Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
File: AS21840.roa (raw, json)
Hash identifier: Fxz+fLn23BUe5pAx3vhaNeBg9Z97UFwlWUM/7Tkk+1w=
Subject key identifier: 85:FB:C7:0C:E2:8F:6D:06:5E:DA:7A:27:87:94:CA:80:A6:0B:E1:C0
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 40D1BB331F4A7CF197C32B2D307C993EB66A3314
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
Signing time: Thu 14 Aug 2025 00:01:06 +0000
ROA not before: Wed 13 Aug 2025 23:56:06 +0000
ROA not after: Thu 13 Aug 2026 00:01:06 +0000
asID: 21840
IP address blocks: 96.62.247.0/24 maxlen: 24
148.135.173.0/24 maxlen: 24
150.241.198.0/24 maxlen: 24
155.117.51.0/24 maxlen: 24
167.148.196.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:d1:bb:33:1f:4a:7c:f1:97:c3:2b:2d:30:7c:99:3e:b6:6a:33:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Aug 13 23:56:06 2025 GMT
Not After : Aug 13 00:01:06 2026 GMT
Subject: CN=85FBC70CE28F6D065EDA7A278794CA80A60BE1C0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:cc:eb:a5:09:39:67:c7:a1:51:2a:00:32:1c:
9c:dc:77:fb:33:0b:6e:40:99:d5:63:3d:3e:89:4d:
d2:e3:3b:3e:18:d5:5a:5f:e0:96:44:48:f6:05:65:
ba:26:7b:31:18:93:92:83:8f:4d:b5:2e:66:57:0b:
b0:82:18:b7:59:6e:e9:85:9f:61:83:a7:90:85:eb:
f3:3a:b1:1e:70:37:fc:6a:10:9b:bc:df:51:ed:ba:
5a:91:a2:22:57:88:25:84:0d:0a:8c:5e:a6:8b:e8:
f4:34:de:0f:8f:70:46:b4:5a:96:55:10:e4:e6:17:
e6:16:f7:68:cb:e7:92:74:a1:bb:f2:67:51:7f:65:
51:d3:5e:d1:de:67:63:37:95:2c:62:35:0a:0c:79:
e5:c9:d6:e2:62:0a:a9:06:47:2f:f5:e1:62:6c:be:
eb:81:81:5c:9d:12:09:84:6a:37:ee:06:54:13:39:
48:75:fe:2c:e1:37:6e:00:5b:9f:1d:72:d2:bd:ba:
fd:73:92:7a:ce:40:ab:5a:63:5f:15:54:c4:9b:31:
86:d8:75:8c:b2:9f:62:5a:bf:d8:8e:16:c0:d5:5e:
b6:0c:ef:c1:28:84:e7:79:d3:92:6f:56:16:56:3f:
f1:cc:7d:d5:af:ac:d1:02:79:a8:a7:6c:b4:cd:80:
30:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:FB:C7:0C:E2:8F:6D:06:5E:DA:7A:27:87:94:CA:80:A6:0B:E1:C0
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.247.0/24
148.135.173.0/24
150.241.198.0/24
155.117.51.0/24
167.148.196.0/24
Signature Algorithm: sha256WithRSAEncryption
09:79:c8:5e:27:9e:ef:2b:eb:27:86:05:ca:fa:bf:6f:c8:58:
67:79:cc:40:fc:dc:01:90:ac:12:c1:04:99:90:97:97:97:3a:
b2:51:56:68:41:91:ff:0e:90:24:1d:e3:92:4d:03:17:38:8f:
ad:a4:10:26:49:8d:3d:21:fe:5e:a5:fe:4b:c2:0a:a1:ed:b3:
31:6f:19:72:d8:d1:30:f6:3b:87:a1:b1:a4:6e:ac:5a:1e:1f:
ed:0b:4f:de:b4:67:34:cf:bb:34:91:cc:e1:68:24:b5:9a:f4:
e4:96:ea:9a:4e:fa:25:bd:d8:2b:0a:03:36:35:f0:21:da:ee:
f1:de:8f:7f:0d:22:17:6c:e3:4f:56:c9:9a:ce:ae:4f:c8:00:
53:a9:f8:97:16:f9:79:01:51:18:28:89:8b:9b:d5:c0:2d:b5:
f9:6d:9d:93:ee:0e:48:63:77:d2:ff:b5:cd:ab:7b:f0:1e:57:
6f:3a:35:67:bf:66:d9:d5:67:b4:dd:64:35:c4:ed:6c:e0:a2:
10:ff:e9:0f:38:6f:9d:4b:c9:dc:76:1a:d7:42:a7:24:7f:ef:
17:19:85:e0:4e:fe:2f:b3:62:c7:eb:db:00:1e:20:57:ea:ae:
e5:68:bb:20:5c:b5:ef:42:06:fc:ea:11:e4:6b:22:a9:00:2b:
eb:b5:c5:1f
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIUQNG7Mx9KfPGXwystMHyZPrZqMxQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MTMyMzU2MDZaFw0yNjA4MTMwMDAxMDZaMDMxMTAvBgNV
BAMTKDg1RkJDNzBDRTI4RjZEMDY1RURBN0EyNzg3OTRDQTgwQTYwQkUxQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYzOulCTlnx6FRKgAyHJzcd/sz
C25AmdVjPT6JTdLjOz4Y1Vpf4JZESPYFZbomezEYk5KDj021LmZXC7CCGLdZbumF
n2GDp5CF6/M6sR5wN/xqEJu831HtulqRoiJXiCWEDQqMXqaL6PQ03g+PcEa0WpZV
EOTmF+YW92jL55J0obvyZ1F/ZVHTXtHeZ2M3lSxiNQoMeeXJ1uJiCqkGRy/14WJs
vuuBgVydEgmEajfuBlQTOUh1/izhN24AW58dctK9uv1zknrOQKtaY18VVMSbMYbY
dYyyn2Jav9iOFsDVXrYM78EohOd505JvVhZWP/HMfdWvrNECeainbLTNgDBfAgMB
AAGjggIhMIICHTAdBgNVHQ4EFgQUhfvHDOKPbQZe2nonh5TKgKYL4cAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNwYIKwYBBQUHAQcBAf8EKDAmMCQEAgABMB4DBABgPvcD
BACUh60DBACW8cYDBACbdTMDBACnlMQwDQYJKoZIhvcNAQELBQADggEBAAl5yF4n
nu8r6yeGBcr6v2/IWGd5zED83AGQrBLBBJmQl5eXOrJRVmhBkf8OkCQd45JNAxc4
j62kECZJjT0h/l6l/kvCCqHtszFvGXLY0TD2O4ehsaRurFoeH+0LT960ZzTPuzSR
zOFoJLWa9OSW6ppO+iW92CsKAzY18CHa7vHej38NIhds409WyZrOrk/IAFOp+JcW
+XkBURgoiYub1cAttfltnZPuDkhjd9L/tc2re/AeV286NWe/ZtnVZ7TdZDXE7Wzg
ohD/6Q84b51Lydx2GtdCpyR/7xcZheBO/i+zYsfr2wAeIFfqruVouyBcte9CBvzq
EeRrIqkAK+u1xR8=
-----END CERTIFICATE-----
Generated at Sat Aug 23 14:41:45 2025 by rpki-client