Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: sKJUyrCxYJNQx523LKB7pz7FG9DRNUtfivJU7+OXBrM=
Subject key identifier: 26:02:D5:A5:4E:14:6C:D2:B1:5C:B4:03:21:0C:AF:1A:CF:08:47:7F
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 63AA618A643478466318B2A00B556843CAD407C0
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
Signing time: Mon 27 Oct 2025 06:02:48 +0000
ROA not before: Mon 27 Oct 2025 05:57:48 +0000
ROA not after: Mon 26 Oct 2026 06:02:48 +0000
asID: 21859
IP address blocks: 96.62.218.0/24 maxlen: 24
96.62.255.0/24 maxlen: 24
140.233.187.0/24 maxlen: 24
143.14.125.0/24 maxlen: 24
143.14.142.0/24 maxlen: 24
147.79.1.0/24 maxlen: 24
148.135.196.0/23 maxlen: 23
148.135.204.0/23 maxlen: 23
155.117.245.0/24 maxlen: 24
167.148.154.0/24 maxlen: 24
167.148.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 04 Nov 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
63:aa:61:8a:64:34:78:46:63:18:b2:a0:0b:55:68:43:ca:d4:07:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Oct 27 05:57:48 2025 GMT
Not After : Oct 26 06:02:48 2026 GMT
Subject: CN=2602D5A54E146CD2B15CB403210CAF1ACF08477F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:bd:45:07:d1:fc:89:4d:2c:48:ca:da:c2:90:
f3:e3:98:dc:6f:bd:d0:2e:dc:99:90:58:e9:56:e2:
f5:ac:a2:6e:03:62:8c:6d:db:61:a2:d9:6b:2b:80:
9d:8f:b2:3b:32:96:54:72:0e:a2:94:a0:0d:dd:4e:
ad:15:11:75:63:86:99:60:1e:fe:5d:d4:c0:b9:b7:
47:0d:ca:d1:5f:76:2b:36:d3:4f:1a:d8:3b:a1:f2:
59:0e:52:fa:5a:56:ca:2d:58:d9:6c:aa:f0:11:e4:
46:ea:64:25:cb:06:5b:34:e3:2e:59:48:2e:50:c9:
77:1a:27:49:b1:53:e3:d4:bb:2b:76:d8:b3:e0:4c:
38:80:e5:f4:6b:69:1e:8a:1c:76:24:75:b8:79:8b:
e0:f4:d8:63:1d:28:8f:69:ad:11:74:23:e9:f2:b8:
dc:0a:65:28:3e:33:f9:83:b7:a9:f0:f7:e7:62:86:
5b:c5:69:f1:e4:01:9a:68:dc:cd:06:7f:87:ae:30:
3f:2e:71:d4:bc:c6:70:19:4e:3a:02:75:46:4b:2c:
6e:ac:0a:d7:c0:17:e4:f5:73:d9:ac:94:7d:12:a3:
0f:6f:a1:2e:ca:0e:13:3f:42:23:f8:e7:78:6e:d8:
4f:af:07:d5:0e:c3:4d:f6:df:f0:75:44:f9:b0:82:
51:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:02:D5:A5:4E:14:6C:D2:B1:5C:B4:03:21:0C:AF:1A:CF:08:47:7F
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.218.0/24
96.62.255.0/24
140.233.187.0/24
143.14.125.0/24
143.14.142.0/24
147.79.1.0/24
148.135.196.0/23
148.135.204.0/23
155.117.245.0/24
167.148.154.0/24
167.148.223.0/24
Signature Algorithm: sha256WithRSAEncryption
49:a6:6a:90:97:67:4e:17:b8:11:48:7a:d4:15:60:b6:b5:e3:
18:b8:f0:9d:dc:25:2b:56:b6:56:e8:69:49:81:48:0c:e8:d3:
cb:03:75:fd:ee:01:6e:69:87:a0:c9:a5:53:b8:98:a0:45:fb:
14:2b:97:cc:8d:2d:09:9d:89:41:63:a4:12:49:9c:ef:6b:75:
85:38:78:29:d2:c0:1a:24:ae:92:10:9d:f5:36:2d:55:87:47:
2e:56:c3:8a:d5:b8:ed:43:ad:7b:c2:16:64:bd:a5:74:e7:cc:
88:33:02:0e:71:41:04:a5:3b:d7:1d:9e:1e:66:9e:6c:19:3c:
54:0e:1c:64:5c:84:d5:4e:3e:ff:3b:23:26:08:2f:18:70:10:
ad:50:cc:78:9a:2a:b6:8b:11:26:96:0d:18:e4:89:85:c2:1e:
55:81:10:0d:1a:21:b1:00:43:9f:fa:d4:55:34:1f:b7:e6:9a:
b9:82:4d:bf:97:52:c5:cf:e1:41:8b:81:2c:41:de:b1:c3:9b:
52:ae:59:79:78:a3:5d:1c:83:d9:4e:48:19:45:69:ac:6d:34:
37:17:08:02:fe:19:06:07:9f:be:f0:0a:55:dc:4a:4a:16:60:
96:3e:63:0a:f3:b6:10:e5:88:b6:be:03:5e:7f:07:07:e6:34:
3e:fe:81:da
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgIUY6phimQ0eEZjGLKgC1VoQ8rUB8AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMjcwNTU3NDhaFw0yNjEwMjYwNjAyNDhaMDMxMTAvBgNV
BAMTKDI2MDJENUE1NEUxNDZDRDJCMTVDQjQwMzIxMENBRjFBQ0YwODQ3N0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyvUUH0fyJTSxIytrCkPPjmNxv
vdAu3JmQWOlW4vWsom4DYoxt22Gi2WsrgJ2PsjsyllRyDqKUoA3dTq0VEXVjhplg
Hv5d1MC5t0cNytFfdis2008a2Duh8lkOUvpaVsotWNlsqvAR5EbqZCXLBls04y5Z
SC5QyXcaJ0mxU+PUuyt22LPgTDiA5fRraR6KHHYkdbh5i+D02GMdKI9prRF0I+ny
uNwKZSg+M/mDt6nw9+dihlvFafHkAZpo3M0Gf4euMD8ucdS8xnAZTjoCdUZLLG6s
CtfAF+T1c9mslH0Sow9voS7KDhM/QiP453hu2E+vB9UOw0323/B1RPmwglE/AgMB
AAGjggJFMIICQTAdBgNVHQ4EFgQUJgLVpU4UbNKxXLQDIQyvGs8IR38wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwWwYIKwYBBQUHAQcBAf8ETDBKMEgEAgABMEIDBABgPtoD
BABgPv8DBACM6bsDBACPDn0DBACPDo4DBACTTwEDBAGUh8QDBAGUh8wDBACbdfUD
BACnlJoDBACnlN8wDQYJKoZIhvcNAQELBQADggEBAEmmapCXZ04XuBFIetQVYLa1
4xi48J3cJStWtlboaUmBSAzo08sDdf3uAW5ph6DJpVO4mKBF+xQrl8yNLQmdiUFj
pBJJnO9rdYU4eCnSwBokrpIQnfU2LVWHRy5Ww4rVuO1DrXvCFmS9pXTnzIgzAg5x
QQSlO9cdnh5mnmwZPFQOHGRchNVOPv87IyYILxhwEK1QzHiaKraLESaWDRjkiYXC
HlWBEA0aIbEAQ5/61FU0H7fmmrmCTb+XUsXP4UGLgSxB3rHDm1KuWXl4o10cg9lO
SBlFaaxtNDcXCAL+GQYHn77wClXcSkoWYJY+YwrzthDliLa+A15/BwfmND7+gdo=
-----END CERTIFICATE-----
Generated at Mon Nov 3 09:34:50 2025 by rpki-client