Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: Q62tSff9w6uGQewXqrwouqO2VAKjD6WwfMmivuDsJKk=
Subject key identifier: C5:75:AC:0F:3D:36:65:DA:5E:1B:E5:EC:23:F3:E3:EB:64:1F:BF:78
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 7FB48DEF27A73C04A71AEBB9826EDBD408BCA94E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
Signing time: Mon 02 Feb 2026 04:08:45 +0000
ROA not before: Mon 02 Feb 2026 04:03:45 +0000
ROA not after: Mon 01 Feb 2027 04:08:45 +0000
asID: 21859
IP address blocks: 96.62.255.0/24 maxlen: 24
140.233.187.0/24 maxlen: 24
143.14.125.0/24 maxlen: 24
148.135.196.0/23 maxlen: 23
148.135.204.0/23 maxlen: 23
155.117.245.0/24 maxlen: 24
162.141.121.0/24 maxlen: 24
167.148.120.0/23 maxlen: 23
167.148.223.0/24 maxlen: 24
168.222.4.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 23 Feb 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7f:b4:8d:ef:27:a7:3c:04:a7:1a:eb:b9:82:6e:db:d4:08:bc:a9:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Feb 2 04:03:45 2026 GMT
Not After : Feb 1 04:08:45 2027 GMT
Subject: CN=C575AC0F3D3665DA5E1BE5EC23F3E3EB641FBF78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:32:bd:5a:20:33:60:9a:8a:8b:ec:a7:ab:27:
70:d8:f2:e7:82:69:42:b9:43:40:90:36:7d:33:52:
bd:02:52:b2:33:bf:e7:75:b1:e7:26:c5:56:ae:fa:
ab:51:15:66:33:25:44:67:16:01:aa:2c:a6:fe:71:
5e:68:ad:76:70:12:7b:c2:d4:07:7b:b6:91:c9:b0:
01:66:29:7b:df:d1:4d:5b:47:5c:af:cb:bd:ab:1a:
8e:17:d4:fd:c5:fd:2a:88:b2:b8:3e:6a:2d:92:b6:
2b:fb:6c:c5:96:56:0b:bb:9f:15:64:9f:22:c3:ca:
56:ed:46:c5:86:0e:1f:fe:ca:7b:79:c2:e8:cb:c1:
7a:1b:48:24:59:54:85:99:80:e1:86:41:9a:9e:52:
bd:2a:44:04:fd:f9:ab:c7:c3:e1:ae:33:1f:d9:f5:
ed:3e:b6:2b:d7:8b:00:3e:25:de:e7:b7:a0:79:ec:
93:4b:5c:2a:58:cb:88:0e:3d:cb:b4:44:f3:e2:d3:
81:c9:f6:00:92:61:0b:bf:89:b2:ac:0f:73:db:c1:
e8:76:9a:b4:49:55:6e:ac:48:e7:8e:70:f1:06:ac:
e1:9c:d6:e6:47:3c:dc:ae:25:6c:73:91:6d:84:48:
8f:32:d9:46:da:90:37:38:61:f2:fb:78:63:f1:f3:
ad:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:75:AC:0F:3D:36:65:DA:5E:1B:E5:EC:23:F3:E3:EB:64:1F:BF:78
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.255.0/24
140.233.187.0/24
143.14.125.0/24
148.135.196.0/23
148.135.204.0/23
155.117.245.0/24
162.141.121.0/24
167.148.120.0/23
167.148.223.0/24
168.222.4.0/24
Signature Algorithm: sha256WithRSAEncryption
38:e4:02:2a:d5:4a:e9:37:a6:78:9b:95:b9:fd:09:61:46:58:
b1:a0:27:50:eb:21:3e:7a:e8:8e:6b:30:41:63:86:3e:9f:4e:
a7:63:36:a2:c8:46:5b:c1:05:56:5c:cb:b7:93:47:76:1a:e7:
59:99:bd:5f:ba:f1:09:7e:96:4c:ba:30:e8:88:8b:8a:ae:27:
1e:4e:0a:01:86:24:b9:81:54:ad:c5:08:a5:8e:0a:17:2d:8d:
c6:f7:86:cc:4f:87:53:7c:eb:76:b9:41:fb:8d:cd:28:e9:73:
69:4c:f8:62:85:20:34:50:32:3e:99:93:9b:41:1c:a4:54:b8:
a4:5c:5a:bd:26:ae:5c:e4:a1:97:de:28:6c:a8:1c:03:b0:be:
78:06:31:e4:17:e4:df:49:ad:77:a7:ce:85:de:1b:89:96:61:
42:f0:74:94:83:9f:b8:8c:6e:54:1c:d5:b4:ae:3a:26:ec:70:
af:46:eb:da:0a:7c:81:dd:8e:60:4b:a1:a1:06:70:cf:1a:4b:
93:77:14:67:78:f1:1e:20:dc:44:3b:c5:3f:b0:c9:fb:75:21:
f4:a5:8f:88:92:b7:96:85:ba:ef:2c:fd:37:51:28:8c:6f:98:
3f:9d:ec:57:11:a3:2a:09:37:8b:0f:54:b4:f6:2b:f7:29:04:
04:5a:95:c2
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUf7SN7yenPASnGuu5gm7b1Ai8qU4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMDIwNDAzNDVaFw0yNzAyMDEwNDA4NDVaMDMxMTAvBgNV
BAMTKEM1NzVBQzBGM0QzNjY1REE1RTFCRTVFQzIzRjNFM0VCNjQxRkJGNzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtMr1aIDNgmoqL7KerJ3DY8ueC
aUK5Q0CQNn0zUr0CUrIzv+d1secmxVau+qtRFWYzJURnFgGqLKb+cV5orXZwEnvC
1Ad7tpHJsAFmKXvf0U1bR1yvy72rGo4X1P3F/SqIsrg+ai2Stiv7bMWWVgu7nxVk
nyLDylbtRsWGDh/+ynt5wujLwXobSCRZVIWZgOGGQZqeUr0qRAT9+avHw+GuMx/Z
9e0+tivXiwA+Jd7nt6B57JNLXCpYy4gOPcu0RPPi04HJ9gCSYQu/ibKsD3Pbweh2
mrRJVW6sSOeOcPEGrOGc1uZHPNyuJWxzkW2ESI8y2UbakDc4YfL7eGPx8627AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUxXWsDz02ZdpeG+XsI/Pj62Qfv3gwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVQYIKwYBBQUHAQcBAf8ERjBEMEIEAgABMDwDBABgPv8D
BACM6bsDBACPDn0DBAGUh8QDBAGUh8wDBACbdfUDBACijXkDBAGnlHgDBACnlN8D
BACo3gQwDQYJKoZIhvcNAQELBQADggEBADjkAirVSuk3pniblbn9CWFGWLGgJ1Dr
IT566I5rMEFjhj6fTqdjNqLIRlvBBVZcy7eTR3Ya51mZvV+68Ql+lky6MOiIi4qu
Jx5OCgGGJLmBVK3FCKWOChctjcb3hsxPh1N863a5QfuNzSjpc2lM+GKFIDRQMj6Z
k5tBHKRUuKRcWr0mrlzkoZfeKGyoHAOwvngGMeQX5N9JrXenzoXeG4mWYULwdJSD
n7iMblQc1bSuOibscK9G69oKfIHdjmBLoaEGcM8aS5N3FGd48R4g3EQ7xT+wyft1
IfSlj4iSt5aFuu8s/TdRKIxvmD+d7FcRoyoJN4sPVLT2K/cpBARalcI=
-----END CERTIFICATE-----
Generated at Sun Feb 22 22:06:01 2026 by rpki-client