Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: d78dU98LGawld5oLdJMc96a0WEpAMqzvCMy/LC33AMg=
Subject key identifier: A4:22:5F:4F:98:04:62:41:CC:74:F5:42:31:82:F6:A4:CF:60:C7:3B
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 2D7F67965EBE5AF3517EB8351861C37917F7D868
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
Signing time: Thu 21 Aug 2025 10:37:39 +0000
ROA not before: Thu 21 Aug 2025 10:32:39 +0000
ROA not after: Thu 20 Aug 2026 10:37:39 +0000
asID: 21859
IP address blocks: 96.62.218.0/24 maxlen: 24
96.62.255.0/24 maxlen: 24
140.150.235.0/24 maxlen: 24
140.233.177.0/24 maxlen: 24
140.233.187.0/24 maxlen: 24
143.14.142.0/24 maxlen: 24
146.103.30.0/24 maxlen: 24
148.135.196.0/23 maxlen: 23
148.135.204.0/23 maxlen: 23
155.117.99.0/24 maxlen: 24
155.117.163.0/24 maxlen: 24
155.117.197.0/24 maxlen: 24
155.117.240.0/24 maxlen: 24
167.148.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:7f:67:96:5e:be:5a:f3:51:7e:b8:35:18:61:c3:79:17:f7:d8:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Aug 21 10:32:39 2025 GMT
Not After : Aug 20 10:37:39 2026 GMT
Subject: CN=A4225F4F98046241CC74F5423182F6A4CF60C73B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:a2:da:eb:87:d1:24:2c:eb:37:5f:a6:95:ab:
09:00:62:a8:7d:5c:16:e4:9e:64:b3:44:b2:5a:1a:
30:44:26:f8:7e:98:27:61:b5:7e:c0:69:d4:28:cc:
3b:6b:a5:00:b0:19:0f:dd:ef:a3:74:03:af:16:12:
8e:af:fe:e2:9c:2f:63:e6:5c:ed:61:9e:a3:5a:1f:
5e:22:f6:0f:9f:4c:d9:65:a6:85:65:ca:10:b3:7e:
41:43:24:c8:cd:2e:4a:c3:51:25:3c:6f:29:60:76:
26:76:db:c1:fb:04:7a:34:0f:bc:3b:65:0e:ea:ef:
4b:ff:e8:71:9b:38:2c:de:59:be:af:c7:a9:29:ff:
77:b2:a9:0b:4e:8a:42:2a:a5:01:62:b9:75:0d:74:
7f:d6:f2:82:57:3c:2f:05:0a:23:c1:17:a8:5c:9f:
bf:2f:9c:3d:92:73:95:ab:d1:cf:82:bc:51:54:84:
f1:9f:b7:76:99:53:70:84:79:32:c7:6c:2d:f1:b4:
e3:d0:a9:4d:2d:c0:b9:a2:29:e7:eb:81:a3:fc:08:
74:49:d1:2d:47:99:e3:60:d5:89:ce:2b:f3:e5:63:
85:4d:f7:11:50:59:08:a2:45:16:ee:b9:0b:35:54:
c4:17:52:f9:14:d3:bc:a2:1b:e4:e1:3b:4b:90:f8:
bb:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:22:5F:4F:98:04:62:41:CC:74:F5:42:31:82:F6:A4:CF:60:C7:3B
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.218.0/24
96.62.255.0/24
140.150.235.0/24
140.233.177.0/24
140.233.187.0/24
143.14.142.0/24
146.103.30.0/24
148.135.196.0/23
148.135.204.0/23
155.117.99.0/24
155.117.163.0/24
155.117.197.0/24
155.117.240.0/24
167.148.223.0/24
Signature Algorithm: sha256WithRSAEncryption
a2:7a:57:2e:cc:c0:00:77:0d:0f:aa:a7:d6:dc:9b:a8:96:08:
b9:42:63:97:86:ad:ab:5f:19:af:27:2e:82:5d:6f:e1:6d:0a:
4e:59:31:6f:cc:af:eb:05:bc:47:20:95:3f:fd:5c:af:af:27:
f6:cc:44:12:27:19:33:75:e5:67:90:88:50:c8:15:92:74:ba:
de:70:fd:1e:b5:d4:b2:26:f8:3a:73:0c:ca:e6:69:3a:bf:d1:
03:c4:69:35:b4:f4:a2:24:69:7d:fc:ea:9e:1f:de:9f:aa:bf:
2d:68:b8:ff:74:a8:40:99:01:0b:5b:6a:b8:68:3b:09:38:c9:
10:4e:1b:93:35:53:5f:c7:a3:04:cd:15:b7:7d:14:f0:ed:1e:
52:aa:de:a6:d9:c4:24:35:fd:8c:b0:b7:35:c2:70:4e:15:1f:
b2:71:28:a0:8e:e5:87:96:4d:a6:b7:63:75:89:77:47:3e:9c:
c1:ce:24:ed:43:a7:e5:28:6c:af:bd:67:d4:ae:0b:eb:af:7b:
2e:f8:60:36:f1:76:d9:84:cc:bd:67:e8:da:9d:ec:1d:7c:69:
db:08:0e:40:d4:ac:4f:91:e2:14:09:64:02:70:35:5c:8f:cf:
cb:3d:a2:7a:d4:d3:3a:a8:3b:b2:b8:ef:52:db:27:54:e7:1e:
8a:7d:f9:94
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgIULX9nll6+WvNRfrg1GGHDeRf32GgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MjExMDMyMzlaFw0yNjA4MjAxMDM3MzlaMDMxMTAvBgNV
BAMTKEE0MjI1RjRGOTgwNDYyNDFDQzc0RjU0MjMxODJGNkE0Q0Y2MEM3M0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjotrrh9EkLOs3X6aVqwkAYqh9
XBbknmSzRLJaGjBEJvh+mCdhtX7AadQozDtrpQCwGQ/d76N0A68WEo6v/uKcL2Pm
XO1hnqNaH14i9g+fTNllpoVlyhCzfkFDJMjNLkrDUSU8bylgdiZ228H7BHo0D7w7
ZQ7q70v/6HGbOCzeWb6vx6kp/3eyqQtOikIqpQFiuXUNdH/W8oJXPC8FCiPBF6hc
n78vnD2Sc5Wr0c+CvFFUhPGft3aZU3CEeTLHbC3xtOPQqU0twLmiKefrgaP8CHRJ
0S1HmeNg1YnOK/PlY4VN9xFQWQiiRRbuuQs1VMQXUvkU07yiG+ThO0uQ+LvRAgMB
AAGjggJXMIICUzAdBgNVHQ4EFgQUpCJfT5gEYkHMdPVCMYL2pM9gxzswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwbQYIKwYBBQUHAQcBAf8EXjBcMFoEAgABMFQDBABgPtoD
BABgPv8DBACMlusDBACM6bEDBACM6bsDBACPDo4DBACSZx4DBAGUh8QDBAGUh8wD
BACbdWMDBACbdaMDBACbdcUDBACbdfADBACnlN8wDQYJKoZIhvcNAQELBQADggEB
AKJ6Vy7MwAB3DQ+qp9bcm6iWCLlCY5eGratfGa8nLoJdb+FtCk5ZMW/Mr+sFvEcg
lT/9XK+vJ/bMRBInGTN15WeQiFDIFZJ0ut5w/R611LIm+DpzDMrmaTq/0QPEaTW0
9KIkaX386p4f3p+qvy1ouP90qECZAQtbarhoOwk4yRBOG5M1U1/HowTNFbd9FPDt
HlKq3qbZxCQ1/YywtzXCcE4VH7JxKKCO5YeWTaa3Y3WJd0c+nMHOJO1Dp+UobK+9
Z9SuC+uvey74YDbxdtmEzL1n6Nqd7B18adsIDkDUrE+R4hQJZAJwNVyPz8s9onrU
0zqoO7K471LbJ1TnHop9+ZQ=
-----END CERTIFICATE-----
Generated at Sat Aug 23 14:41:57 2025 by rpki-client