Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: vQhxaCZRz+kfU0BgX3cMtGaBPqMQ2aHZaFS5id6W1pY=
Subject key identifier: BD:7C:89:12:46:D7:3A:2A:0A:BB:A1:60:F2:0A:94:19:18:CF:76:B2
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 07BAB03E134E10E8D0570D57DC73DC52E1D1F32A
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
Signing time: Mon 23 Jun 2025 09:47:51 +0000
ROA not before: Mon 23 Jun 2025 09:42:51 +0000
ROA not after: Mon 22 Jun 2026 09:47:51 +0000
asID: 21859
IP address blocks: 140.233.177.0/24 maxlen: 24
148.135.196.0/23 maxlen: 23
148.135.204.0/23 maxlen: 23
150.241.229.0/24 maxlen: 24
155.117.103.0/24 maxlen: 24
155.117.163.0/24 maxlen: 24
155.117.240.0/24 maxlen: 24
162.141.96.0/24 maxlen: 24
167.148.198.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 15:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:ba:b0:3e:13:4e:10:e8:d0:57:0d:57:dc:73:dc:52:e1:d1:f3:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Jun 23 09:42:51 2025 GMT
Not After : Jun 22 09:47:51 2026 GMT
Subject: CN=BD7C891246D73A2A0ABBA160F20A941918CF76B2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:ce:cb:d2:99:43:d7:f6:fd:7a:81:a6:3c:65:
6c:b3:a4:57:33:b4:23:46:c0:c4:9b:e8:9b:62:0d:
dc:50:96:96:e0:0b:b8:40:bd:b5:91:b8:2a:2d:ae:
cc:2b:1a:82:8d:47:ad:f9:c1:c8:04:8a:a9:20:52:
ca:77:28:91:7a:5d:c7:70:ad:8e:34:ee:ff:68:0e:
8a:26:bf:c2:a1:21:6e:b8:e1:1b:ee:25:34:86:40:
4f:e5:65:48:fa:6d:6a:0f:f7:71:82:71:48:3f:21:
0d:7b:9a:c2:02:26:ca:ef:f1:f0:f6:ab:4f:af:c7:
d9:da:07:9b:c0:e4:37:d4:c5:8b:87:0d:f4:29:31:
8d:48:32:10:15:0e:ad:a7:9a:1e:34:dd:ae:61:f3:
7b:96:58:42:35:f2:97:9b:c4:a5:7c:50:7d:91:59:
57:ae:7e:b7:58:20:00:dd:1e:db:5d:92:0e:bc:a6:
11:91:ac:b3:ff:ae:5c:17:1d:a1:56:e5:48:e0:3d:
84:16:9b:30:14:a7:fc:42:58:7a:bf:68:d1:5e:7e:
a3:ca:2f:85:bd:15:a6:ee:5f:68:bb:91:65:3b:0b:
29:75:ff:bc:15:ec:61:66:46:e6:2f:6b:5f:2b:d8:
fc:5d:cc:ff:ce:3d:1f:f1:07:42:21:13:28:71:f8:
65:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:7C:89:12:46:D7:3A:2A:0A:BB:A1:60:F2:0A:94:19:18:CF:76:B2
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
140.233.177.0/24
148.135.196.0/23
148.135.204.0/23
150.241.229.0/24
155.117.103.0/24
155.117.163.0/24
155.117.240.0/24
162.141.96.0/24
167.148.198.0/24
Signature Algorithm: sha256WithRSAEncryption
92:c8:c4:84:9a:c2:f4:ef:fa:6c:00:61:90:19:dd:2d:ff:e0:
51:cc:e4:e7:18:22:e6:15:52:88:b3:c1:7c:16:df:b7:81:6f:
36:89:7b:d8:a1:66:55:87:68:9a:52:ea:45:e8:1c:50:09:89:
4d:12:9a:d6:f9:cf:83:75:96:fc:9f:78:3b:80:35:4f:99:f9:
a1:91:2f:8f:6d:73:6b:b5:f6:5f:9a:3a:7b:12:9a:a6:15:8a:
aa:9d:bf:49:2b:3e:63:e5:e0:9b:d8:60:59:b5:2d:62:a7:45:
d8:42:78:95:35:3c:9e:3c:d8:fa:e0:7d:4d:95:c6:a7:42:28:
c0:a5:57:fe:07:67:ec:46:be:31:7b:61:5e:41:fb:70:7a:ad:
b3:d1:ac:34:78:eb:57:1f:9a:37:8f:84:4c:f9:8d:9e:b3:6e:
1b:c0:2e:3f:f1:91:fa:ee:bf:28:ec:e6:5f:d5:1a:e6:bd:b0:
fe:13:2a:b8:27:c2:e4:49:41:81:84:b2:2d:8d:0b:9d:a0:bc:
54:45:40:d7:0c:d3:86:bd:77:9a:76:cd:31:51:f9:62:4a:89:
96:10:e7:34:78:33:83:67:c2:bb:ec:cb:2e:94:a5:d6:60:a6:
f5:5d:a1:67:a1:61:05:3c:21:0a:33:6a:83:4f:10:9b:64:2e:
28:73:bc:1d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUB7qwPhNOEOjQVw1X3HPcUuHR8yowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MjMwOTQyNTFaFw0yNjA2MjIwOTQ3NTFaMDMxMTAvBgNV
BAMTKEJEN0M4OTEyNDZENzNBMkEwQUJCQTE2MEYyMEE5NDE5MThDRjc2QjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSzsvSmUPX9v16gaY8ZWyzpFcz
tCNGwMSb6JtiDdxQlpbgC7hAvbWRuCotrswrGoKNR635wcgEiqkgUsp3KJF6Xcdw
rY407v9oDoomv8KhIW644RvuJTSGQE/lZUj6bWoP93GCcUg/IQ17msICJsrv8fD2
q0+vx9naB5vA5DfUxYuHDfQpMY1IMhAVDq2nmh403a5h83uWWEI18pebxKV8UH2R
WVeufrdYIADdHttdkg68phGRrLP/rlwXHaFW5UjgPYQWmzAUp/xCWHq/aNFefqPK
L4W9FabuX2i7kWU7Cyl1/7wV7GFmRuYva18r2PxdzP/OPR/xB0IhEyhx+GXZAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUvXyJEkbXOioKu6Fg8gqUGRjPdrIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwTwYIKwYBBQUHAQcBAf8EQDA+MDwEAgABMDYDBACM6bED
BAGUh8QDBAGUh8wDBACW8eUDBACbdWcDBACbdaMDBACbdfADBACijWADBACnlMYw
DQYJKoZIhvcNAQELBQADggEBAJLIxISawvTv+mwAYZAZ3S3/4FHM5OcYIuYVUoiz
wXwW37eBbzaJe9ihZlWHaJpS6kXoHFAJiU0Smtb5z4N1lvyfeDuANU+Z+aGRL49t
c2u19l+aOnsSmqYViqqdv0krPmPl4JvYYFm1LWKnRdhCeJU1PJ482PrgfU2VxqdC
KMClV/4HZ+xGvjF7YV5B+3B6rbPRrDR461cfmjePhEz5jZ6zbhvALj/xkfruvyjs
5l/VGua9sP4TKrgnwuRJQYGEsi2NC52gvFRFQNcM04a9d5p2zTFR+WJKiZYQ5zR4
M4Nnwrvsyy6UpdZgpvVdoWehYQU8IQozaoNPEJtkLihzvB0=
-----END CERTIFICATE-----
Generated at Sun Jun 29 00:41:43 2025 by rpki-client