Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: 1KrZqjpkLGVHoMrXh9JlI7KZV7xdlakC3N8vAvgQVOw=
Subject key identifier: 10:29:82:88:B8:55:EB:83:05:64:49:08:56:9A:84:55:4C:0A:6F:71
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 1A24D97E251B8466AA3679A359252B63CA809E53
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS21859.roa
Signing time: Mon 02 Mar 2026 11:02:27 +0000
ROA not before: Mon 02 Mar 2026 10:57:27 +0000
ROA not after: Mon 01 Mar 2027 11:02:27 +0000
asID: 21859
IP address blocks: 5.252.82.0/24 maxlen: 24
45.133.176.0/24 maxlen: 24
181.214.100.0/24 maxlen: 24
181.215.205.0/24 maxlen: 24
191.101.148.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:17:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:24:d9:7e:25:1b:84:66:aa:36:79:a3:59:25:2b:63:ca:80:9e:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: Mar 2 10:57:27 2026 GMT
Not After : Mar 1 11:02:27 2027 GMT
Subject: CN=10298288B855EB8305644908569A84554C0A6F71
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:88:38:b8:59:03:68:3c:d8:85:e3:7d:e1:4e:
94:90:7c:32:5f:61:b6:08:b1:a0:28:35:c3:c0:d8:
08:1f:65:d3:aa:c7:5d:a0:71:6d:ed:44:01:bb:fc:
03:04:6b:1b:72:b5:16:21:7d:27:29:74:c7:6c:6b:
3c:4e:b3:0a:a3:5a:8f:ca:c8:d3:93:43:21:14:d8:
ac:b5:8f:8f:ad:8f:24:d0:25:b0:be:de:83:45:d3:
15:97:bb:36:19:2b:57:7a:dc:9b:a4:ae:83:c0:1e:
75:c9:0b:10:f2:d2:52:fa:32:c4:02:69:2f:ce:53:
09:e5:2d:38:2e:a1:a3:1c:36:2a:78:12:21:76:9d:
48:d8:65:55:0f:c3:5a:82:25:d8:a9:a3:c4:48:d1:
ce:20:8c:8d:0b:c9:94:7f:31:da:a2:82:87:14:30:
ac:61:b9:de:34:98:aa:59:4c:d4:67:ad:14:1a:c2:
45:36:ee:5e:26:5c:9c:a8:a7:f7:3e:a9:93:75:d1:
c5:45:1c:ca:b9:98:2d:17:c7:e4:27:a6:51:1f:a5:
b1:1d:7f:dd:5e:f3:4e:f5:c3:fa:f9:6a:31:8e:b7:
d0:a6:7d:a7:62:17:ef:b2:a7:38:d0:de:bb:72:ff:
d0:0b:66:c0:6a:32:a7:cd:80:02:16:22:45:b2:d3:
44:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:29:82:88:B8:55:EB:83:05:64:49:08:56:9A:84:55:4C:0A:6F:71
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.82.0/24
45.133.176.0/24
181.214.100.0/24
181.215.205.0/24
191.101.148.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:f6:49:1e:ad:c3:1a:b0:ff:dc:61:c5:df:4c:f3:b0:a0:31:
18:0b:00:8a:59:64:9b:2c:6d:d5:46:90:40:d2:ff:8a:ee:05:
71:93:50:c7:24:9b:7a:63:b5:fa:5b:46:2d:31:95:5d:ed:a1:
1a:88:0e:bf:9e:67:5c:32:b8:5f:37:16:69:09:04:2e:64:9b:
a9:e8:3e:b0:0b:2e:4e:a4:53:e9:ad:f3:e0:ec:d3:94:b5:d0:
d4:f6:ca:67:8d:f3:16:d9:b5:e9:bb:ec:3f:4a:2c:b5:91:9d:
b4:70:49:e8:3a:b3:a9:59:e2:78:d1:25:9d:df:9c:af:95:2c:
23:20:bf:a3:94:dd:f7:d6:89:73:de:a8:eb:ab:04:4d:58:e5:
c6:8e:1d:a5:c0:77:8b:37:67:9e:ec:84:e4:f3:e3:3a:d0:92:
b2:ae:7e:89:b9:12:08:5f:0c:7c:c3:0b:6e:67:52:42:3e:9a:
26:0a:30:5f:a4:44:8d:90:69:0c:9f:79:02:5b:a2:ed:46:16:
10:7c:09:c6:f5:92:f6:a3:00:7b:58:43:d4:9a:8a:9c:6a:b6:
a5:e3:fc:39:16:9c:49:52:00:f2:9b:6d:57:c9:e3:e4:db:37:
92:24:06:ed:d3:58:92:e7:41:37:d6:de:b2:ab:78:28:39:b2:
47:bb:9a:5f
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIUGiTZfiUbhGaqNnmjWSUrY8qAnlMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMDIxMDU3MjdaFw0yNzAzMDExMTAyMjdaMDMxMTAvBgNV
BAMTKDEwMjk4Mjg4Qjg1NUVCODMwNTY0NDkwODU2OUE4NDU1NEMwQTZGNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoiDi4WQNoPNiF433hTpSQfDJf
YbYIsaAoNcPA2AgfZdOqx12gcW3tRAG7/AMEaxtytRYhfScpdMdsazxOswqjWo/K
yNOTQyEU2Ky1j4+tjyTQJbC+3oNF0xWXuzYZK1d63JukroPAHnXJCxDy0lL6MsQC
aS/OUwnlLTguoaMcNip4EiF2nUjYZVUPw1qCJdipo8RI0c4gjI0LyZR/MdqigocU
MKxhud40mKpZTNRnrRQawkU27l4mXJyop/c+qZN10cVFHMq5mC0Xx+QnplEfpbEd
f91e8071w/r5ajGOt9CmfadiF++ypzjQ3rty/9ALZsBqMqfNgAIWIkWy00QtAgMB
AAGjggIhMIICHTAdBgNVHQ4EFgQUECmCiLhV64MFZEkIVpqEVUwKb3EwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNwYIKwYBBQUHAQcBAf8EKDAmMCQEAgABMB4DBAAF/FID
BAAthbADBAC11mQDBAC1180DBAC/ZZQwDQYJKoZIhvcNAQELBQADggEBAE72SR6t
wxqw/9xhxd9M87CgMRgLAIpZZJssbdVGkEDS/4ruBXGTUMckm3pjtfpbRi0xlV3t
oRqIDr+eZ1wyuF83FmkJBC5km6noPrALLk6kU+mt8+Ds05S10NT2ymeN8xbZtem7
7D9KLLWRnbRwSeg6s6lZ4njRJZ3fnK+VLCMgv6OU3ffWiXPeqOurBE1Y5caOHaXA
d4s3Z57shOTz4zrQkrKufom5EghfDHzDC25nUkI+miYKMF+kRI2QaQyfeQJbou1G
FhB8Ccb1kvajAHtYQ9SaipxqtqXj/DkWnElSAPKbbVfJ4+TbN5IkBu3TWJLnQTfW
3rKreCg5ske7ml8=
-----END CERTIFICATE-----
Generated at Thu Mar 26 02:25:22 2026 by rpki-client