Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: DRbc3wBaPa/KGHJg9EqK55v0s73e8MATDUbPs0y/aAA=
Subject key identifier: C4:38:23:B6:58:64:9D:26:E2:4D:E2:24:9B:36:BE:A3:10:D3:A4:B0
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 6B281CAA69225DCE560E6B4E7B92F0211152F2C3
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
Signing time: Thu 06 Nov 2025 00:02:22 +0000
ROA not before: Wed 05 Nov 2025 23:57:22 +0000
ROA not after: Thu 05 Nov 2026 00:02:22 +0000
asID: 21859
IP address blocks: 82.21.188.0/24 maxlen: 24
82.22.45.0/24 maxlen: 24
82.22.63.0/24 maxlen: 24
82.22.187.0/24 maxlen: 24
82.23.172.0/24 maxlen: 24
82.25.35.0/24 maxlen: 24
82.26.122.0/24 maxlen: 24
2a13:9500:aa::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 07 Nov 2025 00:59:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6b:28:1c:aa:69:22:5d:ce:56:0e:6b:4e:7b:92:f0:21:11:52:f2:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Nov 5 23:57:22 2025 GMT
Not After : Nov 5 00:02:22 2026 GMT
Subject: CN=C43823B658649D26E24DE2249B36BEA310D3A4B0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:94:94:0b:4a:f4:93:9a:df:49:27:fa:eb:b8:
00:ff:6c:aa:d6:09:91:32:3b:b3:e0:98:be:f0:d3:
a2:6c:f0:69:ff:e1:58:4c:ba:21:77:68:4b:41:f6:
e6:55:e2:73:1f:a7:cc:9b:63:00:91:4b:96:08:c2:
f0:d8:d8:f1:71:7b:a7:1b:b2:43:ac:ff:fc:38:79:
af:49:97:9c:84:2b:28:8e:74:4b:e2:f2:f4:c4:59:
c0:ca:ab:e3:f4:9d:9f:77:53:03:e7:59:34:31:68:
9f:62:26:18:98:69:07:0f:14:02:50:84:d7:2c:a6:
e4:bb:1d:07:f2:45:24:ca:10:b6:3d:8f:6f:15:72:
06:90:79:9f:7a:58:83:31:70:5d:b9:14:3c:7e:14:
99:a4:7d:45:e1:ab:92:fc:78:9f:da:29:7c:03:ec:
06:8c:79:d7:5c:e4:e9:75:5a:0d:76:49:0f:08:d8:
70:ee:71:79:a0:d1:a9:0d:e7:2c:10:86:29:07:e5:
63:d0:a0:9c:f4:a9:65:14:19:22:46:42:a2:3a:e2:
88:61:66:52:9c:78:09:2b:c9:b2:b9:44:d1:56:f8:
e2:e8:35:0a:21:5b:8e:8a:50:bc:08:10:01:c4:91:
d3:9e:b9:4d:c3:cd:57:fb:cc:d9:5a:f0:88:71:58:
1d:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:38:23:B6:58:64:9D:26:E2:4D:E2:24:9B:36:BE:A3:10:D3:A4:B0
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.188.0/24
82.22.45.0/24
82.22.63.0/24
82.22.187.0/24
82.23.172.0/24
82.25.35.0/24
82.26.122.0/24
IPv6:
2a13:9500:aa::/48
Signature Algorithm: sha256WithRSAEncryption
1f:e4:db:13:46:36:f5:fa:6d:1f:b8:de:0e:0c:42:a9:bc:e7:
09:1e:ff:64:04:08:b6:f3:f5:09:78:ac:2f:f3:49:c3:0a:5a:
e4:01:e9:39:27:41:7a:62:cc:f1:a7:65:11:ba:08:9a:d1:a8:
36:63:db:0d:1d:9f:28:8a:c3:78:43:de:18:63:f2:ad:bd:03:
60:c6:ea:6e:a7:0e:60:b7:ae:2d:ca:8a:cd:0b:a0:c6:e0:53:
c9:6b:5a:92:5e:2b:25:18:a3:a7:21:ef:2a:12:e8:75:7f:f6:
81:1b:74:57:0b:39:70:b0:10:d0:bf:5d:79:bd:76:75:11:76:
a8:74:5e:03:36:57:a6:ce:0b:91:e0:4c:58:c0:03:60:3b:72:
c4:ad:96:57:97:3f:c6:86:94:24:aa:26:ec:89:33:d4:38:b3:
9a:79:0c:4b:95:6e:b3:22:fd:c2:1c:29:d6:fc:99:61:3f:21:
85:7d:83:51:8f:28:ff:25:44:4a:b9:c6:fa:3d:a0:70:98:ed:
40:a0:b4:42:0b:2b:80:ef:2c:8a:02:86:99:bb:4f:5c:d1:5b:
41:74:a3:68:7d:27:ab:32:bc:60:4e:50:ff:a3:2a:01:5d:06:
cf:1e:9d:c7:46:72:73:47:29:4f:93:42:8a:bb:e2:29:8f:09:
60:d4:95:1a
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIUaygcqmkiXc5WDmtOe5LwIRFS8sMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTExMDUyMzU3MjJaFw0yNjExMDUwMDAyMjJaMDMxMTAvBgNV
BAMTKEM0MzgyM0I2NTg2NDlEMjZFMjRERTIyNDlCMzZCRUEzMTBEM0E0QjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCplJQLSvSTmt9JJ/rruAD/bKrW
CZEyO7PgmL7w06Js8Gn/4VhMuiF3aEtB9uZV4nMfp8ybYwCRS5YIwvDY2PFxe6cb
skOs//w4ea9Jl5yEKyiOdEvi8vTEWcDKq+P0nZ93UwPnWTQxaJ9iJhiYaQcPFAJQ
hNcspuS7HQfyRSTKELY9j28VcgaQeZ96WIMxcF25FDx+FJmkfUXhq5L8eJ/aKXwD
7AaMeddc5Ol1Wg12SQ8I2HDucXmg0akN5ywQhikH5WPQoJz0qWUUGSJGQqI64ohh
ZlKceAkrybK5RNFW+OLoNQohW46KULwIEAHEkdOeuU3DzVf7zNla8IhxWB3zAgMB
AAGjggI+MIICOjAdBgNVHQ4EFgQUxDgjtlhknSbiTeIkmza+oxDTpLAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVAYIKwYBBQUHAQcBAf8ERTBDMDAEAgABMCoDBABSFbwD
BABSFi0DBABSFj8DBABSFrsDBABSF6wDBABSGSMDBABSGnowDwQCAAIwCQMHACoT
lQAAqjANBgkqhkiG9w0BAQsFAAOCAQEAH+TbE0Y29fptH7jeDgxCqbznCR7/ZAQI
tvP1CXisL/NJwwpa5AHpOSdBemLM8adlEboImtGoNmPbDR2fKIrDeEPeGGPyrb0D
YMbqbqcOYLeuLcqKzQugxuBTyWtakl4rJRijpyHvKhLodX/2gRt0Vws5cLAQ0L9d
eb12dRF2qHReAzZXps4LkeBMWMADYDtyxK2WV5c/xoaUJKom7Ikz1DizmnkMS5Vu
syL9whwp1vyZYT8hhX2DUY8o/yVESrnG+j2gcJjtQKC0QgsrgO8sigKGmbtPXNFb
QXSjaH0nqzK8YE5Q/6MqAV0Gzx6dx0Zyc0cpT5NCirviKY8JYNSVGg==
-----END CERTIFICATE-----
Generated at Thu Nov 6 09:44:47 2025 by rpki-client