Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21840.roa
File: AS21840.roa (raw, json)
Hash identifier: GcPFbqWctTuefZsI5zRDC0iRhW5y53FQj6mRUX9LGSA=
Subject key identifier: 00:88:03:CA:21:2D:A3:DA:A7:0B:9C:D0:6A:B3:04:65:EB:55:5D:2C
Certificate issuer: /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial: 76B9EE4C3A05CAD530EAC44D9CF1C6BE88B7CA9C
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21840.roa
Signing time: Mon 23 Mar 2026 14:21:23 +0000
ROA not before: Mon 23 Mar 2026 14:16:23 +0000
ROA not after: Mon 22 Mar 2027 14:21:23 +0000
asID: 21840
IP address blocks: 141.11.123.0/24 maxlen: 24
141.11.175.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:b9:ee:4c:3a:05:ca:d5:30:ea:c4:4d:9c:f1:c6:be:88:b7:ca:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
Validity
Not Before: Mar 23 14:16:23 2026 GMT
Not After : Mar 22 14:21:23 2027 GMT
Subject: CN=008803CA212DA3DAA70B9CD06AB30465EB555D2C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:09:3d:32:ea:f2:e3:45:88:29:4d:eb:43:c3:
b1:ca:1c:b4:93:3c:9d:8f:f3:32:fa:35:68:07:9d:
a2:c1:7b:60:6b:b6:a5:9b:49:56:d5:a7:ef:a4:89:
ec:bf:b8:30:64:5b:32:c7:68:f7:ac:20:3e:e8:a5:
8a:2a:82:46:75:3e:34:3f:fd:4b:13:5e:e8:03:f2:
38:d7:d3:ee:c9:6e:ca:d6:5e:96:69:90:8f:dd:dc:
0e:85:74:95:e8:b2:51:1c:27:ec:d1:b7:6f:e7:21:
1f:47:cb:cb:45:41:70:95:69:27:11:75:43:25:af:
72:93:ae:e5:c2:bf:24:e7:3b:dc:fa:91:a7:06:e3:
02:01:e0:01:f7:6f:3f:40:46:a3:f2:9b:bc:62:e8:
d3:20:0c:86:53:ea:f7:65:c2:84:42:40:55:6b:6b:
73:c3:78:29:ea:c4:f6:aa:d0:05:b7:02:6b:b7:4c:
23:06:6d:9d:c5:27:cc:7d:da:1c:21:45:a2:65:be:
39:d4:6a:2f:20:f8:e4:59:8a:1b:94:74:07:b4:64:
f7:f7:46:20:6a:91:20:96:04:2a:8e:2b:a8:a9:7a:
b5:bf:04:bd:67:9e:c0:3b:11:d1:3b:53:2d:fe:94:
b6:99:3b:58:74:26:47:7d:82:ba:ef:3d:ea:92:44:
56:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:88:03:CA:21:2D:A3:DA:A7:0B:9C:D0:6A:B3:04:65:EB:55:5D:2C
X509v3 Authority Key Identifier:
keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21840.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.11.123.0/24
141.11.175.0/24
Signature Algorithm: sha256WithRSAEncryption
47:65:22:af:80:ea:66:e5:25:0f:46:9f:ef:fc:f3:b0:76:a9:
b9:08:36:95:43:37:9d:28:f7:de:55:50:6d:3b:d4:a2:ab:8e:
8d:b4:bc:5b:a8:cc:39:9a:4d:5a:97:d3:ae:9d:f1:73:db:5a:
e5:21:88:e5:7e:9e:74:b2:cd:80:0d:05:68:6f:c3:b0:0e:30:
73:4c:e1:69:f2:57:83:37:90:ea:4f:d1:8b:1d:34:8b:9f:14:
e0:15:b5:80:e2:b4:78:ab:98:72:12:86:30:15:fd:71:cd:7d:
04:b1:4f:dc:ce:2c:31:b4:e1:02:f0:1e:a8:0f:17:9e:6d:81:
0f:08:a7:65:ad:15:33:ee:a8:62:90:cb:da:af:4f:c1:4d:8c:
45:9d:1c:0c:0e:03:4f:4b:27:1e:8d:17:99:4c:c1:3e:55:35:
58:45:37:bf:36:5d:aa:89:46:aa:31:77:c2:3b:36:8f:97:12:
e7:c8:ce:b3:b0:55:89:7d:a0:a7:35:26:03:58:f8:01:d5:09:
27:49:e7:a8:82:05:0d:ef:c7:ed:6a:3a:4f:0a:5c:f3:77:16:
27:e2:56:ca:de:ba:8b:b6:31:6d:31:d9:4c:34:58:5c:1e:48:
44:46:54:6b:ac:e3:c7:8c:11:d1:aa:41:57:35:fb:1e:69:87:
84:53:6d:4c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUdrnuTDoFytUw6sRNnPHGvoi3ypwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMjMxNDE2MjNaFw0yNzAzMjIxNDIxMjNaMDMxMTAvBgNV
BAMTKDAwODgwM0NBMjEyREEzREFBNzBCOUNEMDZBQjMwNDY1RUI1NTVEMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVCT0y6vLjRYgpTetDw7HKHLST
PJ2P8zL6NWgHnaLBe2BrtqWbSVbVp++kiey/uDBkWzLHaPesID7opYoqgkZ1PjQ/
/UsTXugD8jjX0+7JbsrWXpZpkI/d3A6FdJXoslEcJ+zRt2/nIR9Hy8tFQXCVaScR
dUMlr3KTruXCvyTnO9z6kacG4wIB4AH3bz9ARqPym7xi6NMgDIZT6vdlwoRCQFVr
a3PDeCnqxPaq0AW3Amu3TCMGbZ3FJ8x92hwhRaJlvjnUai8g+ORZihuUdAe0ZPf3
RiBqkSCWBCqOK6iperW/BL1nnsA7EdE7Uy3+lLaZO1h0Jkd9grrvPeqSRFY9AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUAIgDyiEto9qnC5zQarMEZetVXSwwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNC3sD
BACNC68wDQYJKoZIhvcNAQELBQADggEBAEdlIq+A6mblJQ9Gn+/887B2qbkINpVD
N50o995VUG071KKrjo20vFuozDmaTVqX066d8XPbWuUhiOV+nnSyzYANBWhvw7AO
MHNM4WnyV4M3kOpP0YsdNIufFOAVtYDitHirmHIShjAV/XHNfQSxT9zOLDG04QLw
HqgPF55tgQ8Ip2WtFTPuqGKQy9qvT8FNjEWdHAwOA09LJx6NF5lMwT5VNVhFN782
XaqJRqoxd8I7No+XEufIzrOwVYl9oKc1JgNY+AHVCSdJ56iCBQ3vx+1qOk8KXPN3
FifiVsreuou2MW0x2Uw0WFweSERGVGus48eMEdGqQVc1+x5ph4RTbUw=
-----END CERTIFICATE-----
Generated at Thu Mar 26 12:09:26 2026 by rpki-client