Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: HIWCDE9YzuTS2MeZncHcv0/vM8fa58wp3ECwFufxbHk=
Subject key identifier: 26:DB:B2:FD:27:77:10:7D:B4:08:1E:51:42:9D:71:C9:96:F8:30:91
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 1063FA3DED764BFF1B2F839693060AD51168D24E
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
Signing time: Mon 20 Oct 2025 02:50:16 +0000
ROA not before: Mon 20 Oct 2025 02:45:16 +0000
ROA not after: Mon 19 Oct 2026 02:50:16 +0000
asID: 21859
IP address blocks: 82.21.188.0/24 maxlen: 24
82.22.45.0/24 maxlen: 24
82.22.63.0/24 maxlen: 24
82.22.187.0/24 maxlen: 24
82.24.25.0/24 maxlen: 24
82.25.35.0/24 maxlen: 24
82.25.143.0/24 maxlen: 24
82.26.122.0/24 maxlen: 24
2a13:9500:aa::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
10:63:fa:3d:ed:76:4b:ff:1b:2f:83:96:93:06:0a:d5:11:68:d2:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Oct 20 02:45:16 2025 GMT
Not After : Oct 19 02:50:16 2026 GMT
Subject: CN=26DBB2FD2777107DB4081E51429D71C996F83091
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:8d:29:20:22:84:9d:8f:9b:67:3c:a7:ba:8d:
95:01:df:c8:d3:55:4f:4d:59:50:14:7d:54:72:d0:
d4:70:13:f9:9e:db:b7:6f:85:8c:f0:47:e2:d8:03:
66:1c:80:b5:a2:01:f0:85:65:18:37:87:5d:7a:73:
00:12:d9:c6:fc:82:93:44:41:64:a6:2b:65:89:97:
bd:57:4a:ee:26:5d:10:54:02:5b:49:21:2f:e1:ce:
30:12:0c:46:0a:75:14:27:db:b9:0a:89:b2:ea:3a:
48:d0:26:39:f1:7e:3e:da:b9:94:1f:08:f9:51:ad:
ae:df:19:9e:7a:2c:05:a8:87:21:77:19:fb:78:d5:
66:0d:dd:97:5a:36:82:b1:9d:74:a5:85:47:87:18:
44:e5:de:b5:46:2b:1a:2c:49:c4:47:61:41:0b:e5:
1b:c0:ec:bf:50:6a:55:0a:a9:f2:ce:36:4f:19:53:
ce:fe:33:ab:e3:6e:91:2d:f2:64:ea:de:7d:c1:25:
fb:e6:6f:99:6f:d7:81:58:3d:da:5f:53:17:05:26:
1f:77:61:c7:f9:12:96:c0:43:2a:e3:17:fb:79:f2:
71:6d:07:b0:29:bb:f8:0e:d2:8c:a6:90:33:31:48:
b8:46:03:d6:78:12:ea:c2:a2:d4:ea:a6:ad:15:09:
78:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:DB:B2:FD:27:77:10:7D:B4:08:1E:51:42:9D:71:C9:96:F8:30:91
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.188.0/24
82.22.45.0/24
82.22.63.0/24
82.22.187.0/24
82.24.25.0/24
82.25.35.0/24
82.25.143.0/24
82.26.122.0/24
IPv6:
2a13:9500:aa::/48
Signature Algorithm: sha256WithRSAEncryption
30:62:3f:3f:7c:96:f3:ed:5d:70:73:77:f7:63:f7:4a:4e:0c:
e5:e8:c7:02:cb:96:b0:54:e3:f5:eb:b5:d3:d7:aa:c3:ef:c5:
b5:b8:8c:02:da:4d:d6:49:fe:de:b9:d3:47:05:05:a6:68:2e:
04:16:77:c2:23:1e:61:27:02:92:ff:18:fd:dd:36:dd:e2:75:
91:4c:bb:29:df:54:73:92:53:c0:a7:1d:e9:dc:98:b5:db:19:
1c:db:9e:68:25:97:c2:9b:b9:4a:65:3f:9a:e7:e3:80:7e:ae:
89:15:61:00:99:4f:7b:3c:43:42:ff:5d:7a:58:33:46:aa:53:
01:fd:16:f3:8e:bb:7d:46:78:54:f2:00:f8:c4:a5:e5:4c:35:
c2:0d:e7:48:bc:a4:df:fd:cb:07:b6:1c:db:88:ac:70:13:bf:
40:c5:bf:47:46:30:5f:91:33:b7:56:40:23:78:38:ec:59:3f:
a2:9a:80:23:81:3b:b5:a0:1e:43:35:b3:0f:ca:38:c5:bc:40:
bd:76:6d:f9:0a:8c:af:b1:64:e2:7e:54:f2:ab:88:6a:f8:6b:
7d:23:5c:87:d8:50:4c:13:ea:4f:90:28:57:c6:0a:e3:5c:65:
06:5e:e0:68:c2:fd:4c:13:6c:3b:32:4b:64:c4:34:30:70:9f:
cd:a7:60:6f
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUEGP6Pe12S/8bL4OWkwYK1RFo0k4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMjAwMjQ1MTZaFw0yNjEwMTkwMjUwMTZaMDMxMTAvBgNV
BAMTKDI2REJCMkZEMjc3NzEwN0RCNDA4MUU1MTQyOUQ3MUM5OTZGODMwOTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWjSkgIoSdj5tnPKe6jZUB38jT
VU9NWVAUfVRy0NRwE/me27dvhYzwR+LYA2YcgLWiAfCFZRg3h116cwAS2cb8gpNE
QWSmK2WJl71XSu4mXRBUAltJIS/hzjASDEYKdRQn27kKibLqOkjQJjnxfj7auZQf
CPlRra7fGZ56LAWohyF3Gft41WYN3ZdaNoKxnXSlhUeHGETl3rVGKxosScRHYUEL
5RvA7L9QalUKqfLONk8ZU87+M6vjbpEt8mTq3n3BJfvmb5lv14FYPdpfUxcFJh93
Ycf5EpbAQyrjF/t58nFtB7Apu/gO0oymkDMxSLhGA9Z4EurCotTqpq0VCXhTAgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUJtuy/Sd3EH20CB5RQp1xyZb4MJEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwWgYIKwYBBQUHAQcBAf8ESzBJMDYEAgABMDADBABSFbwD
BABSFi0DBABSFj8DBABSFrsDBABSGBkDBABSGSMDBABSGY8DBABSGnowDwQCAAIw
CQMHACoTlQAAqjANBgkqhkiG9w0BAQsFAAOCAQEAMGI/P3yW8+1dcHN392P3Sk4M
5ejHAsuWsFTj9eu109eqw+/FtbiMAtpN1kn+3rnTRwUFpmguBBZ3wiMeYScCkv8Y
/d023eJ1kUy7Kd9Uc5JTwKcd6dyYtdsZHNueaCWXwpu5SmU/mufjgH6uiRVhAJlP
ezxDQv9delgzRqpTAf0W8467fUZ4VPIA+MSl5Uw1wg3nSLyk3/3LB7Yc24iscBO/
QMW/R0YwX5Ezt1ZAI3g47Fk/opqAI4E7taAeQzWzD8o4xbxAvXZt+QqMr7Fk4n5U
8quIavhrfSNch9hQTBPqT5AoV8YK41xlBl7gaML9TBNsOzJLZMQ0MHCfzadgbw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 06:42:56 2025 by rpki-client