Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: 3r0EWir2XCmzs9izh+UNVFw40MG+Yl9BT8uiTfRBQxY=
Subject key identifier: 26:30:5E:F1:37:F8:1B:F7:4D:4F:19:56:33:84:88:D5:FC:59:F4:57
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 7AB7345A97B6040B412916D0D5ACE1EA7E7A9A91
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
Signing time: Sat 21 Mar 2026 08:07:48 +0000
ROA not before: Sat 21 Mar 2026 08:02:48 +0000
ROA not after: Sat 20 Mar 2027 08:07:48 +0000
asID: 21859
IP address blocks: 96.62.255.0/24 maxlen: 24
143.14.125.0/24 maxlen: 24
148.135.196.0/23 maxlen: 23
148.135.204.0/23 maxlen: 23
155.117.245.0/24 maxlen: 24
162.141.121.0/24 maxlen: 24
167.148.120.0/23 maxlen: 23
167.148.223.0/24 maxlen: 24
168.222.4.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7a:b7:34:5a:97:b6:04:0b:41:29:16:d0:d5:ac:e1:ea:7e:7a:9a:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Mar 21 08:02:48 2026 GMT
Not After : Mar 20 08:07:48 2027 GMT
Subject: CN=26305EF137F81BF74D4F1956338488D5FC59F457
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fb:ea:7a:50:e9:cc:46:71:71:39:a9:5d:19:a6:
66:d5:4c:55:cb:0d:b2:0e:f0:a7:ec:b6:af:5b:02:
85:30:78:58:cc:29:18:3a:df:cb:02:a7:0a:1a:53:
a1:a0:ae:7a:48:4d:27:36:98:f8:f2:11:54:bd:9f:
98:09:37:c0:de:f5:8d:fb:30:49:d7:36:a8:01:3e:
f1:18:24:4d:23:7f:7f:ce:12:a2:04:bd:be:9f:a0:
26:e3:9f:2f:57:25:40:02:2c:3a:86:a6:e8:2b:24:
8d:6f:50:43:e9:94:97:cd:ce:f5:c4:74:7b:25:bc:
f6:b8:e0:0b:c0:30:30:15:a5:f0:81:08:d7:8a:55:
9a:97:9a:e4:a4:bf:ce:65:65:25:3f:47:d5:24:48:
be:86:a7:f8:4d:bf:5d:5e:bf:e9:9f:0a:b4:c3:1d:
1b:c9:8c:fd:b8:ee:a3:06:3f:01:52:96:61:6f:18:
14:44:5e:e7:9b:96:bf:38:15:2f:9f:fb:81:d7:32:
3a:eb:8e:8a:05:06:33:58:45:e9:6d:9e:06:a9:51:
ea:11:26:f6:f4:60:0a:e3:fb:b7:e2:37:5a:77:50:
3f:96:12:04:05:92:6f:6c:32:c5:4a:ef:81:2f:c0:
01:ea:4d:21:37:e9:bb:a7:c5:5f:93:d7:aa:5d:df:
00:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:30:5E:F1:37:F8:1B:F7:4D:4F:19:56:33:84:88:D5:FC:59:F4:57
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.255.0/24
143.14.125.0/24
148.135.196.0/23
148.135.204.0/23
155.117.245.0/24
162.141.121.0/24
167.148.120.0/23
167.148.223.0/24
168.222.4.0/24
Signature Algorithm: sha256WithRSAEncryption
00:81:bb:94:05:19:86:fb:f8:a9:9d:78:6f:a7:3d:e0:d6:1b:
04:de:f5:b1:6a:4c:a8:51:01:6b:14:62:df:8f:01:e1:5d:b6:
11:b0:1e:c4:f0:6d:6f:92:fe:54:8d:71:56:1d:1c:fd:a8:8b:
e3:1b:20:e0:3d:c3:f5:de:54:ca:a3:ec:a3:15:ef:d6:70:86:
ac:2d:bd:0d:10:b3:76:2f:70:2c:10:84:6d:81:cf:68:79:b5:
e4:e6:35:e0:6c:62:e5:9c:6c:ab:54:16:4e:f1:bf:23:de:87:
30:22:5b:8e:d9:d2:4a:c2:17:4d:cc:dc:2e:4f:90:8c:da:b2:
dd:09:34:0f:dd:bd:23:18:e1:c8:9f:12:6b:e7:11:4f:d8:f3:
d6:b9:26:63:fd:59:00:1d:75:91:ef:14:79:5f:ed:d2:2e:f1:
47:28:e1:5a:b5:da:33:81:8c:a3:a4:07:2f:b7:48:e6:68:a3:
31:ec:dd:05:ed:fc:9f:3f:ac:94:a7:a3:f0:05:9f:95:ec:4c:
8f:0d:be:80:2b:6e:75:bd:d6:35:c7:3c:0f:c3:2f:e4:bd:81:
0d:e5:55:e5:a4:a5:38:f0:0f:91:b6:79:e3:1f:5a:96:a7:ac:
4d:1b:7d:c2:6e:40:83:14:5b:09:3c:15:b2:e7:f5:c2:fc:d4:
04:ad:9d:3f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUerc0Wpe2BAtBKRbQ1azh6n56mpEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMjEwODAyNDhaFw0yNzAzMjAwODA3NDhaMDMxMTAvBgNV
BAMTKDI2MzA1RUYxMzdGODFCRjc0RDRGMTk1NjMzODQ4OEQ1RkM1OUY0NTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD76npQ6cxGcXE5qV0ZpmbVTFXL
DbIO8Kfstq9bAoUweFjMKRg638sCpwoaU6GgrnpITSc2mPjyEVS9n5gJN8De9Y37
MEnXNqgBPvEYJE0jf3/OEqIEvb6foCbjny9XJUACLDqGpugrJI1vUEPplJfNzvXE
dHslvPa44AvAMDAVpfCBCNeKVZqXmuSkv85lZSU/R9UkSL6Gp/hNv11ev+mfCrTD
HRvJjP247qMGPwFSlmFvGBREXueblr84FS+f+4HXMjrrjooFBjNYReltngapUeoR
Jvb0YArj+7fiN1p3UD+WEgQFkm9sMsVK74EvwAHqTSE36bunxV+T16pd3wBtAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUJjBe8Tf4G/dNTxlWM4SI1fxZ9FcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwTwYIKwYBBQUHAQcBAf8EQDA+MDwEAgABMDYDBABgPv8D
BACPDn0DBAGUh8QDBAGUh8wDBACbdfUDBACijXkDBAGnlHgDBACnlN8DBACo3gQw
DQYJKoZIhvcNAQELBQADggEBAACBu5QFGYb7+KmdeG+nPeDWGwTe9bFqTKhRAWsU
Yt+PAeFdthGwHsTwbW+S/lSNcVYdHP2oi+MbIOA9w/XeVMqj7KMV79ZwhqwtvQ0Q
s3YvcCwQhG2Bz2h5teTmNeBsYuWcbKtUFk7xvyPehzAiW47Z0krCF03M3C5PkIza
st0JNA/dvSMY4cifEmvnEU/Y89a5JmP9WQAddZHvFHlf7dIu8Uco4Vq12jOBjKOk
By+3SOZoozHs3QXt/J8/rJSno/AFn5XsTI8NvoArbnW91jXHPA/DL+S9gQ3lVeWk
pTjwD5G2eeMfWpanrE0bfcJuQIMUWwk8FbLn9cL81AStnT8=
-----END CERTIFICATE-----
Generated at Thu Mar 26 05:31:17 2026 by rpki-client