Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209854.roa
File: AS209854.roa (raw, json)
Hash identifier: QF9x+meuK7HFO/ceneg77oXIYughLG5gDB1KZ0nD16Y=
Subject key identifier: C9:52:A8:F2:09:C8:A1:71:EA:BD:FA:9C:EE:4A:8C:6A:54:9A:65:C5
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 72C19293367F0D795278654587F717B3C5E2AA49
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209854.roa
Signing time: Thu 21 Aug 2025 09:54:13 +0000
ROA not before: Thu 21 Aug 2025 09:49:13 +0000
ROA not after: Thu 20 Aug 2026 09:54:13 +0000
asID: 209854
IP address blocks: 145.223.0.0/24 maxlen: 24
145.223.1.0/24 maxlen: 24
145.223.2.0/24 maxlen: 24
145.223.3.0/24 maxlen: 24
145.223.4.0/24 maxlen: 24
145.223.5.0/24 maxlen: 24
145.223.6.0/24 maxlen: 24
145.223.7.0/24 maxlen: 24
145.223.8.0/24 maxlen: 24
145.223.9.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:50:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
72:c1:92:93:36:7f:0d:79:52:78:65:45:87:f7:17:b3:c5:e2:aa:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Aug 21 09:49:13 2025 GMT
Not After : Aug 20 09:54:13 2026 GMT
Subject: CN=C952A8F209C8A171EABDFA9CEE4A8C6A549A65C5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:e7:4a:90:57:fa:1d:ba:26:59:a0:80:9c:05:
45:73:29:33:3a:a5:fe:44:f2:e5:06:7d:51:6a:e7:
2f:fd:b6:c0:48:d3:4a:a8:b7:7e:5d:49:0a:aa:1d:
7c:45:52:47:be:5a:84:64:e0:c3:23:56:b9:5d:dd:
0d:00:0f:73:cf:8d:17:65:5d:b3:18:6c:1c:4e:ed:
46:fe:37:fe:8e:7c:d5:73:2e:08:4a:34:b2:62:9e:
c8:59:e6:cb:68:cb:ff:11:a7:3b:c0:59:0a:8a:4a:
ce:d8:dc:1e:b8:50:22:a8:f5:5a:b8:ea:d4:c0:20:
d1:2a:b8:1d:06:ff:7d:4c:43:e5:89:6e:c0:3f:5f:
70:39:f4:df:db:6d:1b:cd:95:b3:58:d6:c4:f6:5e:
52:b9:ed:af:0e:1b:e5:f2:ef:e1:77:a8:cf:17:25:
3b:99:30:91:98:5b:a7:b5:71:1b:21:21:72:df:28:
45:3d:95:57:db:0a:2c:ea:e6:fd:ab:f6:f2:16:12:
e7:fd:f9:0a:b7:22:af:f6:79:2c:73:28:8c:ef:f5:
87:00:4e:68:9f:3c:24:ee:0d:fd:61:3b:85:fe:66:
c7:59:c2:3f:dd:c6:e4:af:27:40:48:97:5d:ec:5a:
23:fe:b6:68:4e:7b:f0:f5:e2:34:26:48:4a:0e:63:
72:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:52:A8:F2:09:C8:A1:71:EA:BD:FA:9C:EE:4A:8C:6A:54:9A:65:C5
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209854.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
145.223.0.0-145.223.9.255
Signature Algorithm: sha256WithRSAEncryption
4d:e7:b0:24:d7:3c:61:e3:f7:ae:9b:62:e1:ae:5f:a3:0d:bc:
f8:09:5e:8f:44:97:9d:ab:24:29:e3:8c:c8:1b:85:0a:53:84:
6d:09:33:ee:f3:0b:94:27:11:fa:1b:6b:f4:61:bf:20:db:96:
bb:78:13:48:18:7f:ba:6c:aa:cd:d6:08:1f:35:f7:bd:bc:e9:
b5:ee:da:d3:1f:3b:b9:d1:d7:31:02:c0:68:cf:09:df:18:0a:
b3:95:6a:83:41:d0:4f:8e:a8:51:c2:97:61:be:7f:19:a4:fc:
ec:8e:fb:da:c0:96:77:27:20:0e:8a:d0:32:e9:34:fe:53:3c:
b5:fa:f4:79:1f:d1:3c:ad:b1:9b:f0:fc:ea:ff:c9:f4:bd:47:
30:2f:86:b3:d1:df:a4:51:11:ca:a6:bb:72:8e:3f:7e:72:dd:
bc:eb:c1:86:c6:5f:d5:8f:96:4f:9c:2c:23:a6:16:06:8b:41:
49:1d:2c:51:74:5c:15:9b:29:5f:fb:74:7f:43:15:3e:6a:22:
e4:02:a5:f6:c4:6e:3a:b3:8e:25:f4:c8:19:19:85:90:04:29:
af:0f:b5:30:74:2a:4b:48:e4:25:01:99:67:b3:f1:ac:f0:aa:
c3:18:eb:16:d6:c0:ff:a2:07:26:3a:99:96:fb:8a:55:e7:5c:
69:d1:c7:53
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIUcsGSkzZ/DXlSeGVFh/cXs8XiqkkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MjEwOTQ5MTNaFw0yNjA4MjAwOTU0MTNaMDMxMTAvBgNV
BAMTKEM5NTJBOEYyMDlDOEExNzFFQUJERkE5Q0VFNEE4QzZBNTQ5QTY1QzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE50qQV/oduiZZoICcBUVzKTM6
pf5E8uUGfVFq5y/9tsBI00qot35dSQqqHXxFUke+WoRk4MMjVrld3Q0AD3PPjRdl
XbMYbBxO7Ub+N/6OfNVzLghKNLJinshZ5stoy/8RpzvAWQqKSs7Y3B64UCKo9Vq4
6tTAINEquB0G/31MQ+WJbsA/X3A59N/bbRvNlbNY1sT2XlK57a8OG+Xy7+F3qM8X
JTuZMJGYW6e1cRshIXLfKEU9lVfbCizq5v2r9vIWEuf9+Qq3Iq/2eSxzKIzv9YcA
TmifPCTuDf1hO4X+ZsdZwj/dxuSvJ0BIl13sWiP+tmhOe/D14jQmSEoOY3IPAgMB
AAGjggIRMIICDTAdBgNVHQ4EFgQUyVKo8gnIoXHqvfqc7kqMalSaZcUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA5ODU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwCR
3wMEAZHfCDANBgkqhkiG9w0BAQsFAAOCAQEATeewJNc8YeP3rpti4a5fow28+Ale
j0SXnaskKeOMyBuFClOEbQkz7vMLlCcR+htr9GG/INuWu3gTSBh/umyqzdYIHzX3
vbzpte7a0x87udHXMQLAaM8J3xgKs5Vqg0HQT46oUcKXYb5/GaT87I772sCWdycg
DorQMuk0/lM8tfr0eR/RPK2xm/D86v/J9L1HMC+Gs9HfpFERyqa7co4/fnLdvOvB
hsZf1Y+WT5wsI6YWBotBSR0sUXRcFZspX/t0f0MVPmoi5AKl9sRuOrOOJfTIGRmF
kAQprw+1MHQqS0jkJQGZZ7PxrPCqwxjrFtbA/6IHJjqZlvuKVedcadHHUw==
-----END CERTIFICATE-----
Generated at Sat Aug 23 17:03:12 2025 by rpki-client