Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: kOd9RQwntGX5F4xR/6x4BbV66U66XN6mrDzCYcmx+6A=
Subject key identifier: 1D:D1:55:FB:DA:07:67:B3:81:13:BB:04:7A:D2:03:13:AB:C3:5B:14
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 3CE05C65ED0CBE3AD7EB422C4B3BA910F679DC86
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
Signing time: Mon 13 Oct 2025 02:53:54 +0000
ROA not before: Mon 13 Oct 2025 02:48:54 +0000
ROA not after: Mon 12 Oct 2026 02:53:54 +0000
asID: 21859
IP address blocks: 96.62.218.0/24 maxlen: 24
96.62.255.0/24 maxlen: 24
140.233.187.0/24 maxlen: 24
143.14.142.0/24 maxlen: 24
147.79.1.0/24 maxlen: 24
148.135.196.0/23 maxlen: 23
148.135.204.0/23 maxlen: 23
155.117.112.0/24 maxlen: 24
155.117.245.0/24 maxlen: 24
162.141.71.0/24 maxlen: 24
162.141.83.0/24 maxlen: 24
167.148.125.0/24 maxlen: 24
167.148.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:e0:5c:65:ed:0c:be:3a:d7:eb:42:2c:4b:3b:a9:10:f6:79:dc:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Oct 13 02:48:54 2025 GMT
Not After : Oct 12 02:53:54 2026 GMT
Subject: CN=1DD155FBDA0767B38113BB047AD20313ABC35B14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:da:81:58:67:89:67:a7:3b:83:c9:23:5e:6a:
03:37:7d:9b:2f:66:7c:6b:1e:b3:70:71:3e:f5:8e:
55:1a:48:7a:7f:11:51:cd:9a:7f:08:f6:87:4f:12:
c8:fe:ef:8d:e6:ca:8f:ff:0b:1f:d6:e0:29:4c:47:
5c:04:eb:ba:fa:c2:45:17:f3:13:1d:ea:3e:be:84:
12:f8:e6:0f:d4:64:95:ea:27:93:78:1f:cc:6e:b0:
92:dd:94:0d:96:59:86:3a:63:9a:30:a6:ef:af:7a:
b8:97:13:3b:d2:25:56:e6:77:fb:64:8c:c2:bc:9a:
2e:25:e8:62:37:56:8c:b4:2d:f7:35:70:e8:a6:36:
9a:14:86:a0:9e:bb:8f:e7:8f:9d:c0:22:ff:c2:a7:
ef:38:ae:4f:6e:69:21:e9:92:20:af:ce:4a:8f:c7:
a2:8c:ad:19:eb:77:c0:af:ac:60:93:f1:88:51:00:
27:4e:7d:ee:89:5e:9d:8b:33:14:5a:ac:66:36:1f:
63:d5:a1:a9:c7:2e:e1:5d:59:cc:33:70:f6:ea:2c:
f3:c3:f5:0f:63:bf:cb:c1:c2:27:b0:fb:02:15:a7:
6c:a4:86:2d:af:4d:95:55:4c:ed:38:0b:d0:ad:a8:
ef:02:e8:fd:b6:60:64:66:79:68:f4:02:14:ca:c8:
39:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:D1:55:FB:DA:07:67:B3:81:13:BB:04:7A:D2:03:13:AB:C3:5B:14
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.218.0/24
96.62.255.0/24
140.233.187.0/24
143.14.142.0/24
147.79.1.0/24
148.135.196.0/23
148.135.204.0/23
155.117.112.0/24
155.117.245.0/24
162.141.71.0/24
162.141.83.0/24
167.148.125.0/24
167.148.223.0/24
Signature Algorithm: sha256WithRSAEncryption
17:2b:a5:e6:27:61:6e:7c:4a:fe:8f:29:5a:2c:f1:03:ca:52:
1c:7d:e2:19:5b:d2:30:0b:76:90:f6:f1:66:ee:e9:44:c1:cd:
92:29:55:38:7e:a6:fb:4f:30:01:e6:3a:d1:46:26:10:ea:31:
dd:bc:4c:79:bd:27:70:ef:eb:c5:58:6f:fb:69:90:6e:c1:7b:
65:ac:45:21:dd:a8:a6:c7:17:f7:fa:b0:81:7a:8f:91:3e:34:
13:ee:6c:aa:78:fd:94:6c:9d:17:ee:ea:6d:7d:2c:97:de:a1:
61:27:9a:d3:eb:51:dc:62:ef:ae:f3:db:9b:39:ee:fc:f3:a4:
4f:08:8c:56:0a:b2:dc:88:7c:db:9e:50:6c:69:18:bc:e7:a1:
3d:18:ad:bd:eb:33:ba:c6:34:b9:5b:c0:a4:e3:37:20:bb:2b:
fd:78:51:fb:9a:74:3e:94:27:ff:91:d6:f9:e5:e7:9c:d4:79:
26:6c:40:75:4d:29:46:48:6b:75:cd:8d:d9:52:93:89:c2:d3:
f7:ce:9c:ba:c6:4a:09:c4:23:99:f0:25:0d:b2:aa:58:da:49:
94:4c:6c:3a:c4:79:f4:3e:61:a0:8b:c7:f4:5e:cc:7a:49:d5:
d0:9a:63:c1:4d:e2:a9:cd:3f:df:7b:71:8e:0c:c8:17:e0:b3:
be:14:d9:3d
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgIUPOBcZe0MvjrX60IsSzupEPZ53IYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMTMwMjQ4NTRaFw0yNjEwMTIwMjUzNTRaMDMxMTAvBgNV
BAMTKDFERDE1NUZCREEwNzY3QjM4MTEzQkIwNDdBRDIwMzEzQUJDMzVCMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt2oFYZ4lnpzuDySNeagM3fZsv
ZnxrHrNwcT71jlUaSHp/EVHNmn8I9odPEsj+743myo//Cx/W4ClMR1wE67r6wkUX
8xMd6j6+hBL45g/UZJXqJ5N4H8xusJLdlA2WWYY6Y5owpu+veriXEzvSJVbmd/tk
jMK8mi4l6GI3Voy0Lfc1cOimNpoUhqCeu4/nj53AIv/Cp+84rk9uaSHpkiCvzkqP
x6KMrRnrd8CvrGCT8YhRACdOfe6JXp2LMxRarGY2H2PVoanHLuFdWcwzcPbqLPPD
9Q9jv8vBwiew+wIVp2ykhi2vTZVVTO04C9CtqO8C6P22YGRmeWj0AhTKyDkZAgMB
AAGjggJRMIICTTAdBgNVHQ4EFgQUHdFV+9oHZ7OBE7sEetIDE6vDWxQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwZwYIKwYBBQUHAQcBAf8EWDBWMFQEAgABME4DBABgPtoD
BABgPv8DBACM6bsDBACPDo4DBACTTwEDBAGUh8QDBAGUh8wDBACbdXADBACbdfUD
BACijUcDBACijVMDBACnlH0DBACnlN8wDQYJKoZIhvcNAQELBQADggEBABcrpeYn
YW58Sv6PKVos8QPKUhx94hlb0jALdpD28Wbu6UTBzZIpVTh+pvtPMAHmOtFGJhDq
Md28THm9J3Dv68VYb/tpkG7Be2WsRSHdqKbHF/f6sIF6j5E+NBPubKp4/ZRsnRfu
6m19LJfeoWEnmtPrUdxi767z25s57vzzpE8IjFYKstyIfNueUGxpGLznoT0Yrb3r
M7rGNLlbwKTjNyC7K/14UfuadD6UJ/+R1vnl55zUeSZsQHVNKUZIa3XNjdlSk4nC
0/fOnLrGSgnEI5nwJQ2yqljaSZRMbDrEefQ+YaCLx/RezHpJ1dCaY8FN4qnNP997
cY4MyBfgs74U2T0=
-----END CERTIFICATE-----
Generated at Sun Oct 19 23:12:44 2025 by rpki-client