Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: 9H6Xpkjn2EmNTl2C+Qz3iT7AZDTo3JGvPsDwk+ApdoA=
Subject key identifier: EB:89:2B:3E:05:77:BA:75:00:21:E0:86:15:08:0F:AD:6D:42:B2:1A
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 74317EFB5D9397C5F9AC3ADE3CB3CE841DA904F5
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
Signing time: Mon 09 Feb 2026 07:24:07 +0000
ROA not before: Mon 09 Feb 2026 07:19:07 +0000
ROA not after: Mon 08 Feb 2027 07:24:07 +0000
asID: 21859
IP address blocks: 82.21.111.0/24 maxlen: 24
82.21.188.0/24 maxlen: 24
82.22.45.0/24 maxlen: 24
82.22.162.0/24 maxlen: 24
82.22.193.0/24 maxlen: 24
82.22.196.0/24 maxlen: 24
82.23.171.0/24 maxlen: 24
82.23.172.0/24 maxlen: 24
82.25.35.0/24 maxlen: 24
82.26.87.0/24 maxlen: 24
82.26.196.0/24 maxlen: 24
82.27.129.0/24 maxlen: 24
82.27.197.0/24 maxlen: 24
82.38.180.0/24 maxlen: 24
82.38.200.0/24 maxlen: 24
82.39.114.0/24 maxlen: 24
82.39.146.0/24 maxlen: 24
82.39.148.0/24 maxlen: 24
82.39.208.0/24 maxlen: 24
82.40.59.0/24 maxlen: 24
82.41.99.0/24 maxlen: 24
178.83.18.0/24 maxlen: 24
178.83.58.0/24 maxlen: 24
178.83.100.0/24 maxlen: 24
178.83.199.0/24 maxlen: 24
178.83.222.0/24 maxlen: 24
2a13:9500:aa::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 23 Feb 2026 11:47:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
74:31:7e:fb:5d:93:97:c5:f9:ac:3a:de:3c:b3:ce:84:1d:a9:04:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Feb 9 07:19:07 2026 GMT
Not After : Feb 8 07:24:07 2027 GMT
Subject: CN=EB892B3E0577BA750021E08615080FAD6D42B21A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:26:a4:a1:8e:07:fa:c8:b2:0d:8c:25:09:19:
dc:ba:94:82:7f:a6:80:c0:d4:57:7e:9c:cd:7b:5e:
47:e6:0c:ed:a9:43:40:ef:d8:ec:06:4c:70:0b:a7:
0d:55:90:10:2a:6e:f5:de:8c:6b:5a:98:38:f3:9d:
79:15:d0:d6:0e:0b:28:58:d1:dc:a2:04:9c:a7:7d:
02:96:d4:f3:2e:94:89:85:ba:1f:b1:e3:1e:67:7e:
5b:66:b3:28:57:0c:99:3e:1b:ba:b2:01:c1:e0:a4:
ca:d8:78:8d:fa:55:0a:a6:fc:9a:65:06:c0:e5:6a:
30:5a:7b:ba:5a:e0:e2:e0:83:bf:ea:26:9b:5a:6e:
af:da:d7:c9:2c:a2:27:7b:52:b7:50:8a:5e:8a:99:
92:73:a1:29:2f:6f:eb:ad:b0:15:4e:ce:cd:a9:ff:
03:5a:f6:1c:ec:4b:7d:6c:c1:5e:69:f7:b7:7f:38:
ca:30:de:79:46:04:6c:70:4f:13:72:c9:f5:4e:98:
32:03:ec:c6:c0:4b:e0:4a:ed:06:9b:be:8b:00:c3:
59:cc:c5:3d:2a:c3:d1:99:45:cf:fb:26:03:10:23:
94:68:35:03:7f:5b:52:79:d3:92:e2:f7:9d:ae:6d:
67:8f:c3:a2:33:c7:bb:24:14:44:6a:cf:18:70:db:
8d:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:89:2B:3E:05:77:BA:75:00:21:E0:86:15:08:0F:AD:6D:42:B2:1A
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.111.0/24
82.21.188.0/24
82.22.45.0/24
82.22.162.0/24
82.22.193.0/24
82.22.196.0/24
82.23.171.0-82.23.172.255
82.25.35.0/24
82.26.87.0/24
82.26.196.0/24
82.27.129.0/24
82.27.197.0/24
82.38.180.0/24
82.38.200.0/24
82.39.114.0/24
82.39.146.0/24
82.39.148.0/24
82.39.208.0/24
82.40.59.0/24
82.41.99.0/24
178.83.18.0/24
178.83.58.0/24
178.83.100.0/24
178.83.199.0/24
178.83.222.0/24
IPv6:
2a13:9500:aa::/48
Signature Algorithm: sha256WithRSAEncryption
06:e8:b9:1c:33:20:14:db:2d:eb:df:8d:6c:c9:c3:7e:dc:cb:
13:03:6e:b0:c3:16:02:36:25:59:05:50:0e:7b:b7:49:01:fb:
f7:2c:fc:94:2d:9b:78:69:fc:37:1c:2b:38:bc:9b:c1:fa:26:
47:46:86:9d:67:83:d4:5e:c2:a8:39:de:ce:32:fe:b9:f6:d8:
31:2b:85:8b:0d:d5:d7:76:78:fc:7a:d7:61:49:9e:41:ff:33:
2a:a4:d7:e3:35:48:4d:dd:5e:6d:0b:e6:3f:a5:35:b3:41:b8:
94:ee:50:19:bb:38:27:84:26:3d:07:97:cc:63:6a:80:bc:17:
1c:c3:76:21:36:4b:be:f4:9c:1a:60:be:35:c3:45:93:f9:b5:
99:e1:0c:b3:8b:59:11:49:f5:2c:a6:9e:3b:68:cc:0b:63:7a:
7d:5b:8e:e7:cf:8a:0d:d1:79:93:ad:14:59:e8:46:ff:cd:ce:
6e:43:b8:d0:f5:71:80:6a:9e:a6:3b:01:22:65:30:67:bd:29:
b6:02:1f:81:d9:7a:f9:72:f9:ba:2a:cf:89:e9:27:d0:a1:37:
f7:ef:ef:09:de:f2:68:4a:05:1a:d1:23:e0:ae:b7:bb:05:01:
b7:66:85:1f:e8:7b:68:70:4f:ae:97:29:65:bd:30:16:6c:15:
24:8f:11:88
-----BEGIN CERTIFICATE-----
MIIFrTCCBJWgAwIBAgIUdDF++12Tl8X5rDrePLPOhB2pBPUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMDkwNzE5MDdaFw0yNzAyMDgwNzI0MDdaMDMxMTAvBgNV
BAMTKEVCODkyQjNFMDU3N0JBNzUwMDIxRTA4NjE1MDgwRkFENkQ0MkIyMUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpJqShjgf6yLINjCUJGdy6lIJ/
poDA1Fd+nM17XkfmDO2pQ0Dv2OwGTHALpw1VkBAqbvXejGtamDjznXkV0NYOCyhY
0dyiBJynfQKW1PMulImFuh+x4x5nfltmsyhXDJk+G7qyAcHgpMrYeI36VQqm/Jpl
BsDlajBae7pa4OLgg7/qJptabq/a18ksoid7UrdQil6KmZJzoSkvb+utsBVOzs2p
/wNa9hzsS31swV5p97d/OMow3nlGBGxwTxNyyfVOmDID7MbAS+BK7QabvosAw1nM
xT0qw9GZRc/7JgMQI5RoNQN/W1J505Li952ubWePw6Izx7skFERqzxhw243BAgMB
AAGjggK3MIICszAdBgNVHQ4EFgQU64krPgV3unUAIeCGFQgPrW1CshowHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgcwGCCsGAQUFBwEHAQH/BIG8MIG5MIGlBAIAATCBngME
AFIVbwMEAFIVvAMEAFIWLQMEAFIWogMEAFIWwQMEAFIWxDAMAwQAUherAwQAUhes
AwQAUhkjAwQAUhpXAwQAUhrEAwQAUhuBAwQAUhvFAwQAUia0AwQAUibIAwQAUidy
AwQAUieSAwQAUieUAwQAUifQAwQAUig7AwQAUiljAwQAslMSAwQAslM6AwQAslNk
AwQAslPHAwQAslPeMA8EAgACMAkDBwAqE5UAAKowDQYJKoZIhvcNAQELBQADggEB
AAbouRwzIBTbLevfjWzJw37cyxMDbrDDFgI2JVkFUA57t0kB+/cs/JQtm3hp/Dcc
Kzi8m8H6JkdGhp1ng9Rewqg53s4y/rn22DErhYsN1dd2ePx612FJnkH/Myqk1+M1
SE3dXm0L5j+lNbNBuJTuUBm7OCeEJj0Hl8xjaoC8FxzDdiE2S770nBpgvjXDRZP5
tZnhDLOLWRFJ9SymnjtozAtjen1bjufPig3ReZOtFFnoRv/Nzm5DuND1cYBqnqY7
ASJlMGe9KbYCH4HZevly+boqz4npJ9ChN/fv7wne8mhKBRrRI+Cut7sFAbdmhR/o
e2hwT66XKWW9MBZsFSSPEYg=
-----END CERTIFICATE-----
Generated at Sun Feb 22 22:06:02 2026 by rpki-client