Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: J0+CN5PSkhhYKj+i1rHLcTmDKHO5GwcCqaekPg9BhK8=
Subject key identifier: 3B:A7:6D:BF:34:87:14:EC:54:90:B6:98:45:7C:C9:22:2B:EA:CE:8E
Certificate issuer: /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial: 4A033A14294C3406F0DA899A0939711DF1F34DAC
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa
Signing time: Tue 21 Oct 2025 01:24:44 +0000
ROA not before: Tue 21 Oct 2025 01:19:44 +0000
ROA not after: Tue 20 Oct 2026 01:24:44 +0000
asID: 21859
IP address blocks: 141.11.117.0/24 maxlen: 24
141.11.119.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Oct 2025 19:12:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:03:3a:14:29:4c:34:06:f0:da:89:9a:09:39:71:1d:f1:f3:4d:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
Validity
Not Before: Oct 21 01:19:44 2025 GMT
Not After : Oct 20 01:24:44 2026 GMT
Subject: CN=3BA76DBF348714EC5490B698457CC9222BEACE8E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:64:ef:83:c5:08:8b:d7:16:ca:8c:18:a5:94:
d6:9d:b5:d9:1f:4b:42:33:05:3f:5b:18:2c:b5:d8:
44:08:10:06:f1:a3:f0:e9:4c:20:92:61:e7:e3:96:
54:e0:86:97:e4:a3:8d:f3:63:88:80:41:10:60:50:
95:75:4b:45:d4:a1:b2:c6:2d:73:ea:fd:80:89:dd:
e0:6d:87:71:29:ff:13:7a:da:c0:c6:2c:9a:07:35:
75:8a:72:25:a8:42:9e:63:33:cd:c7:c5:d4:94:17:
03:8c:2c:3a:0e:db:83:8a:9a:c5:98:48:33:d9:e8:
59:48:e0:1e:bd:1c:1a:5d:f7:35:be:8e:d8:2d:6c:
7c:65:a5:18:07:a4:f5:e2:bb:b0:b7:30:a8:79:09:
5c:19:3e:c9:ff:3c:6c:1a:dc:7a:35:87:b5:5d:02:
7d:64:8d:5b:df:3b:20:5e:83:91:a5:77:b8:d6:91:
4d:f2:99:f5:a9:dd:bd:04:9e:e4:5c:49:d9:fe:3e:
e2:c3:4c:cf:3e:49:53:af:15:77:eb:60:b2:f5:52:
f7:55:72:a0:13:3a:3b:85:ab:09:29:0f:09:12:25:
72:d3:4b:b8:1d:6f:60:07:6a:9f:5e:51:8c:fd:df:
8f:fc:de:a0:e0:14:93:f9:b5:c4:9c:e1:98:b7:2d:
f1:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:A7:6D:BF:34:87:14:EC:54:90:B6:98:45:7C:C9:22:2B:EA:CE:8E
X509v3 Authority Key Identifier:
keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.11.117.0/24
141.11.119.0/24
Signature Algorithm: sha256WithRSAEncryption
86:70:68:d8:cc:e3:db:b5:43:2b:fe:2c:d9:f4:ef:d3:b9:67:
8a:db:a1:04:cd:0e:ed:74:40:dc:80:f1:56:72:b9:fb:88:60:
da:7e:86:54:11:d6:60:85:36:3b:0c:55:4a:67:28:1e:00:ac:
da:9e:6f:ca:e7:f7:a6:1d:57:18:a3:86:6c:94:ec:49:5a:d0:
7a:e8:6b:e9:54:35:9d:de:89:ec:63:8c:fe:eb:f8:00:f8:53:
9d:b0:a6:9c:3f:a2:1c:26:ba:56:e2:17:3a:2b:88:cd:4e:08:
a7:22:17:03:4a:82:f2:c3:ec:b7:2c:d8:6c:8a:e4:c5:1a:5c:
5d:04:f1:ee:7b:58:ec:74:21:73:a0:df:f2:1e:65:aa:bf:38:
dc:e0:5b:56:9a:7f:63:f2:b2:d0:a0:9a:49:14:61:cd:2c:d0:
91:55:65:35:31:86:42:e0:60:7f:3f:2c:8a:9b:51:ac:2f:57:
5d:7f:e7:d1:96:e8:95:9a:da:20:16:e3:49:e7:3a:74:02:53:
7c:ed:c1:4b:6f:28:ab:fb:97:f2:95:6d:9a:94:09:ef:98:e0:
cf:05:95:41:24:b9:c6:8d:32:93:b4:af:f1:fa:1f:0b:a6:40:
ed:71:3a:3d:78:6a:89:2e:df:9e:3a:da:7c:7b:49:49:7d:d8:
f9:62:1c:bf
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUSgM6FClMNAbw2omaCTlxHfHzTawwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTEwMjEwMTE5NDRaFw0yNjEwMjAwMTI0NDRaMDMxMTAvBgNV
BAMTKDNCQTc2REJGMzQ4NzE0RUM1NDkwQjY5ODQ1N0NDOTIyMkJFQUNFOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFZO+DxQiL1xbKjBillNadtdkf
S0IzBT9bGCy12EQIEAbxo/DpTCCSYefjllTghpfko43zY4iAQRBgUJV1S0XUobLG
LXPq/YCJ3eBth3Ep/xN62sDGLJoHNXWKciWoQp5jM83HxdSUFwOMLDoO24OKmsWY
SDPZ6FlI4B69HBpd9zW+jtgtbHxlpRgHpPXiu7C3MKh5CVwZPsn/PGwa3Ho1h7Vd
An1kjVvfOyBeg5Gld7jWkU3ymfWp3b0EnuRcSdn+PuLDTM8+SVOvFXfrYLL1UvdV
cqATOjuFqwkpDwkSJXLTS7gdb2AHap9eUYz934/83qDgFJP5tcSc4Zi3LfETAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUO6dtvzSHFOxUkLaYRXzJIivqzo4wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNC3UD
BACNC3cwDQYJKoZIhvcNAQELBQADggEBAIZwaNjM49u1Qyv+LNn079O5Z4rboQTN
Du10QNyA8VZyufuIYNp+hlQR1mCFNjsMVUpnKB4ArNqeb8rn96YdVxijhmyU7Ela
0Hroa+lUNZ3eiexjjP7r+AD4U52wppw/ohwmulbiFzoriM1OCKciFwNKgvLD7Lcs
2GyK5MUaXF0E8e57WOx0IXOg3/IeZaq/ONzgW1aaf2PystCgmkkUYc0s0JFVZTUx
hkLgYH8/LIqbUawvV11/59GW6JWa2iAW40nnOnQCU3ztwUtvKKv7l/KVbZqUCe+Y
4M8FlUEkucaNMpO0r/H6HwumQO1xOj14aoku35462nx7SUl92PliHL8=
-----END CERTIFICATE-----
Generated at Wed Oct 22 02:09:57 2025 by rpki-client