Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: cWPoSw2MG33UTwOheOHV4FBl6n0vTfwxOL33OiC0anI=
Subject key identifier: 4B:64:BD:BF:93:A7:07:64:89:F0:00:8D:F0:8A:AF:F5:A9:72:AF:7A
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 2FDCF28BAA822A8DF8FA7E71818143DA6C84C645
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
Signing time: Mon 26 May 2025 06:58:48 +0000
ROA not before: Mon 26 May 2025 06:53:48 +0000
ROA not after: Mon 25 May 2026 06:58:48 +0000
asID: 21859
IP address blocks: 143.14.203.0/24 maxlen: 24
148.135.194.0/24 maxlen: 24
148.135.196.0/23 maxlen: 23
148.135.204.0/23 maxlen: 23
150.241.229.0/24 maxlen: 24
150.241.231.0/24 maxlen: 24
155.117.163.0/24 maxlen: 24
155.117.238.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Jun 2025 12:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2f:dc:f2:8b:aa:82:2a:8d:f8:fa:7e:71:81:81:43:da:6c:84:c6:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: May 26 06:53:48 2025 GMT
Not After : May 25 06:58:48 2026 GMT
Subject: CN=4B64BDBF93A7076489F0008DF08AAFF5A972AF7A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:8e:9e:dc:71:ef:0a:3a:b9:2b:82:ec:fd:85:
39:83:9d:bd:bb:83:d7:02:bb:62:ed:e0:e7:63:78:
ce:ae:a3:91:23:91:b8:6c:e2:c2:e7:0a:b6:4c:bc:
60:71:07:79:a0:02:3e:39:e3:b8:96:34:aa:97:09:
bb:1d:06:24:ba:a9:83:ba:07:15:94:2d:2a:25:99:
3d:0a:8c:0c:5c:03:ad:2c:29:c8:9e:0a:9a:18:8a:
b6:92:f0:ed:c2:77:b2:27:e3:de:b3:4d:5e:3e:9a:
09:80:0f:30:73:eb:e8:5c:4d:fe:c1:fa:66:29:ac:
7c:3a:8e:79:f8:3f:36:b4:6a:61:b0:4e:dc:3e:62:
78:75:72:e8:28:fe:58:d0:91:dc:a9:7a:29:56:b6:
c0:ab:37:18:9e:b9:e9:39:74:5d:08:25:d7:64:ec:
12:b4:30:e0:1b:18:1e:c0:94:54:76:73:6b:f4:57:
c3:86:3d:ce:41:d5:a0:2b:92:81:74:7d:3c:35:2d:
19:3d:55:08:37:96:c9:43:86:89:76:80:af:1a:32:
12:71:c4:90:01:7d:d6:91:fe:65:48:f1:07:86:c8:
90:e9:44:5c:4b:fc:27:98:42:93:aa:76:25:9e:69:
fe:d3:7b:39:ff:46:bf:24:dc:a5:c5:2f:37:2f:9b:
09:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:64:BD:BF:93:A7:07:64:89:F0:00:8D:F0:8A:AF:F5:A9:72:AF:7A
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.203.0/24
148.135.194.0/24
148.135.196.0/23
148.135.204.0/23
150.241.229.0/24
150.241.231.0/24
155.117.163.0/24
155.117.238.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:b5:4d:2c:17:ec:57:53:21:65:3b:7c:6d:30:aa:57:5c:e5:
7c:e1:1d:02:ac:74:2a:5c:09:f9:da:00:e1:a6:bb:8f:e6:1a:
97:14:95:96:0d:a7:c7:2e:f8:a9:c7:71:90:69:9b:b8:d8:64:
49:95:30:52:55:b1:ca:de:b5:c1:fb:c6:1b:db:b9:9b:f9:f7:
bf:c2:41:11:02:17:20:ff:ed:60:d0:8e:cc:0e:e8:07:58:44:
75:24:2e:1f:86:78:3b:99:16:4b:f1:cb:e5:38:4d:36:d2:9c:
ee:e3:61:05:ef:73:04:c6:04:09:59:f3:63:bc:2f:42:b2:59:
0b:d2:93:dc:19:2e:64:80:e2:37:fd:e8:db:9d:08:ed:a1:cf:
9f:ac:17:56:0d:5c:0d:01:bc:7f:9b:12:66:5b:86:d0:c7:a7:
4f:06:cb:9f:b2:91:1c:6d:79:6a:a4:0c:62:a0:c8:0b:1d:3e:
90:b8:15:ba:bb:5b:17:6f:8a:d4:58:a6:12:07:f7:b1:9a:e3:
d1:9e:50:7f:76:66:69:0f:82:0c:e3:57:1e:8e:39:c4:70:eb:
83:78:f9:af:9b:b8:53:c9:b6:f0:ad:33:4d:e3:ba:15:5f:65:
2b:21:38:04:26:ca:f4:86:0c:c8:d4:98:4b:22:da:22:ae:b4:
71:6c:f0:a7
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUL9zyi6qCKo34+n5xgYFD2myExkUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MjYwNjUzNDhaFw0yNjA1MjUwNjU4NDhaMDMxMTAvBgNV
BAMTKDRCNjRCREJGOTNBNzA3NjQ4OUYwMDA4REYwOEFBRkY1QTk3MkFGN0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2jp7cce8KOrkrguz9hTmDnb27
g9cCu2Lt4OdjeM6uo5Ejkbhs4sLnCrZMvGBxB3mgAj4547iWNKqXCbsdBiS6qYO6
BxWULSolmT0KjAxcA60sKcieCpoYiraS8O3Cd7In496zTV4+mgmADzBz6+hcTf7B
+mYprHw6jnn4Pza0amGwTtw+Ynh1cugo/ljQkdypeilWtsCrNxieuek5dF0IJddk
7BK0MOAbGB7AlFR2c2v0V8OGPc5B1aArkoF0fTw1LRk9VQg3lslDhol2gK8aMhJx
xJABfdaR/mVI8QeGyJDpRFxL/CeYQpOqdiWeaf7Tezn/Rr8k3KXFLzcvmwk9AgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUS2S9v5OnB2SJ8ACN8Iqv9alyr3owHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwSQYIKwYBBQUHAQcBAf8EOjA4MDYEAgABMDADBACPDssD
BACUh8IDBAGUh8QDBAGUh8wDBACW8eUDBACW8ecDBACbdaMDBACbde4wDQYJKoZI
hvcNAQELBQADggEBABy1TSwX7FdTIWU7fG0wqldc5XzhHQKsdCpcCfnaAOGmu4/m
GpcUlZYNp8cu+KnHcZBpm7jYZEmVMFJVscretcH7xhvbuZv597/CQRECFyD/7WDQ
jswO6AdYRHUkLh+GeDuZFkvxy+U4TTbSnO7jYQXvcwTGBAlZ82O8L0KyWQvSk9wZ
LmSA4jf96NudCO2hz5+sF1YNXA0BvH+bEmZbhtDHp08Gy5+ykRxteWqkDGKgyAsd
PpC4Fbq7WxdvitRYphIH97Ga49GeUH92ZmkPggzjVx6OOcRw64N4+a+buFPJtvCt
M03juhVfZSshOAQmyvSGDMjUmEsi2iKutHFs8Kc=
-----END CERTIFICATE-----
Generated at Thu Jun 5 18:13:59 2025 by rpki-client