Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS397423.roa
File: AS397423.roa (raw, json)
Hash identifier: tJk5NJiFNlxeWAsaLZCm+jdz7BkXBVZMQXOCrnfKrQ0=
Subject key identifier: BC:96:7C:4A:76:A8:2C:08:D4:42:0E:08:C9:39:60:5F:86:57:74:8E
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 6B0063D3F772CFA4AAE2AA7BA89C4280E4813FE1
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS397423.roa
Signing time: Sat 28 Feb 2026 00:08:06 +0000
ROA not before: Sat 28 Feb 2026 00:03:06 +0000
ROA not after: Sat 27 Feb 2027 00:08:06 +0000
asID: 397423
IP address blocks: 82.22.204.0/24 maxlen: 24
82.24.82.0/24 maxlen: 24
82.24.200.0/24 maxlen: 24
82.25.23.0/24 maxlen: 24
82.25.28.0/24 maxlen: 24
82.25.29.0/24 maxlen: 24
82.25.30.0/24 maxlen: 24
82.25.31.0/24 maxlen: 24
82.26.200.0/24 maxlen: 24
82.41.60.0/22 maxlen: 24
82.41.76.0/22 maxlen: 24
82.41.84.0/22 maxlen: 24
82.41.92.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 09:38:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6b:00:63:d3:f7:72:cf:a4:aa:e2:aa:7b:a8:9c:42:80:e4:81:3f:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Feb 28 00:03:06 2026 GMT
Not After : Feb 27 00:08:06 2027 GMT
Subject: CN=BC967C4A76A82C08D4420E08C939605F8657748E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:eb:34:5e:9f:c1:b9:35:9c:61:d2:b9:9a:7d:
20:5a:e2:72:73:57:7c:fb:34:16:55:a1:a3:c8:a1:
70:c5:ee:fa:66:ec:eb:27:d1:3e:af:3f:24:ab:af:
41:30:cb:ae:31:18:0b:65:4b:57:1d:ce:74:79:d3:
27:1a:24:45:48:d8:93:29:71:cb:54:01:05:6a:23:
cf:37:ee:95:d3:c8:ea:01:fc:f6:2f:14:c4:f7:cd:
02:51:61:31:9f:33:1c:e7:f7:6c:e5:ad:57:99:19:
7f:31:c4:be:a0:4d:54:a2:fc:f8:11:eb:27:ef:c5:
2a:d9:d5:04:2f:66:44:cc:99:13:2e:5c:6a:2c:31:
fd:a1:5c:12:2c:3e:9f:b2:54:e5:5d:b2:e6:cf:8a:
a6:bf:87:e1:31:27:b6:ca:c7:00:c7:39:ee:e7:78:
23:81:46:c3:70:ab:49:a8:44:c4:e0:22:da:48:aa:
65:1b:ad:39:8d:9b:58:a0:8f:28:6d:9c:3e:75:44:
e6:b3:12:ad:e7:32:a9:45:5e:44:6d:ac:3b:1e:5c:
ca:cd:b3:eb:ed:52:e9:69:6f:c7:64:64:0c:14:d1:
f5:2b:bb:08:9a:f4:1a:de:5c:fc:9a:a0:e5:eb:28:
b9:fe:7a:56:cd:9b:5a:36:8f:4d:4e:0d:4d:27:c5:
b0:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:96:7C:4A:76:A8:2C:08:D4:42:0E:08:C9:39:60:5F:86:57:74:8E
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS397423.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.22.204.0/24
82.24.82.0/24
82.24.200.0/24
82.25.23.0/24
82.25.28.0/22
82.26.200.0/24
82.41.60.0/22
82.41.76.0/22
82.41.84.0/22
82.41.92.0/22
Signature Algorithm: sha256WithRSAEncryption
a0:94:6d:8b:c7:20:90:a1:49:82:f1:49:bf:6c:73:c4:21:32:
e6:83:8d:80:0e:91:9c:6e:b6:25:f9:ef:af:28:26:d3:39:d0:
86:ed:27:8a:f0:ea:52:a6:a6:f1:0a:19:fe:a0:48:f2:50:8b:
be:a4:8d:f2:42:24:f3:3e:88:e1:68:6c:ff:ac:73:92:7f:94:
ec:93:9e:92:37:aa:ea:7e:7c:01:4c:dc:38:38:2e:ff:82:b4:
0c:ff:f7:17:0c:2d:fd:57:24:65:87:dc:25:80:98:0e:ed:43:
46:0b:8a:26:2d:fc:f8:51:73:7e:16:6e:8f:3e:11:e0:ae:a2:
f2:a3:2a:90:a2:48:74:b9:7c:a3:d2:cd:1a:34:7b:63:c8:fa:
3a:81:dd:f8:89:6d:1e:80:f0:b5:23:da:a0:a6:2d:db:c5:08:
6a:6c:5d:f4:2c:08:67:74:3a:27:6c:3b:bd:ab:57:b8:51:39:
3f:61:49:7b:d4:15:4a:d8:08:9c:3f:7c:c2:b9:60:58:b7:e0:
b6:dd:70:68:2e:f4:96:99:8b:ca:8f:c7:b6:ec:b9:0a:af:cf:
f9:e1:b5:66:51:56:07:cd:7a:ff:cd:54:35:03:8e:ca:22:d2:
ad:b7:41:42:90:70:14:a4:af:20:24:90:e1:5f:0d:e8:e8:4a:
8d:9a:4e:10
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgIUawBj0/dyz6Sq4qp7qJxCgOSBP+EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMjgwMDAzMDZaFw0yNzAyMjcwMDA4MDZaMDMxMTAvBgNV
BAMTKEJDOTY3QzRBNzZBODJDMDhENDQyMEUwOEM5Mzk2MDVGODY1Nzc0OEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm6zRen8G5NZxh0rmafSBa4nJz
V3z7NBZVoaPIoXDF7vpm7Osn0T6vPySrr0Ewy64xGAtlS1cdznR50ycaJEVI2JMp
cctUAQVqI8837pXTyOoB/PYvFMT3zQJRYTGfMxzn92zlrVeZGX8xxL6gTVSi/PgR
6yfvxSrZ1QQvZkTMmRMuXGosMf2hXBIsPp+yVOVdsubPiqa/h+ExJ7bKxwDHOe7n
eCOBRsNwq0moRMTgItpIqmUbrTmNm1igjyhtnD51ROazEq3nMqlFXkRtrDseXMrN
s+vtUulpb8dkZAwU0fUruwia9BreXPyaoOXrKLn+elbNm1o2j01ODU0nxbBVAgMB
AAGjggJAMIICPDAdBgNVHQ4EFgQUvJZ8SnaoLAjUQg4IyTlgX4ZXdI4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzk3NDIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAUhbM
AwQAUhhSAwQAUhjIAwQAUhkXAwQCUhkcAwQAUhrIAwQCUik8AwQCUilMAwQCUilU
AwQCUilcMA0GCSqGSIb3DQEBCwUAA4IBAQCglG2LxyCQoUmC8Um/bHPEITLmg42A
DpGcbrYl+e+vKCbTOdCG7SeK8OpSpqbxChn+oEjyUIu+pI3yQiTzPojhaGz/rHOS
f5Tsk56SN6rqfnwBTNw4OC7/grQM//cXDC39VyRlh9wlgJgO7UNGC4omLfz4UXN+
Fm6PPhHgrqLyoyqQokh0uXyj0s0aNHtjyPo6gd34iW0egPC1I9qgpi3bxQhqbF30
LAhndDonbDu9q1e4UTk/YUl71BVK2AicP3zCuWBYt+C23XBoLvSWmYvKj8e27LkK
r8/54bVmUVYHzXr/zVQ1A47KItKtt0FCkHAUpK8gJJDhXw3o6EqNmk4Q
-----END CERTIFICATE-----
Generated at Sun Mar 1 20:12:48 2026 by rpki-client