Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS209601.roa
File: AS209601.roa (raw, json)
Hash identifier: ZrV10N3//AaVcXrcphxK2k8Nhi2HQ8xYvdlLSdbPWpw=
Subject key identifier: 7F:A0:E5:E8:9C:D0:F9:A1:26:AA:21:D2:7D:64:EB:15:CE:3F:FE:ED
Certificate issuer: /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial: 1D2294552B83F560233C1AE9F4C1C5E16979DF0C
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS209601.roa
Signing time: Mon 23 Feb 2026 16:18:08 +0000
ROA not before: Mon 23 Feb 2026 16:13:08 +0000
ROA not after: Mon 22 Feb 2027 16:18:08 +0000
asID: 209601
IP address blocks: 2a14:7581:fe6::/48 maxlen: 48
2a14:7583:e05d::/48 maxlen: 48
2a14:7583:e0ae::/48 maxlen: 48
2a14:7583:e0c1::/48 maxlen: 48
2a14:7583:e0d9::/48 maxlen: 48
2a14:7583:e0e0::/48 maxlen: 48
2a14:7583:e0e9::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1d:22:94:55:2b:83:f5:60:23:3c:1a:e9:f4:c1:c5:e1:69:79:df:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Validity
Not Before: Feb 23 16:13:08 2026 GMT
Not After : Feb 22 16:18:08 2027 GMT
Subject: CN=7FA0E5E89CD0F9A126AA21D27D64EB15CE3FFEED
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:21:9c:20:d1:d1:ab:87:d8:0e:1a:b5:4c:17:
bc:0e:4b:bc:ac:c2:6d:64:9f:88:0b:f1:d0:60:8b:
18:d6:63:41:4f:df:13:98:7f:7c:1f:1d:35:b0:2e:
d7:a2:4b:33:7b:d1:1d:04:c6:15:f0:8f:ec:05:6c:
be:f7:e9:9f:fe:6b:e8:c3:b5:1d:d9:c1:9e:fc:2c:
db:be:fd:29:1e:59:fe:7a:40:e0:20:3e:6a:51:0b:
ad:8b:22:be:80:bb:db:a1:b7:23:ef:40:b7:3c:b0:
d0:19:23:d5:46:7f:0c:9b:53:c1:81:6e:33:9b:85:
11:a2:1c:14:23:9e:46:ff:c4:ed:ad:22:2c:58:a2:
f9:20:8e:7b:6c:a1:c0:c1:8d:65:6c:99:e2:38:c2:
ae:b8:57:19:ab:59:a5:59:b8:e2:a7:ff:13:6a:61:
2d:f8:20:de:c5:3e:8b:04:7c:86:a0:a4:9b:38:91:
2b:47:17:ed:8e:74:3d:c7:b5:ea:6f:2e:6a:12:c1:
af:15:a1:29:3f:ed:e1:94:ff:57:d2:52:b0:50:20:
a5:4e:d4:35:ea:10:a8:ae:0e:e3:14:28:7c:8e:6b:
4c:62:f2:3e:b0:4a:19:08:f1:fb:1d:a9:51:1f:cc:
d4:cd:0c:6d:e0:bb:74:6f:5b:45:93:31:d0:89:2f:
1f:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:A0:E5:E8:9C:D0:F9:A1:26:AA:21:D2:7D:64:EB:15:CE:3F:FE:ED
X509v3 Authority Key Identifier:
keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS209601.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:7581:fe6::/48
2a14:7583:e05d::/48
2a14:7583:e0ae::/48
2a14:7583:e0c1::/48
2a14:7583:e0d9::/48
2a14:7583:e0e0::/48
2a14:7583:e0e9::/48
Signature Algorithm: sha256WithRSAEncryption
86:54:d8:a0:6b:e8:ab:c0:bd:c9:82:4f:91:f7:25:7b:52:e3:
65:b8:48:00:0c:9a:22:29:01:dd:20:23:ce:5d:4e:5b:0c:8b:
81:47:78:a2:d8:88:54:43:d9:34:97:0d:23:70:41:c7:2c:2b:
97:f2:ab:1d:78:a5:b2:b4:18:79:12:05:25:d5:8d:02:b2:1e:
c1:f8:79:c9:9e:cb:56:ed:e9:38:ca:78:ca:be:bf:5b:71:66:
6d:b5:8a:4e:8e:03:84:53:ae:bd:d8:9b:3e:50:50:4f:61:d2:
1c:3e:c4:0b:57:7d:3d:fa:eb:c4:eb:24:50:fe:5d:ad:65:59:
31:02:79:87:ba:f4:71:4c:4b:07:4b:b4:e0:04:6d:bd:1c:9a:
e7:54:c1:ed:62:0b:bc:4e:37:89:90:c8:07:c2:9f:e5:a5:e2:
ce:49:2b:f6:d0:7d:2e:a0:05:74:33:ad:d8:61:f9:11:32:f2:
bc:20:d6:75:03:ce:fd:e7:fa:2f:40:29:c6:e3:09:4b:73:8f:
8b:44:a0:e1:6b:02:9a:e9:56:bc:2c:c3:70:57:09:67:70:29:
32:b1:f1:1f:a5:8c:fa:64:58:af:b3:b3:7c:18:39:cf:d3:f1:
44:33:ff:6f:15:be:db:c7:65:a8:2c:53:9c:9f:55:68:30:66:
0e:60:70:42
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgIUHSKUVSuD9WAjPBrp9MHF4Wl53wwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAyMjMxNjEzMDhaFw0yNzAyMjIxNjE4MDhaMDMxMTAvBgNV
BAMTKDdGQTBFNUU4OUNEMEY5QTEyNkFBMjFEMjdENjRFQjE1Q0UzRkZFRUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZIZwg0dGrh9gOGrVMF7wOS7ys
wm1kn4gL8dBgixjWY0FP3xOYf3wfHTWwLteiSzN70R0ExhXwj+wFbL736Z/+a+jD
tR3ZwZ78LNu+/SkeWf56QOAgPmpRC62LIr6Au9uhtyPvQLc8sNAZI9VGfwybU8GB
bjObhRGiHBQjnkb/xO2tIixYovkgjntsocDBjWVsmeI4wq64VxmrWaVZuOKn/xNq
YS34IN7FPosEfIagpJs4kStHF+2OdD3HtepvLmoSwa8VoSk/7eGU/1fSUrBQIKVO
1DXqEKiuDuMUKHyOa0xi8j6wShkI8fsdqVEfzNTNDG3gu3RvW0WTMdCJLx8bAgMB
AAGjggJDMIICPzAdBgNVHQ4EFgQUf6Dl6JzQ+aEmqiHSfWTrFc4//u0wHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA5NjAxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwcAKhR1
gQ/mAwcAKhR1g+BdAwcAKhR1g+CuAwcAKhR1g+DBAwcAKhR1g+DZAwcAKhR1g+Dg
AwcAKhR1g+DpMA0GCSqGSIb3DQEBCwUAA4IBAQCGVNiga+irwL3Jgk+R9yV7UuNl
uEgADJoiKQHdICPOXU5bDIuBR3ii2IhUQ9k0lw0jcEHHLCuX8qsdeKWytBh5EgUl
1Y0Csh7B+HnJnstW7ek4ynjKvr9bcWZttYpOjgOEU6692Js+UFBPYdIcPsQLV309
+uvE6yRQ/l2tZVkxAnmHuvRxTEsHS7TgBG29HJrnVMHtYgu8TjeJkMgHwp/lpeLO
SSv20H0uoAV0M63YYfkRMvK8INZ1A8795/ovQCnG4wlLc4+LRKDhawKa6Va8LMNw
VwlncCkysfEfpYz6ZFivs7N8GDnP0/FEM/9vFb7bx2WoLFOcn1VoMGYOYHBC
-----END CERTIFICATE-----
Generated at Mon Mar 2 08:06:53 2026 by rpki-client