Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209854.roa
File: AS209854.roa (raw, json)
Hash identifier: eU0Y4/F6Jvnqymkj2BSBCh6MkQF9/xxOxj5qnSdLSQw=
Subject key identifier: 96:7C:43:D5:F6:2C:7E:7E:E7:29:9E:84:12:60:90:7C:99:93:7C:0B
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 2E7D039E4AF7CEE55E3271E1A9D9B441AF554F9E
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209854.roa
Signing time: Wed 04 Feb 2026 13:55:36 +0000
ROA not before: Wed 04 Feb 2026 13:50:36 +0000
ROA not after: Wed 03 Feb 2027 13:55:36 +0000
asID: 209854
IP address blocks: 82.21.109.0/24 maxlen: 24
82.21.118.0/24 maxlen: 24
82.21.166.0/24 maxlen: 24
82.21.171.0/24 maxlen: 24
82.21.174.0/24 maxlen: 24
82.21.176.0/24 maxlen: 24
82.21.186.0/24 maxlen: 24
82.21.202.0/24 maxlen: 24
82.21.203.0/24 maxlen: 24
82.21.205.0/24 maxlen: 24
82.23.0.0/24 maxlen: 24
82.23.1.0/24 maxlen: 24
82.23.186.0/24 maxlen: 24
82.23.187.0/24 maxlen: 24
82.24.28.0/24 maxlen: 24
82.24.47.0/24 maxlen: 24
82.26.149.0/24 maxlen: 24
82.26.153.0/24 maxlen: 24
82.26.159.0/24 maxlen: 24
82.26.162.0/24 maxlen: 24
82.26.164.0/24 maxlen: 24
82.26.170.0/24 maxlen: 24
82.26.173.0/24 maxlen: 24
82.26.192.0/24 maxlen: 24
82.26.195.0/24 maxlen: 24
82.26.199.0/24 maxlen: 24
82.29.21.0/24 maxlen: 24
82.29.27.0/24 maxlen: 24
82.29.133.0/24 maxlen: 24
82.29.134.0/24 maxlen: 24
82.29.135.0/24 maxlen: 24
82.29.149.0/24 maxlen: 24
82.29.151.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2e:7d:03:9e:4a:f7:ce:e5:5e:32:71:e1:a9:d9:b4:41:af:55:4f:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Feb 4 13:50:36 2026 GMT
Not After : Feb 3 13:55:36 2027 GMT
Subject: CN=967C43D5F62C7E7EE7299E841260907C99937C0B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:1b:ee:0d:61:5a:71:36:73:16:14:38:85:01:
f2:73:36:c1:d1:fb:51:cf:98:3a:14:b0:5f:d0:2f:
16:1b:08:da:4d:10:77:0f:92:e3:3f:83:cc:ce:98:
e5:03:51:33:1b:db:2f:b9:80:5d:26:b5:ba:21:1e:
73:4d:36:58:29:68:e1:fc:7c:65:26:60:f3:0b:3f:
fe:34:bf:bf:9a:72:91:43:dd:9c:80:cd:10:a8:0e:
26:0c:e8:83:95:bd:75:8b:04:d2:a8:b2:21:d8:2e:
20:12:29:c3:69:38:03:7a:ee:44:51:b8:5d:52:f8:
d7:79:bb:92:c0:1d:f2:73:41:70:91:74:ac:10:f9:
e7:c3:69:91:88:ba:04:e3:a3:c7:cd:97:be:1f:41:
2b:29:c3:2a:a0:ec:17:cd:31:dd:fb:11:77:00:1a:
7a:87:d0:25:31:be:b0:30:4f:6f:99:2a:0c:21:a1:
56:db:75:58:99:cb:07:9e:aa:1a:4b:6a:26:cc:99:
43:9a:34:ef:17:88:c9:82:85:fe:ef:20:a8:f4:3d:
6e:5b:32:be:52:f2:25:29:f0:74:5e:65:3c:fe:33:
2f:3f:37:61:d4:4f:18:0a:06:1d:e7:6a:89:c2:9d:
92:d7:4d:12:b4:1f:25:2b:af:05:62:c5:69:99:63:
27:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:7C:43:D5:F6:2C:7E:7E:E7:29:9E:84:12:60:90:7C:99:93:7C:0B
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209854.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.109.0/24
82.21.118.0/24
82.21.166.0/24
82.21.171.0/24
82.21.174.0/24
82.21.176.0/24
82.21.186.0/24
82.21.202.0/23
82.21.205.0/24
82.23.0.0/23
82.23.186.0/23
82.24.28.0/24
82.24.47.0/24
82.26.149.0/24
82.26.153.0/24
82.26.159.0/24
82.26.162.0/24
82.26.164.0/24
82.26.170.0/24
82.26.173.0/24
82.26.192.0/24
82.26.195.0/24
82.26.199.0/24
82.29.21.0/24
82.29.27.0/24
82.29.133.0-82.29.135.255
82.29.149.0/24
82.29.151.0/24
Signature Algorithm: sha256WithRSAEncryption
74:12:d2:c4:73:6f:35:6a:75:a4:bf:df:ff:12:c5:7c:68:10:
52:3b:f8:fa:64:a2:de:9b:40:27:fe:7c:51:13:a3:fa:e4:94:
48:45:88:48:9a:2d:cc:69:11:99:cf:47:80:68:34:e6:42:a2:
2a:b3:25:db:67:ae:e0:8b:29:ce:48:23:14:5f:96:0b:b5:14:
02:4b:37:7f:73:44:57:25:df:b1:7b:b5:2d:34:6b:5a:50:00:
ea:cc:7f:25:84:94:b1:b9:ba:c6:03:fc:e7:f6:9a:d5:49:1d:
c4:de:7d:9d:2d:73:89:ee:7d:d5:d6:ae:13:6b:4e:24:c7:40:
dc:91:ac:d6:4f:9b:04:78:2a:cb:ad:8d:5c:14:6a:83:20:60:
4f:d8:dc:2d:0a:c6:57:a8:63:09:5d:d0:c4:90:10:35:94:05:
5e:7a:4b:e9:95:60:fe:32:87:6a:7d:ea:93:62:7b:05:5d:5a:
cf:1a:c6:45:65:68:36:e2:45:19:5a:e0:c4:a3:0a:9f:aa:51:
34:92:bc:85:0b:29:1b:aa:2f:67:41:8f:39:f5:54:fd:7c:1f:
0a:35:b0:4e:95:34:c8:0b:41:f6:3c:80:63:d8:68:5d:bd:89:
e5:54:13:cf:b3:54:84:ec:75:67:5c:a0:21:52:f9:ea:ef:40:
69:7f:fe:b7
-----BEGIN CERTIFICATE-----
MIIFrzCCBJegAwIBAgIULn0Dnkr3zuVeMnHhqdm0Qa9VT54wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMDQxMzUwMzZaFw0yNzAyMDMxMzU1MzZaMDMxMTAvBgNV
BAMTKDk2N0M0M0Q1RjYyQzdFN0VFNzI5OUU4NDEyNjA5MDdDOTk5MzdDMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSG+4NYVpxNnMWFDiFAfJzNsHR
+1HPmDoUsF/QLxYbCNpNEHcPkuM/g8zOmOUDUTMb2y+5gF0mtbohHnNNNlgpaOH8
fGUmYPMLP/40v7+acpFD3ZyAzRCoDiYM6IOVvXWLBNKosiHYLiASKcNpOAN67kRR
uF1S+Nd5u5LAHfJzQXCRdKwQ+efDaZGIugTjo8fNl74fQSspwyqg7BfNMd37EXcA
GnqH0CUxvrAwT2+ZKgwhoVbbdViZyweeqhpLaibMmUOaNO8XiMmChf7vIKj0PW5b
Mr5S8iUp8HReZTz+My8/N2HUTxgKBh3naonCnZLXTRK0HyUrrwVixWmZYycnAgMB
AAGjggK5MIICtTAdBgNVHQ4EFgQUlnxD1fYsfn7nKZ6EEmCQfJmTfAswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA5ODU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBtwQCAAEwgbAD
BABSFW0DBABSFXYDBABSFaYDBABSFasDBABSFa4DBABSFbADBABSFboDBAFSFcoD
BABSFc0DBAFSFwADBAFSF7oDBABSGBwDBABSGC8DBABSGpUDBABSGpkDBABSGp8D
BABSGqIDBABSGqQDBABSGqoDBABSGq0DBABSGsADBABSGsMDBABSGscDBABSHRUD
BABSHRswDAMEAFIdhQMEA1IdgAMEAFIdlQMEAFIdlzANBgkqhkiG9w0BAQsFAAOC
AQEAdBLSxHNvNWp1pL/f/xLFfGgQUjv4+mSi3ptAJ/58UROj+uSUSEWISJotzGkR
mc9HgGg05kKiKrMl22eu4IspzkgjFF+WC7UUAks3f3NEVyXfsXu1LTRrWlAA6sx/
JYSUsbm6xgP85/aa1UkdxN59nS1zie591dauE2tOJMdA3JGs1k+bBHgqy62NXBRq
gyBgT9jcLQrGV6hjCV3QxJAQNZQFXnpL6ZVg/jKHan3qk2J7BV1azxrGRWVoNuJF
GVrgxKMKn6pRNJK8hQspG6ovZ0GPOfVU/XwfCjWwTpU0yAtB9jyAY9hoXb2J5VQT
z7NUhOx1Z1ygIVL56u9AaX/+tw==
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:39:54 2026 by rpki-client