Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: GOLr75yYzPvZXyp4LfjQqDWzZMdXqYetr6Fd3Kr6/ZQ=
Subject key identifier: 87:30:A3:E6:1C:72:8D:74:64:B0:B9:0A:27:21:F8:C6:43:19:75:A2
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 255D526C7311B5C23F1B58EF4859BEC32F3906EF
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS21859.roa
Signing time: Fri 26 Sep 2025 02:59:12 +0000
ROA not before: Fri 26 Sep 2025 02:54:12 +0000
ROA not after: Fri 25 Sep 2026 02:59:12 +0000
asID: 21859
IP address blocks: 5.252.82.0/24 maxlen: 24
45.133.176.0/24 maxlen: 24
181.214.100.0/24 maxlen: 24
181.215.205.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:5d:52:6c:73:11:b5:c2:3f:1b:58:ef:48:59:be:c3:2f:39:06:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: Sep 26 02:54:12 2025 GMT
Not After : Sep 25 02:59:12 2026 GMT
Subject: CN=8730A3E61C728D7464B0B90A2721F8C6431975A2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:f9:65:47:a6:64:80:de:5e:b1:cc:71:84:1b:
b2:d4:1e:86:fd:c8:43:62:78:95:7e:8f:c2:24:0b:
56:4b:0d:77:4b:50:55:46:25:3d:a1:97:2c:18:dc:
c2:e4:80:4f:6a:13:46:39:54:f3:a7:d1:4b:7e:e7:
ee:71:5e:00:02:2d:bb:c1:02:cb:67:22:be:ae:a6:
63:ed:e3:12:1a:5c:eb:8d:57:8f:68:3e:3c:a2:f0:
09:4c:19:36:a8:1f:c1:b8:08:03:68:6b:56:10:a3:
4b:4a:1a:a3:4f:ba:f2:5f:b0:f7:f9:92:8d:8b:75:
19:71:5a:f9:0a:77:5e:ae:9b:d8:51:11:8f:fd:e5:
57:68:79:b0:93:20:9a:5c:27:37:cd:fc:6b:2e:6e:
25:4c:08:c1:2c:4b:12:04:72:38:a4:7a:d7:f2:d1:
28:fa:48:29:49:84:88:1a:21:4c:c7:4e:2d:33:11:
02:81:07:c4:6c:c2:02:8a:c5:0f:3b:83:62:81:1e:
b4:bf:da:4c:cd:0e:b6:0f:7c:22:18:db:94:c5:51:
31:70:76:23:75:61:7f:2b:4e:75:94:65:6a:ce:94:
7c:71:0a:1f:e6:82:ea:87:65:dd:62:22:13:17:fe:
89:82:0f:78:00:2f:4f:22:e1:04:59:0d:aa:93:97:
15:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:30:A3:E6:1C:72:8D:74:64:B0:B9:0A:27:21:F8:C6:43:19:75:A2
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.82.0/24
45.133.176.0/24
181.214.100.0/24
181.215.205.0/24
Signature Algorithm: sha256WithRSAEncryption
73:a5:f3:91:3c:3f:9b:08:7e:98:fc:d9:1f:6a:8a:01:67:bb:
55:f4:4e:1e:e7:62:12:a5:2d:1c:c6:ff:2f:4c:5b:db:9b:89:
f6:55:8e:63:8a:19:04:e8:65:63:ad:c2:2f:76:1b:8a:5d:86:
84:c2:8e:4d:d2:76:22:1a:06:bd:cd:15:8a:45:f6:08:3c:b2:
75:a3:05:71:40:3d:b0:e7:ff:36:54:54:7c:d9:f0:29:2c:20:
73:7a:9f:e5:c1:18:c4:af:6d:d9:ec:37:40:39:ff:c5:4d:30:
42:d8:72:da:6c:ae:4c:7d:4f:ff:7a:77:d8:16:fe:8c:a7:e5:
58:f2:ac:0c:07:f2:17:e8:92:9c:e8:f2:52:5f:57:d6:c1:bb:
ab:74:5a:fe:e9:4e:f2:c8:88:f2:cd:52:4a:79:8a:ab:10:0b:
97:ba:01:62:2c:16:8a:d5:c8:81:39:ad:c6:8d:2c:1d:48:fd:
d6:27:b9:ad:0d:63:67:d2:fe:21:58:f7:69:b8:fc:40:20:be:
06:4f:27:f0:ea:72:0e:58:bd:5f:17:62:e9:e7:47:80:07:2d:
a6:81:3e:ae:b0:2a:17:e8:51:91:ea:1d:96:f8:5b:1d:2e:68:
f5:ff:c6:18:9a:de:5e:5c:94:f7:32:55:6d:35:75:af:a6:d3:
7a:d8:4e:7d
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUJV1SbHMRtcI/G1jvSFm+wy85Bu8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MjYwMjU0MTJaFw0yNjA5MjUwMjU5MTJaMDMxMTAvBgNV
BAMTKDg3MzBBM0U2MUM3MjhENzQ2NEIwQjkwQTI3MjFGOEM2NDMxOTc1QTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv+WVHpmSA3l6xzHGEG7LUHob9
yENieJV+j8IkC1ZLDXdLUFVGJT2hlywY3MLkgE9qE0Y5VPOn0Ut+5+5xXgACLbvB
AstnIr6upmPt4xIaXOuNV49oPjyi8AlMGTaoH8G4CANoa1YQo0tKGqNPuvJfsPf5
ko2LdRlxWvkKd16um9hREY/95VdoebCTIJpcJzfN/GsubiVMCMEsSxIEcjiketfy
0Sj6SClJhIgaIUzHTi0zEQKBB8RswgKKxQ87g2KBHrS/2kzNDrYPfCIY25TFUTFw
diN1YX8rTnWUZWrOlHxxCh/mguqHZd1iIhMX/omCD3gAL08i4QRZDaqTlxW5AgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUhzCj5hxyjXRksLkKJyH4xkMZdaIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMQYIKwYBBQUHAQcBAf8EIjAgMB4EAgABMBgDBAAF/FID
BAAthbADBAC11mQDBAC1180wDQYJKoZIhvcNAQELBQADggEBAHOl85E8P5sIfpj8
2R9qigFnu1X0Th7nYhKlLRzG/y9MW9ubifZVjmOKGQToZWOtwi92G4pdhoTCjk3S
diIaBr3NFYpF9gg8snWjBXFAPbDn/zZUVHzZ8CksIHN6n+XBGMSvbdnsN0A5/8VN
MELYctpsrkx9T/96d9gW/oyn5VjyrAwH8hfokpzo8lJfV9bBu6t0Wv7pTvLIiPLN
Ukp5iqsQC5e6AWIsForVyIE5rcaNLB1I/dYnua0NY2fS/iFY92m4/EAgvgZPJ/Dq
cg5YvV8XYunnR4AHLaaBPq6wKhfoUZHqHZb4Wx0uaPX/xhia3l5clPcyVW01da+m
03rYTn0=
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:28:28 2025 by rpki-client