Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209861.roa
File: AS209861.roa (raw, json)
Hash identifier: 3WMI0eL//D/hJZPjsrcXJa/8Iol9m0ufmRgBMPTVNCI=
Subject key identifier: FA:71:0C:75:4B:E5:FD:A8:8C:CA:F0:D3:DF:B9:FF:CD:E5:23:1D:D6
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 63CFDAAB4AD046C66027297F742C01867B5F5268
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209861.roa
Signing time: Tue 28 Apr 2026 06:47:06 +0000
ROA not before: Tue 28 Apr 2026 06:42:06 +0000
ROA not after: Tue 27 Apr 2027 06:47:06 +0000
asID: 209861
IP address blocks: 2a13:9500:66::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
63:cf:da:ab:4a:d0:46:c6:60:27:29:7f:74:2c:01:86:7b:5f:52:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Apr 28 06:42:06 2026 GMT
Not After : Apr 27 06:47:06 2027 GMT
Subject: CN=FA710C754BE5FDA88CCAF0D3DFB9FFCDE5231DD6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:72:64:ae:69:c1:db:5b:4e:b2:c7:9e:1b:c1:
77:22:c1:22:46:09:3d:fb:d9:eb:31:7e:5a:1d:43:
57:e4:11:34:1f:14:33:3e:ff:99:5b:6b:fd:e5:50:
64:92:62:fa:e1:24:cc:c8:ef:e5:b4:56:e6:01:9c:
88:1f:7f:e5:ba:01:a6:b5:0e:24:ee:c7:3b:14:88:
ed:be:b7:46:7c:7c:b7:9d:c2:f4:ad:00:13:ee:85:
05:5e:78:1c:26:4d:4a:8a:05:b3:60:09:f3:45:91:
a9:24:df:e3:5e:66:48:8a:d0:e1:60:fd:d0:53:76:
c3:d0:a1:6b:62:6a:ca:18:a2:42:20:8d:e2:8c:8f:
8f:c7:f5:82:58:f2:ad:b3:77:85:51:2b:6e:2d:73:
00:06:2b:1d:5a:54:6b:21:21:e4:21:1c:98:ad:ea:
51:5e:97:86:59:96:24:24:d8:1c:23:b2:14:66:4f:
fd:ad:ac:b1:50:a3:74:af:5d:c8:e7:65:20:01:23:
33:fe:d0:de:2a:83:56:af:4a:5f:b4:8c:f5:74:28:
a8:51:a0:ff:b0:6b:60:aa:0d:ec:49:f8:40:7f:d8:
70:de:89:5c:d7:12:c2:ea:00:55:36:62:01:e6:06:
ee:97:9d:0d:10:c0:07:60:62:ad:22:cf:f2:0a:95:
3a:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:71:0C:75:4B:E5:FD:A8:8C:CA:F0:D3:DF:B9:FF:CD:E5:23:1D:D6
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209861.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:9500:66::/48
Signature Algorithm: sha256WithRSAEncryption
31:e6:7c:90:4b:05:cb:45:5b:b2:70:fa:05:01:d8:9d:dd:5f:
ea:e7:60:af:d9:29:a3:08:be:45:5f:fc:5e:5e:8a:6d:7c:1d:
43:be:4a:0a:af:2f:af:2d:6c:fb:a6:6b:a7:e8:11:c2:5f:b1:
0b:5f:ef:6e:3a:81:c0:ea:d2:6e:74:9b:39:1c:f8:a8:0c:c7:
a8:9b:58:c4:42:d4:f9:ee:17:05:64:5a:00:a6:e6:81:5b:cb:
e5:56:62:4a:78:6a:b1:e3:be:26:3d:86:1c:40:04:fc:12:7a:
46:8c:17:0e:af:bf:b0:d6:8c:9b:e4:63:ab:da:a0:92:c0:b1:
0f:1a:93:b3:8b:a2:93:6d:c3:5f:ad:4e:5a:ea:d0:e0:95:34:
23:76:e6:5c:2b:24:10:ef:d8:0a:88:d3:13:fc:b6:c7:80:31:
93:64:1b:a3:95:23:b4:9a:9c:b6:d0:4a:40:dd:0c:f0:a4:43:
a2:9e:7d:b4:15:07:f0:a1:04:29:38:e2:5b:48:0f:ed:c4:12:
67:64:1b:e5:18:89:9a:50:08:36:a3:b3:3f:cf:85:84:f0:af:
35:a2:c1:e2:f9:35:37:0d:43:15:03:49:6c:fe:6b:32:4c:8c:
e8:15:13:0d:c6:36:5f:4b:56:16:ed:0e:08:0e:a6:9b:f9:c7:
98:6f:96:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUY8/aq0rQRsZgJyl/dCwBhntfUmgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjgwNjQyMDZaFw0yNzA0MjcwNjQ3MDZaMDMxMTAvBgNV
BAMTKEZBNzEwQzc1NEJFNUZEQTg4Q0NBRjBEM0RGQjlGRkNERTUyMzFERDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUcmSuacHbW06yx54bwXciwSJG
CT372esxflodQ1fkETQfFDM+/5lba/3lUGSSYvrhJMzI7+W0VuYBnIgff+W6Aaa1
DiTuxzsUiO2+t0Z8fLedwvStABPuhQVeeBwmTUqKBbNgCfNFkakk3+NeZkiK0OFg
/dBTdsPQoWtiasoYokIgjeKMj4/H9YJY8q2zd4VRK24tcwAGKx1aVGshIeQhHJit
6lFel4ZZliQk2BwjshRmT/2trLFQo3SvXcjnZSABIzP+0N4qg1avSl+0jPV0KKhR
oP+wa2CqDexJ+EB/2HDeiVzXEsLqAFU2YgHmBu6XnQ0QwAdgYq0iz/IKlTp7AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU+nEMdUvl/aiMyvDT37n/zeUjHdYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA5ODYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABmMA0GCSqGSIb3DQEBCwUAA4IBAQAx5nyQSwXLRVuycPoFAdid3V/q52Cv2Smj
CL5FX/xeXoptfB1DvkoKry+vLWz7pmun6BHCX7ELX+9uOoHA6tJudJs5HPioDMeo
m1jEQtT57hcFZFoApuaBW8vlVmJKeGqx474mPYYcQAT8EnpGjBcOr7+w1oyb5GOr
2qCSwLEPGpOzi6KTbcNfrU5a6tDglTQjduZcKyQQ79gKiNMT/LbHgDGTZBujlSO0
mpy20EpA3QzwpEOinn20FQfwoQQpOOJbSA/txBJnZBvlGImaUAg2o7M/z4WE8K81
osHi+TU3DUMVA0ls/msyTIzoFRMNxjZfS1YW7Q4IDqab+ceYb5YR
-----END CERTIFICATE-----
Generated at Tue May 12 23:53:08 2026 by rpki-client