31.40.197.0/24
31.40.205.0/24
85.235.73.0-85.235.74.255
92.249.62.0/24
176.96.128.0/24
193.111.76.0/24
193.111.79.0/24
217.18.208.0/24
Signature Algorithm: sha256WithRSAEncryption
e7:9a:0f:63:27:a5:91:83:b7:3f:eb:72:d4:5e:f5:d7:0d:de:
19:ec:2a:ec:fc:2b:eb:12:11:75:63:15:2c:ba:79:ee:67:92:
3a:80:d1:49:5c:87:dc:74:1f:e8:34:bd:23:ab:3d:c8:b4:b3:
47:53:40:aa:ba:29:69:4a:cc:7d:55:8f:f8:ef:7f:3f:67:63:
7d:da:ab:18:4e:b3:b1:7f:00:15:30:70:36:93:f6:3b:5f:6f:
9f:9c:a4:b8:49:be:3f:e1:70:52:20:14:36:d4:1f:dd:e6:cd:
98:02:2b:dc:dd:2a:d0:57:b9:d9:39:a5:e0:b4:e9:d5:e2:eb:
3f:29:8e:b3:a1:f1:e5:6b:ff:08:35:28:a2:ac:02:74:fa:c1:
e4:6d:75:77:3a:f3:de:33:07:f2:31:17:11:4a:49:00:93:dd:
d5:c9:25:c9:d5:e1:01:fe:18:d6:23:a2:f9:b2:c3:1d:37:86:
6a:c2:48:3b:82:0c:71:e0:be:cb:a7:96:3a:03:85:29:1e:cf:
2e:ec:36:24:a4:c7:f3:e5:41:2f:15:91:93:11:7a:eb:d5:7c:
59:d0:ca:69:e5:3d:99:be:42:fd:ab:ba:ed:e9:bb:dd:af:f7:
94:d1:eb:20:f7:d2:95:d5:0d:2d:89:e4:70:12:f4:59:f1:74:
91:db:5e:d3
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgIUDzWaFhcluZ/v1AcX8gPxEZ2Cn6AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjAyMTgxMTU2MzdaFw0yNzAyMTcxMjAxMzdaMDMxMTAvBgNV
BAMTKDdDRDZGRkRBRUQ1REI5MkRFRjBFMjc2ODRGRkI4NUUyODNBRUNGRTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuZmDaxWDKUNXWNqucCTGr/jXj
Y7lHQ/pJOCPaEeruAQQRz1Y9UYgpLh3IQA5H99/AQfgjboQaJp/VkUDBD7RnbJQt
0vuPlxHy8mX8EJqMgm/TeJkmbOKv/0OYXz008y0IA8HS3qqKIgouazsh4uCd+H4j
EduRFKg9U3IDXepL6FW86/soMl8EFBh1cAI0TxemwsQoEaSaf1L5gMUa3TZuW+MR
00UNlVAFGRJf8Ur16Ca9/g+hZE/YhZM1yEElA73b0rjUwgdNK4juSo4cdoICvUjH
ejnuWGBZG6U4NymaNgXIPhj3f0KPeaaCXSOnT5a/opxB7Gdcl5YX49EhPLHZAgMB
AAGjggJCMIICPjAdBgNVHQ4EFgQUfNb/2u1duS3vDidoT/uF4oOuz+kwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMjA5NzM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQABYVl
AwQAHyjFAwQAHyjNMAwDBABV60kDBABV60oDBABc+T4DBACwYIADBADBb0wDBADB
b08DBADZEtAwDQYJKoZIhvcNAQELBQADggEBAOeaD2MnpZGDtz/rctRe9dcN3hns
Kuz8K+sSEXVjFSy6ee5nkjqA0Ulch9x0H+g0vSOrPci0s0dTQKq6KWlKzH1Vj/jv
fz9nY33aqxhOs7F/ABUwcDaT9jtfb5+cpLhJvj/hcFIgFDbUH93mzZgCK9zdKtBX
udk5peC06dXi6z8pjrOh8eVr/wg1KKKsAnT6weRtdXc6894zB/IxFxFKSQCT3dXJ
JcnV4QH+GNYjovmywx03hmrCSDuCDHHgvsunljoDhSkezy7sNiSkx/PlQS8VkZMR
euvVfFnQymnlPZm+Qv2ruu3pu92v95TR6yD30pXVDS2J5HAS9FnxdJHbXtM=
-----END CERTIFICATE-----
Generated at Mon Mar 2 09:35:09 2026 by rpki-client