Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: Cw+BobsaI3lUVHRPbYm4vnYq3GyMg0u4rfategEDmhE=
Subject key identifier: C9:2B:F9:71:0F:6C:6D:FF:10:8D:1B:A8:7D:37:60:C6:C0:C9:2B:AC
Certificate issuer: /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial: 7252B16746FA4D256C66C95A4786948DDD987550
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21859.roa
Signing time: Thu 19 Mar 2026 13:38:40 +0000
ROA not before: Thu 19 Mar 2026 13:33:40 +0000
ROA not after: Thu 18 Mar 2027 13:38:40 +0000
asID: 21859
IP address blocks: 193.29.98.0/24 maxlen: 24
194.104.156.0/24 maxlen: 24
194.147.4.0/24 maxlen: 24
195.206.235.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 13:03:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
72:52:b1:67:46:fa:4d:25:6c:66:c9:5a:47:86:94:8d:dd:98:75:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Validity
Not Before: Mar 19 13:33:40 2026 GMT
Not After : Mar 18 13:38:40 2027 GMT
Subject: CN=C92BF9710F6C6DFF108D1BA87D3760C6C0C92BAC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:98:d1:a1:a5:df:ec:c8:96:43:55:00:41:d9:
95:65:7b:c7:aa:a8:d1:42:7c:93:34:ce:00:ce:8c:
c7:d0:31:8c:03:7d:66:8d:32:7c:6f:d2:84:6d:1e:
fa:bc:21:3d:c6:c4:e8:76:ec:37:62:b9:aa:e9:36:
e4:36:cf:57:47:05:9b:a1:ed:80:fd:c2:43:ab:5b:
3b:5c:7c:f4:e1:2d:83:98:0f:6d:1d:d1:c4:ff:e4:
a2:0e:9f:7f:46:1d:9b:dc:0d:ae:df:02:6c:1a:e6:
70:d0:9a:f9:3b:15:fd:da:a8:ad:e3:ba:1c:0f:99:
1c:e2:dd:aa:38:8c:17:a9:4a:f1:ab:6a:88:df:1e:
4b:3d:ec:99:0d:23:f6:6e:45:67:fb:ec:b7:45:24:
da:34:56:88:6c:0d:98:7b:99:6f:9b:7f:f4:f7:60:
5b:f3:50:52:5f:8b:7d:ef:45:2a:e9:a7:53:ee:bb:
99:c5:87:1d:81:99:26:a4:40:6f:82:73:9c:b0:b2:
61:82:fe:d3:f1:0a:8a:80:e2:49:a1:18:e4:fb:a4:
08:f3:f7:46:6b:f8:98:7b:f0:8d:34:80:56:75:bd:
c2:d0:22:ef:b5:52:d7:e7:50:fb:dc:5b:a2:ab:11:
af:5f:94:aa:9b:2f:d6:a2:d8:c2:64:ca:e6:ee:09:
7d:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:2B:F9:71:0F:6C:6D:FF:10:8D:1B:A8:7D:37:60:C6:C0:C9:2B:AC
X509v3 Authority Key Identifier:
keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.29.98.0/24
194.104.156.0/24
194.147.4.0/24
195.206.235.0/24
Signature Algorithm: sha256WithRSAEncryption
62:87:e8:a2:ad:3a:02:d5:c9:38:10:10:df:e5:67:15:79:9d:
28:34:5c:0e:5f:11:e1:88:af:84:ce:86:d3:d5:4f:83:75:58:
86:54:f6:77:7c:69:84:02:52:6f:01:1e:e9:5d:18:90:c4:d8:
2e:dd:dc:c1:ad:5f:c1:4e:5f:c7:52:1e:48:fe:b0:67:2e:30:
1c:10:8c:62:de:d4:cf:9d:78:46:15:18:5a:3b:98:53:6c:84:
82:c8:40:b3:b8:df:f8:39:2f:1f:f0:59:17:51:10:14:2e:4d:
db:90:43:d7:52:5f:93:c7:7c:b5:c7:5c:43:a1:4e:8c:f7:5e:
05:dc:0c:c6:c3:e5:c2:26:de:f4:2d:ed:ff:37:2c:56:63:d2:
fc:7c:32:58:0d:4b:13:48:8f:31:ce:3e:9c:25:df:28:d0:66:
be:42:28:95:12:c7:7c:67:69:38:e7:3d:67:c2:af:c6:6b:ce:
a5:75:69:a8:8c:58:63:54:2d:a2:f7:7a:fc:da:9c:00:25:54:
b7:b6:f5:bb:94:be:ea:53:1b:06:7a:ea:22:24:f1:e2:ef:40:
21:06:af:35:c2:7e:b4:a2:be:eb:c7:76:a2:c1:5a:6c:77:36:
96:e8:da:d1:d1:9a:13:8a:eb:d7:eb:bd:e8:45:5f:d7:f9:43:
63:0b:70:76
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUclKxZ0b6TSVsZslaR4aUjd2YdVAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAzMTkxMzMzNDBaFw0yNzAzMTgxMzM4NDBaMDMxMTAvBgNV
BAMTKEM5MkJGOTcxMEY2QzZERkYxMDhEMUJBODdEMzc2MEM2QzBDOTJCQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhmNGhpd/syJZDVQBB2ZVle8eq
qNFCfJM0zgDOjMfQMYwDfWaNMnxv0oRtHvq8IT3GxOh27DdiuarpNuQ2z1dHBZuh
7YD9wkOrWztcfPThLYOYD20d0cT/5KIOn39GHZvcDa7fAmwa5nDQmvk7Ff3aqK3j
uhwPmRzi3ao4jBepSvGraojfHks97JkNI/ZuRWf77LdFJNo0VohsDZh7mW+bf/T3
YFvzUFJfi33vRSrpp1Puu5nFhx2BmSakQG+Cc5ywsmGC/tPxCoqA4kmhGOT7pAjz
90Zr+Jh78I00gFZ1vcLQIu+1UtfnUPvcW6KrEa9flKqbL9ai2MJkyubuCX2VAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUySv5cQ9sbf8QjRuofTdgxsDJK6wwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMQYIKwYBBQUHAQcBAf8EIjAgMB4EAgABMBgDBADBHWID
BADCaJwDBADCkwQDBADDzuswDQYJKoZIhvcNAQELBQADggEBAGKH6KKtOgLVyTgQ
EN/lZxV5nSg0XA5fEeGIr4TOhtPVT4N1WIZU9nd8aYQCUm8BHuldGJDE2C7d3MGt
X8FOX8dSHkj+sGcuMBwQjGLe1M+deEYVGFo7mFNshILIQLO43/g5Lx/wWRdREBQu
TduQQ9dSX5PHfLXHXEOhToz3XgXcDMbD5cIm3vQt7f83LFZj0vx8MlgNSxNIjzHO
Ppwl3yjQZr5CKJUSx3xnaTjnPWfCr8ZrzqV1aaiMWGNULaL3evzanAAlVLe29buU
vupTGwZ66iIk8eLvQCEGrzXCfrSivuvHdqLBWmx3Npbo2tHRmhOK69frvehFX9f5
Q2MLcHY=
-----END CERTIFICATE-----
Generated at Thu Mar 26 06:38:15 2026 by rpki-client