Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
File: AS21840.roa (raw, json)
Hash identifier: W0UGxh/n3Q+MN8FI4va2qbORy9/0Rh4an/Fjrf8Kz7k=
Subject key identifier: BE:0E:3A:41:5D:38:4D:7C:E5:99:27:F8:C0:BF:20:F7:04:0F:9D:F0
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 176A54D193F5E894AF335129A6D1E5E48EAF8C8A
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
Signing time: Fri 24 Apr 2026 01:52:01 +0000
ROA not before: Fri 24 Apr 2026 01:47:01 +0000
ROA not after: Fri 23 Apr 2027 01:52:01 +0000
asID: 21840
IP address blocks: 96.62.247.0/24 maxlen: 24
150.241.198.0/24 maxlen: 24
155.117.216.0/24 maxlen: 24
167.148.196.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
17:6a:54:d1:93:f5:e8:94:af:33:51:29:a6:d1:e5:e4:8e:af:8c:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Apr 24 01:47:01 2026 GMT
Not After : Apr 23 01:52:01 2027 GMT
Subject: CN=BE0E3A415D384D7CE59927F8C0BF20F7040F9DF0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:4b:c9:9b:18:5c:8a:d1:78:4d:c1:17:f8:12:
6f:4f:2a:cc:1a:91:ce:bf:62:87:c2:f2:d8:08:07:
83:99:51:74:d1:66:71:bf:1e:99:69:27:8d:43:dc:
6b:8e:bf:42:ab:ed:e0:4a:ac:c8:ad:44:51:53:7c:
8b:57:57:90:7f:bc:d6:41:94:93:d8:21:1a:8f:87:
02:38:29:af:3a:56:e6:35:00:34:3a:b2:94:bf:e5:
42:e3:eb:05:20:16:85:0d:71:15:7b:90:ca:fc:fe:
96:2c:34:0a:d1:0c:4d:dd:ae:85:0e:4a:9c:f4:b2:
1f:25:ac:39:07:1e:e7:7b:cd:b4:82:69:c4:bf:b1:
56:ba:09:c2:ce:75:c2:1d:1a:fb:d8:b0:44:de:8e:
c3:f0:1c:d7:7f:52:70:70:4c:58:e1:a3:bd:18:b4:
85:53:66:0d:3b:88:c4:10:84:33:82:2e:82:f8:80:
33:8e:63:ae:3e:44:1c:5a:c7:84:93:de:f3:b9:6b:
3e:25:c4:e1:1d:fb:94:d1:f7:57:ea:ae:f5:8f:05:
1a:ae:5e:56:ef:6c:18:b8:86:2c:4c:8b:e7:82:2f:
81:c4:75:08:8b:13:d9:85:22:49:30:c5:6b:25:a0:
34:3e:fd:85:e6:06:5a:46:7a:d2:f0:b4:c6:22:06:
16:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:0E:3A:41:5D:38:4D:7C:E5:99:27:F8:C0:BF:20:F7:04:0F:9D:F0
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.247.0/24
150.241.198.0/24
155.117.216.0/24
167.148.196.0/24
Signature Algorithm: sha256WithRSAEncryption
6f:90:6c:30:76:91:ec:8c:da:0c:fe:7d:cc:21:74:f1:38:02:
7f:3d:cf:2b:87:b2:b4:cf:3c:cb:24:26:39:65:15:3a:7d:77:
39:06:9f:65:97:e8:da:71:3a:85:f3:4c:89:67:c3:76:b8:c8:
c2:76:26:67:db:1e:8e:cd:a6:9d:25:33:3b:39:f4:0a:bb:5c:
b7:ed:98:11:a6:ed:79:e1:0c:a8:7a:d2:cb:d6:a3:89:df:1e:
3a:51:9e:ef:23:ab:a3:18:8c:0c:b4:dd:5b:ed:97:fd:3b:08:
12:c8:19:09:68:a7:f8:85:a4:f7:74:a3:a0:b5:ce:78:9c:76:
51:74:92:72:2d:6d:74:75:b9:26:98:c0:04:b8:52:e7:c9:11:
31:e1:3d:f3:de:21:90:17:43:93:6b:24:92:41:93:83:92:46:
54:f4:ae:5b:b8:10:12:35:49:5d:f4:b8:95:76:1f:c0:9a:c5:
1b:2d:b4:c8:40:95:39:0a:11:16:51:e0:b9:e6:0c:3e:ae:e9:
67:cc:a7:d6:71:64:e9:8b:07:9e:e9:72:8a:a7:58:9a:93:b4:
a9:65:f9:86:c0:c9:d9:03:58:1a:c5:b5:d1:15:6e:f6:70:ae:
a7:51:3c:af:71:5c:6a:06:9a:4e:4d:8e:14:68:cf:2b:09:37:
88:d6:d4:3f
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUF2pU0ZP16JSvM1EpptHl5I6vjIowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MjQwMTQ3MDFaFw0yNzA0MjMwMTUyMDFaMDMxMTAvBgNV
BAMTKEJFMEUzQTQxNUQzODREN0NFNTk5MjdGOEMwQkYyMEY3MDQwRjlERjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9S8mbGFyK0XhNwRf4Em9PKswa
kc6/YofC8tgIB4OZUXTRZnG/HplpJ41D3GuOv0Kr7eBKrMitRFFTfItXV5B/vNZB
lJPYIRqPhwI4Ka86VuY1ADQ6spS/5ULj6wUgFoUNcRV7kMr8/pYsNArRDE3droUO
Spz0sh8lrDkHHud7zbSCacS/sVa6CcLOdcIdGvvYsETejsPwHNd/UnBwTFjho70Y
tIVTZg07iMQQhDOCLoL4gDOOY64+RBxax4ST3vO5az4lxOEd+5TR91fqrvWPBRqu
XlbvbBi4hixMi+eCL4HEdQiLE9mFIkkwxWsloDQ+/YXmBlpGetLwtMYiBhZjAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUvg46QV04TXzlmSf4wL8g9wQPnfAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMQYIKwYBBQUHAQcBAf8EIjAgMB4EAgABMBgDBABgPvcD
BACW8cYDBACbddgDBACnlMQwDQYJKoZIhvcNAQELBQADggEBAG+QbDB2keyM2gz+
fcwhdPE4An89zyuHsrTPPMskJjllFTp9dzkGn2WX6NpxOoXzTIlnw3a4yMJ2Jmfb
Ho7Npp0lMzs59Aq7XLftmBGm7XnhDKh60svWo4nfHjpRnu8jq6MYjAy03Vvtl/07
CBLIGQlop/iFpPd0o6C1znicdlF0knItbXR1uSaYwAS4UufJETHhPfPeIZAXQ5Nr
JJJBk4OSRlT0rlu4EBI1SV30uJV2H8CaxRsttMhAlTkKERZR4LnmDD6u6WfMp9Zx
ZOmLB57pcoqnWJqTtKll+YbAydkDWBrFtdEVbvZwrqdRPK9xXGoGmk5NjhRozysJ
N4jW1D8=
-----END CERTIFICATE-----
Generated at Tue May 12 22:40:21 2026 by rpki-client