Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: 1b4D77o9K8X0oAfuwYCtA2YxzDRYLOTglmmDerLoys0=
Subject key identifier: 03:12:D4:85:78:BA:1A:85:7E:D8:4A:3A:C6:47:6A:D3:EE:3B:D9:A4
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 695A3D7A82BDFC7035A5F29F901143A37D91882D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
Signing time: Thu 23 Apr 2026 07:41:42 +0000
ROA not before: Thu 23 Apr 2026 07:36:42 +0000
ROA not after: Thu 22 Apr 2027 07:41:42 +0000
asID: 21859
IP address blocks: 82.21.111.0/24 maxlen: 24
82.21.188.0/24 maxlen: 24
82.22.162.0/24 maxlen: 24
82.22.193.0/24 maxlen: 24
82.22.196.0/24 maxlen: 24
82.23.171.0/24 maxlen: 24
82.25.35.0/24 maxlen: 24
82.26.87.0/24 maxlen: 24
82.26.196.0/24 maxlen: 24
82.27.129.0/24 maxlen: 24
82.27.197.0/24 maxlen: 24
82.29.41.0/24 maxlen: 24
82.38.100.0/24 maxlen: 24
82.38.180.0/24 maxlen: 24
82.38.200.0/24 maxlen: 24
82.39.114.0/24 maxlen: 24
82.39.146.0/24 maxlen: 24
82.39.148.0/24 maxlen: 24
82.39.188.0/24 maxlen: 24
82.39.208.0/24 maxlen: 24
82.40.59.0/24 maxlen: 24
82.41.99.0/24 maxlen: 24
82.41.130.0/24 maxlen: 24
82.47.29.0/24 maxlen: 24
178.83.18.0/24 maxlen: 24
178.83.58.0/24 maxlen: 24
178.83.100.0/24 maxlen: 24
178.83.199.0/24 maxlen: 24
178.83.222.0/24 maxlen: 24
2a13:9500:aa::/48 maxlen: 48
2a13:9500:13f::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
69:5a:3d:7a:82:bd:fc:70:35:a5:f2:9f:90:11:43:a3:7d:91:88:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Apr 23 07:36:42 2026 GMT
Not After : Apr 22 07:41:42 2027 GMT
Subject: CN=0312D48578BA1A857ED84A3AC6476AD3EE3BD9A4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:6b:bd:22:41:0c:36:a7:0a:25:bb:0d:16:96:
bb:8f:43:75:9b:37:43:f3:3e:43:20:09:7f:23:3e:
93:35:4e:58:8c:7e:9e:56:a1:c7:ae:09:3c:1e:f0:
e1:0e:a6:69:a9:93:27:05:d1:fa:6e:0d:71:c7:e8:
93:93:52:f5:81:f1:96:4b:92:92:69:91:20:66:fd:
f9:0f:04:a4:cd:fb:06:1a:dd:2e:47:62:a6:9e:9f:
20:d9:db:68:1d:2d:e9:c9:d5:4d:ff:4a:85:fc:fc:
a2:e0:b2:49:5f:b1:2b:b8:ef:1b:2a:7e:18:a1:be:
3b:36:5f:3d:89:8c:3f:30:d3:90:9f:2e:28:6b:37:
34:32:54:0d:b6:7d:4c:96:2e:2f:3f:41:b7:b4:89:
63:17:82:ae:6b:cd:ce:5b:d2:5a:21:0f:25:ca:46:
19:7f:8b:5c:1d:18:ca:6f:c3:4a:56:de:02:f1:38:
84:aa:22:b3:05:e6:cc:c9:5a:55:d4:a4:26:fa:95:
08:48:b3:06:a5:47:88:a4:e4:1e:2b:11:1e:b8:6f:
64:ab:ca:e1:e9:69:bc:fc:2a:26:71:aa:6e:0c:a9:
2c:1a:70:04:8f:bb:e9:d6:d0:c3:c5:3f:d3:b7:47:
d4:b5:6a:9e:f9:f8:f9:b8:50:53:9c:a5:dc:a9:9a:
b6:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:12:D4:85:78:BA:1A:85:7E:D8:4A:3A:C6:47:6A:D3:EE:3B:D9:A4
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.111.0/24
82.21.188.0/24
82.22.162.0/24
82.22.193.0/24
82.22.196.0/24
82.23.171.0/24
82.25.35.0/24
82.26.87.0/24
82.26.196.0/24
82.27.129.0/24
82.27.197.0/24
82.29.41.0/24
82.38.100.0/24
82.38.180.0/24
82.38.200.0/24
82.39.114.0/24
82.39.146.0/24
82.39.148.0/24
82.39.188.0/24
82.39.208.0/24
82.40.59.0/24
82.41.99.0/24
82.41.130.0/24
82.47.29.0/24
178.83.18.0/24
178.83.58.0/24
178.83.100.0/24
178.83.199.0/24
178.83.222.0/24
IPv6:
2a13:9500:aa::/48
2a13:9500:13f::/48
Signature Algorithm: sha256WithRSAEncryption
12:7c:ed:c8:55:04:57:92:4e:3d:95:8c:d1:b2:98:ee:53:69:
5a:fe:b8:eb:a6:ae:d6:91:b3:a8:40:67:64:9a:d6:91:24:d6:
5c:de:e1:38:76:3e:9d:52:f4:84:bf:95:49:47:31:07:01:8d:
c3:63:61:81:a9:e2:2e:bd:a5:2a:68:f5:da:f1:e7:de:3d:6d:
97:4d:76:4d:a7:fb:f2:7e:9f:06:6a:58:9e:8f:3b:db:8f:4c:
39:31:4a:30:38:75:da:0f:0a:5d:5d:db:bb:41:f1:9d:cd:d2:
a8:bc:10:41:a1:08:67:60:55:e7:2b:fb:ce:41:d8:c5:e4:a3:
e6:10:69:75:e9:f6:2b:1a:6b:96:e7:6c:58:8d:0c:fc:43:fc:
b8:b5:76:b0:bf:17:0e:e7:b1:1e:8e:22:99:77:05:de:5e:75:
32:d9:58:fa:01:78:12:32:aa:47:00:d1:a1:e3:97:7e:d8:4b:
15:43:a5:4d:64:a6:05:c8:7b:f2:43:37:9a:65:01:95:31:ed:
dc:df:ba:5f:74:ca:ac:c3:29:c5:dc:0b:b2:6b:ca:a6:8d:a6:
7e:b6:7c:4d:c9:3b:45:ce:b7:f3:54:be:95:aa:64:f2:f2:92:
c5:04:85:05:44:82:d8:fa:66:14:50:67:4e:34:a7:04:80:46:
a3:88:43:f6
-----BEGIN CERTIFICATE-----
MIIFxjCCBK6gAwIBAgIUaVo9eoK9/HA1pfKfkBFDo32RiC0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjMwNzM2NDJaFw0yNzA0MjIwNzQxNDJaMDMxMTAvBgNV
BAMTKDAzMTJENDg1NzhCQTFBODU3RUQ4NEEzQUM2NDc2QUQzRUUzQkQ5QTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFa70iQQw2pwoluw0WlruPQ3Wb
N0PzPkMgCX8jPpM1TliMfp5WoceuCTwe8OEOpmmpkycF0fpuDXHH6JOTUvWB8ZZL
kpJpkSBm/fkPBKTN+wYa3S5HYqaenyDZ22gdLenJ1U3/SoX8/KLgsklfsSu47xsq
fhihvjs2Xz2JjD8w05CfLihrNzQyVA22fUyWLi8/Qbe0iWMXgq5rzc5b0lohDyXK
Rhl/i1wdGMpvw0pW3gLxOISqIrMF5szJWlXUpCb6lQhIswalR4ik5B4rER64b2Sr
yuHpabz8KiZxqm4MqSwacASPu+nW0MPFP9O3R9S1ap75+Pm4UFOcpdypmrZFAgMB
AAGjggLQMIICzDAdBgNVHQ4EFgQUAxLUhXi6GoV+2Eo6xkdq0+472aQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgeUGCCsGAQUFBwEHAQH/BIHVMIHSMIG1BAIAATCBrgME
AFIVbwMEAFIVvAMEAFIWogMEAFIWwQMEAFIWxAMEAFIXqwMEAFIZIwMEAFIaVwME
AFIaxAMEAFIbgQMEAFIbxQMEAFIdKQMEAFImZAMEAFImtAMEAFImyAMEAFIncgME
AFInkgMEAFInlAMEAFInvAMEAFIn0AMEAFIoOwMEAFIpYwMEAFIpggMEAFIvHQME
ALJTEgMEALJTOgMEALJTZAMEALJTxwMEALJT3jAYBAIAAjASAwcAKhOVAACqAwcA
KhOVAAE/MA0GCSqGSIb3DQEBCwUAA4IBAQASfO3IVQRXkk49lYzRspjuU2la/rjr
pq7WkbOoQGdkmtaRJNZc3uE4dj6dUvSEv5VJRzEHAY3DY2GBqeIuvaUqaPXa8efe
PW2XTXZNp/vyfp8Galiejzvbj0w5MUowOHXaDwpdXdu7QfGdzdKovBBBoQhnYFXn
K/vOQdjF5KPmEGl16fYrGmuW52xYjQz8Q/y4tXawvxcO57EejiKZdwXeXnUy2Vj6
AXgSMqpHANGh45d+2EsVQ6VNZKYFyHvyQzeaZQGVMe3c37pfdMqswynF3Auya8qm
jaZ+tnxNyTtFzrfzVL6VqmTy8pLFBIUFRILY+mYUUGdONKcEgEajiEP2
-----END CERTIFICATE-----
Generated at Tue May 12 23:32:14 2026 by rpki-client