Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: y3NevvBRgExytz3rJuqSURc1RJWTn0yB2rVThrutt70=
Subject key identifier: 5B:39:11:7C:DF:C7:59:1A:93:67:59:AA:24:7E:A0:4D:C5:17:2E:02
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 21AE9996E50495E17429E3C4DAF34BD5F6E04BAD
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
Signing time: Wed 18 Mar 2026 08:32:42 +0000
ROA not before: Wed 18 Mar 2026 08:27:42 +0000
ROA not after: Wed 17 Mar 2027 08:32:42 +0000
asID: 21859
IP address blocks: 82.21.111.0/24 maxlen: 24
82.21.188.0/24 maxlen: 24
82.22.45.0/24 maxlen: 24
82.22.162.0/24 maxlen: 24
82.22.193.0/24 maxlen: 24
82.22.196.0/24 maxlen: 24
82.23.171.0/24 maxlen: 24
82.23.172.0/24 maxlen: 24
82.25.35.0/24 maxlen: 24
82.26.87.0/24 maxlen: 24
82.26.196.0/24 maxlen: 24
82.27.129.0/24 maxlen: 24
82.27.197.0/24 maxlen: 24
82.29.41.0/24 maxlen: 24
82.38.100.0/24 maxlen: 24
82.38.180.0/24 maxlen: 24
82.38.200.0/24 maxlen: 24
82.39.114.0/24 maxlen: 24
82.39.146.0/24 maxlen: 24
82.39.148.0/24 maxlen: 24
82.39.188.0/24 maxlen: 24
82.39.208.0/24 maxlen: 24
82.40.59.0/24 maxlen: 24
82.41.99.0/24 maxlen: 24
82.41.130.0/24 maxlen: 24
178.83.18.0/24 maxlen: 24
178.83.58.0/24 maxlen: 24
178.83.100.0/24 maxlen: 24
178.83.199.0/24 maxlen: 24
178.83.222.0/24 maxlen: 24
2a13:9500:aa::/48 maxlen: 48
2a13:9500:13f::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 19:43:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:ae:99:96:e5:04:95:e1:74:29:e3:c4:da:f3:4b:d5:f6:e0:4b:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Mar 18 08:27:42 2026 GMT
Not After : Mar 17 08:32:42 2027 GMT
Subject: CN=5B39117CDFC7591A936759AA247EA04DC5172E02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:db:ae:55:8e:ba:c5:00:97:94:78:e4:4c:cd:
87:04:68:dc:67:6d:e5:ab:44:6a:6c:57:a9:b2:3b:
5b:a0:de:c8:e9:a8:ee:0f:2c:6c:25:17:76:21:91:
5c:3d:79:46:53:15:55:d9:62:63:65:f8:8f:d9:c5:
62:fc:d6:f7:3e:c9:e8:e1:ff:31:cb:04:58:c4:6e:
90:8d:85:df:7e:ea:60:ee:36:1f:52:b9:d2:81:52:
df:4a:a5:6d:e5:fa:64:05:d3:ef:2e:58:79:77:79:
14:2b:f8:05:6f:55:94:22:a6:f0:e2:aa:22:81:75:
b2:71:4a:f1:20:a4:63:e2:75:2c:70:b2:68:b7:93:
80:9d:c1:50:78:31:1c:6a:4a:f1:4d:98:51:a7:62:
b1:d2:0f:ad:e6:83:a9:3f:bc:48:86:d9:ac:f3:d4:
99:de:9a:ed:89:00:4e:4e:b3:ee:0f:de:db:3a:6e:
dd:85:0a:ff:10:29:b1:42:7d:6d:5b:6c:9c:2b:95:
77:ef:4e:3a:48:79:cb:e2:f7:ff:97:bb:3c:40:2e:
c1:62:ad:f8:75:53:26:86:70:7b:43:9b:e0:0e:8e:
e6:ad:a3:d3:4d:4e:49:4f:0f:6d:8a:a5:4e:1a:81:
6a:67:25:a9:98:36:79:2a:a4:ed:e1:e7:1d:88:ce:
75:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:39:11:7C:DF:C7:59:1A:93:67:59:AA:24:7E:A0:4D:C5:17:2E:02
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.111.0/24
82.21.188.0/24
82.22.45.0/24
82.22.162.0/24
82.22.193.0/24
82.22.196.0/24
82.23.171.0-82.23.172.255
82.25.35.0/24
82.26.87.0/24
82.26.196.0/24
82.27.129.0/24
82.27.197.0/24
82.29.41.0/24
82.38.100.0/24
82.38.180.0/24
82.38.200.0/24
82.39.114.0/24
82.39.146.0/24
82.39.148.0/24
82.39.188.0/24
82.39.208.0/24
82.40.59.0/24
82.41.99.0/24
82.41.130.0/24
178.83.18.0/24
178.83.58.0/24
178.83.100.0/24
178.83.199.0/24
178.83.222.0/24
IPv6:
2a13:9500:aa::/48
2a13:9500:13f::/48
Signature Algorithm: sha256WithRSAEncryption
61:73:f2:3f:2f:d9:e1:b9:35:a5:ed:47:fe:d5:34:36:ae:da:
df:db:8a:c1:10:4a:b4:67:68:76:3b:fe:bf:02:47:61:e3:bd:
23:fa:48:b4:79:14:f4:a0:33:c4:ec:69:94:fc:df:b4:a1:3f:
a4:5e:58:a4:fd:62:11:74:ff:21:87:d6:12:60:30:46:54:2d:
a9:7b:f6:02:c4:71:97:fc:cb:1c:d3:99:e2:b0:4f:f2:82:85:
f2:1c:ac:f5:0a:f7:5d:41:0b:90:dc:5c:f3:81:a3:eb:52:f2:
dd:e9:63:49:83:42:0d:f9:7d:88:64:43:bc:e8:b2:e2:6e:86:
89:94:23:1d:bd:56:a0:14:e5:8e:c4:36:47:84:ce:c8:ab:51:
75:9e:95:9c:4f:82:06:54:4d:9e:1a:2e:9e:d2:a6:71:08:65:
cb:e2:d7:ef:0a:2e:61:93:22:5b:63:56:36:a2:08:97:b6:41:
89:e3:14:f7:00:91:14:c4:7b:5f:95:e8:1a:8f:c3:7b:15:5a:
1f:be:8e:61:35:35:20:70:44:a4:bc:c9:b1:c9:2b:a5:07:2f:
c2:97:2c:d4:8c:dd:fb:f3:a9:18:f3:c7:b3:2c:52:b5:7a:a2:
a8:5d:5f:23:0a:d2:4b:56:b9:2c:73:49:82:ce:07:21:d5:3a:
02:29:ba:f0
-----BEGIN CERTIFICATE-----
MIIFzjCCBLagAwIBAgIUIa6ZluUEleF0KePE2vNL1fbgS60wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMTgwODI3NDJaFw0yNzAzMTcwODMyNDJaMDMxMTAvBgNV
BAMTKDVCMzkxMTdDREZDNzU5MUE5MzY3NTlBQTI0N0VBMDREQzUxNzJFMDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH265VjrrFAJeUeORMzYcEaNxn
beWrRGpsV6myO1ug3sjpqO4PLGwlF3YhkVw9eUZTFVXZYmNl+I/ZxWL81vc+yejh
/zHLBFjEbpCNhd9+6mDuNh9SudKBUt9KpW3l+mQF0+8uWHl3eRQr+AVvVZQipvDi
qiKBdbJxSvEgpGPidSxwsmi3k4CdwVB4MRxqSvFNmFGnYrHSD63mg6k/vEiG2azz
1Jnemu2JAE5Os+4P3ts6bt2FCv8QKbFCfW1bbJwrlXfvTjpIecvi9/+XuzxALsFi
rfh1UyaGcHtDm+AOjuato9NNTklPD22KpU4agWpnJamYNnkqpO3h5x2IznV1AgMB
AAGjggLYMIIC1DAdBgNVHQ4EFgQUWzkRfN/HWRqTZ1mqJH6gTcUXLgIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwge0GCCsGAQUFBwEHAQH/BIHdMIHaMIG9BAIAATCBtgME
AFIVbwMEAFIVvAMEAFIWLQMEAFIWogMEAFIWwQMEAFIWxDAMAwQAUherAwQAUhes
AwQAUhkjAwQAUhpXAwQAUhrEAwQAUhuBAwQAUhvFAwQAUh0pAwQAUiZkAwQAUia0
AwQAUibIAwQAUidyAwQAUieSAwQAUieUAwQAUie8AwQAUifQAwQAUig7AwQAUilj
AwQAUimCAwQAslMSAwQAslM6AwQAslNkAwQAslPHAwQAslPeMBgEAgACMBIDBwAq
E5UAAKoDBwAqE5UAAT8wDQYJKoZIhvcNAQELBQADggEBAGFz8j8v2eG5NaXtR/7V
NDau2t/bisEQSrRnaHY7/r8CR2HjvSP6SLR5FPSgM8TsaZT837ShP6ReWKT9YhF0
/yGH1hJgMEZULal79gLEcZf8yxzTmeKwT/KChfIcrPUK911BC5DcXPOBo+tS8t3p
Y0mDQg35fYhkQ7zosuJuhomUIx29VqAU5Y7ENkeEzsirUXWelZxPggZUTZ4aLp7S
pnEIZcvi1+8KLmGTIltjVjaiCJe2QYnjFPcAkRTEe1+V6BqPw3sVWh++jmE1NSBw
RKS8ybHJK6UHL8KXLNSM3fvzqRjzx7MsUrV6oqhdXyMK0ktWuSxzSYLOByHVOgIp
uvA=
-----END CERTIFICATE-----
Generated at Thu Mar 26 06:09:45 2026 by rpki-client