Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
File: AS21840.roa (raw, json)
Hash identifier: C2IJoPSmYZrXdnMSJ1WPVYq6JXzSJTXK0Kh1Jvgl7C0=
Subject key identifier: F8:2C:B1:8F:89:19:DE:C4:84:3A:EE:13:B4:AC:D6:86:75:1E:E8:51
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 68A4DB4380B851FBD2535BA7358FDFFFDE6B1AAF
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
Signing time: Thu 19 Mar 2026 01:16:53 +0000
ROA not before: Thu 19 Mar 2026 01:11:53 +0000
ROA not after: Thu 18 Mar 2027 01:16:53 +0000
asID: 21840
IP address blocks: 96.62.247.0/24 maxlen: 24
150.241.198.0/24 maxlen: 24
155.117.216.0/24 maxlen: 24
167.148.196.0/24 maxlen: 24
168.222.48.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Mar 2026 00:55:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
68:a4:db:43:80:b8:51:fb:d2:53:5b:a7:35:8f:df:ff:de:6b:1a:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Mar 19 01:11:53 2026 GMT
Not After : Mar 18 01:16:53 2027 GMT
Subject: CN=F82CB18F8919DEC4843AEE13B4ACD686751EE851
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:0f:a4:bb:9d:4e:bc:e2:9c:67:30:46:50:06:
cc:5f:8b:df:0f:71:09:f9:67:22:c0:e1:63:1f:02:
cf:2d:d8:50:cc:30:fc:d8:87:81:51:dc:70:c2:2c:
69:ae:50:b5:c8:1e:e9:8f:1b:b9:d9:98:dd:dd:ec:
3b:bd:9a:a0:ff:63:77:0e:1e:77:e5:68:8f:ff:c7:
df:02:a1:88:23:f2:6e:93:ff:80:2e:fb:a9:e6:4b:
f9:53:a5:22:25:42:d8:17:d1:cd:59:15:09:7f:d6:
92:28:45:55:c1:49:30:a9:94:ba:0d:38:7c:2e:38:
d8:3f:74:e3:9d:00:93:81:54:f3:7c:69:1c:9e:e2:
01:fc:41:62:32:1e:a5:27:b5:07:17:26:5a:80:1f:
62:8d:f0:8e:9c:e6:a7:a8:41:b0:e2:66:80:01:f6:
4e:9b:95:eb:23:19:ce:a7:7a:d3:72:f8:0a:df:63:
fa:8e:7d:5f:8e:3d:6c:df:8d:93:86:41:ba:2b:bc:
09:25:c5:05:c1:a7:5b:c9:9c:64:c1:b3:b9:5d:6e:
7f:05:b8:e5:07:61:31:3a:07:00:9a:30:98:f6:f1:
d8:e6:e3:66:6f:e2:1d:60:b5:db:7c:60:9b:b1:81:
86:46:94:e0:27:98:91:8f:c7:bc:b5:d2:8d:3e:a3:
41:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:2C:B1:8F:89:19:DE:C4:84:3A:EE:13:B4:AC:D6:86:75:1E:E8:51
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.247.0/24
150.241.198.0/24
155.117.216.0/24
167.148.196.0/24
168.222.48.0/24
Signature Algorithm: sha256WithRSAEncryption
85:89:14:31:a3:0e:f4:00:a2:21:4e:1b:b0:78:7b:94:a8:f4:
25:e1:fc:76:3c:ca:3f:fa:3a:04:25:f0:93:2c:e3:3c:5b:9f:
01:8c:5a:e6:f2:3a:ed:00:13:71:99:63:6c:01:30:3f:d2:c2:
20:cb:ce:be:5a:70:6b:74:4c:e4:b6:29:ed:41:28:26:68:45:
de:6f:cb:76:f0:a0:9d:0e:cf:78:d2:ac:6f:31:89:85:0c:66:
40:e8:63:6c:0d:38:e3:95:b3:9a:55:a1:d8:79:83:d2:9e:b3:
05:93:19:1a:23:d1:4b:03:d0:7c:a1:aa:85:7e:de:b6:8e:f9:
1f:a0:19:6e:4d:f1:a3:7e:58:f0:b2:2c:0f:b6:93:f3:f0:f3:
8a:0d:7d:43:2e:7e:2b:a2:dc:1b:e6:70:b2:aa:be:7f:b0:8e:
4f:54:cc:8d:72:12:38:0c:78:e9:08:44:b6:1e:67:5f:32:fd:
d1:b5:a6:80:b3:bb:4b:4d:45:04:ff:91:3f:8f:77:59:c7:bf:
72:55:8d:0e:86:c3:f3:7d:8d:2b:f7:2c:65:cf:e3:a7:a5:7e:
f4:33:a1:96:d5:f5:5b:4f:38:67:d6:a9:62:8e:d6:4b:dc:81:
2d:7e:fd:ac:d9:0e:d7:01:a5:19:ce:08:0b:8a:7c:e6:48:db:
1b:69:31:5e
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIUaKTbQ4C4UfvSU1unNY/f/95rGq8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMTkwMTExNTNaFw0yNzAzMTgwMTE2NTNaMDMxMTAvBgNV
BAMTKEY4MkNCMThGODkxOURFQzQ4NDNBRUUxM0I0QUNENjg2NzUxRUU4NTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmD6S7nU684pxnMEZQBsxfi98P
cQn5ZyLA4WMfAs8t2FDMMPzYh4FR3HDCLGmuULXIHumPG7nZmN3d7Du9mqD/Y3cO
HnflaI//x98CoYgj8m6T/4Au+6nmS/lTpSIlQtgX0c1ZFQl/1pIoRVXBSTCplLoN
OHwuONg/dOOdAJOBVPN8aRye4gH8QWIyHqUntQcXJlqAH2KN8I6c5qeoQbDiZoAB
9k6blesjGc6netNy+ArfY/qOfV+OPWzfjZOGQborvAklxQXBp1vJnGTBs7ldbn8F
uOUHYTE6BwCaMJj28djm42Zv4h1gtdt8YJuxgYZGlOAnmJGPx7y10o0+o0FdAgMB
AAGjggIhMIICHTAdBgNVHQ4EFgQU+Cyxj4kZ3sSEOu4TtKzWhnUe6FEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNwYIKwYBBQUHAQcBAf8EKDAmMCQEAgABMB4DBABgPvcD
BACW8cYDBACbddgDBACnlMQDBACo3jAwDQYJKoZIhvcNAQELBQADggEBAIWJFDGj
DvQAoiFOG7B4e5So9CXh/HY8yj/6OgQl8JMs4zxbnwGMWubyOu0AE3GZY2wBMD/S
wiDLzr5acGt0TOS2Ke1BKCZoRd5vy3bwoJ0Oz3jSrG8xiYUMZkDoY2wNOOOVs5pV
odh5g9KeswWTGRoj0UsD0HyhqoV+3raO+R+gGW5N8aN+WPCyLA+2k/Pw84oNfUMu
fiui3BvmcLKqvn+wjk9UzI1yEjgMeOkIRLYeZ18y/dG1poCzu0tNRQT/kT+Pd1nH
v3JVjQ6Gw/N9jSv3LGXP46elfvQzoZbV9VtPOGfWqWKO1kvcgS1+/azZDtcBpRnO
CAuKfOZI2xtpMV4=
-----END CERTIFICATE-----
Generated at Sat Mar 28 08:41:43 2026 by rpki-client