Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
File: AS21840.roa (raw, json)
Hash identifier: wR5+UdmIwsbVuL1JHjYoy68+zFXaWxStEAFAC6jG+pc=
Subject key identifier: EF:6E:B8:32:3B:C4:17:18:E4:08:62:65:DB:59:1F:37:38:FE:00:87
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 70979E72B1BE6120E68420DA90A336B537755D24
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
Signing time: Sat 25 Oct 2025 00:09:57 +0000
ROA not before: Sat 25 Oct 2025 00:04:57 +0000
ROA not after: Sat 24 Oct 2026 00:09:57 +0000
asID: 21840
IP address blocks: 96.62.247.0/24 maxlen: 24
148.135.173.0/24 maxlen: 24
150.241.198.0/24 maxlen: 24
155.117.51.0/24 maxlen: 24
167.148.196.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
70:97:9e:72:b1:be:61:20:e6:84:20:da:90:a3:36:b5:37:75:5d:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Oct 25 00:04:57 2025 GMT
Not After : Oct 24 00:09:57 2026 GMT
Subject: CN=EF6EB8323BC41718E4086265DB591F3738FE0087
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:e2:1f:9a:63:b4:22:ec:1d:43:fa:70:e2:7b:
01:ac:52:a7:0c:23:a1:3a:5a:5a:d6:97:d7:5b:ed:
3d:76:bc:f2:c6:db:f3:a2:4e:67:2d:09:83:84:e8:
08:34:d2:e1:be:11:5b:cc:c0:a6:4e:d5:13:c2:c1:
38:cf:34:45:65:77:ad:ef:f3:10:80:1a:b0:62:93:
b9:37:58:41:f2:83:c9:01:55:28:89:45:61:56:a0:
06:3c:fd:ec:23:a9:ed:ff:a5:f7:ea:a8:d5:49:f2:
22:5e:7e:1e:92:fa:6c:a4:50:a5:2b:c8:76:4e:f5:
92:89:84:25:9c:d6:2b:80:04:12:06:49:4c:ae:1d:
a0:26:72:df:80:c7:28:2b:a7:e6:c8:45:e5:0e:a0:
c5:33:3f:a5:f0:b1:bb:fe:1d:af:32:3f:f4:3b:e2:
1e:f4:48:2f:dc:60:f5:0d:fa:fa:83:9e:3d:52:e8:
51:e7:fe:66:17:ca:5a:0a:a4:94:3d:c2:dc:44:ba:
33:50:21:fb:83:cd:31:cf:47:d0:7d:bc:50:02:10:
ce:20:ca:4d:85:53:e5:42:ca:d0:7d:9c:3a:a2:b6:
74:72:71:63:86:d5:2a:a2:1b:0a:b6:17:2e:d2:b0:
81:a9:70:cb:e2:7d:ca:7c:d0:0c:4d:bd:5b:a0:2e:
e7:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:6E:B8:32:3B:C4:17:18:E4:08:62:65:DB:59:1F:37:38:FE:00:87
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.247.0/24
148.135.173.0/24
150.241.198.0/24
155.117.51.0/24
167.148.196.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:e7:42:0d:7e:c0:be:48:aa:b4:ee:f8:c7:b1:0c:23:e2:14:
08:b6:79:91:b2:3d:93:cb:21:5c:d1:0e:c7:4e:a8:f2:21:43:
46:3b:33:f6:70:2b:c7:f6:03:1b:3a:9c:59:ec:3e:9c:d5:08:
4b:44:58:70:fe:da:53:ff:0a:1a:fd:b8:3f:a9:79:a7:65:37:
7d:6a:e8:37:ee:c1:32:76:a8:8c:bb:e5:4f:8f:c8:95:7e:a1:
d7:d7:0c:df:65:dc:1a:5d:ee:a7:37:94:87:36:9f:a5:77:bf:
61:8b:9a:90:e4:c1:bd:b0:62:22:aa:d8:b1:9c:c1:6f:c4:50:
6a:cb:60:f2:cb:e9:ad:fc:d2:05:9e:cf:4d:40:41:c1:8b:40:
79:e7:46:21:de:57:c6:ea:24:1a:59:6d:71:cb:5a:54:91:32:
06:25:a3:e2:84:7e:11:b9:e2:04:12:50:47:e7:b0:51:b4:0c:
89:03:0d:6d:7c:4a:42:4a:fb:a3:05:ae:ec:3d:6a:d6:f6:85:
8c:82:15:7f:4f:a0:5a:8b:38:9d:6c:40:e5:f6:d5:75:88:a9:
48:11:f5:fd:0e:a7:f8:a6:ce:de:c0:7e:60:31:aa:40:59:6c:
75:43:93:22:09:72:2f:c7:13:04:e8:e4:62:e0:05:59:5a:e5:
50:18:a4:58
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIUcJeecrG+YSDmhCDakKM2tTd1XSQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMjUwMDA0NTdaFw0yNjEwMjQwMDA5NTdaMDMxMTAvBgNV
BAMTKEVGNkVCODMyM0JDNDE3MThFNDA4NjI2NURCNTkxRjM3MzhGRTAwODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg4h+aY7Qi7B1D+nDiewGsUqcM
I6E6WlrWl9db7T12vPLG2/OiTmctCYOE6Ag00uG+EVvMwKZO1RPCwTjPNEVld63v
8xCAGrBik7k3WEHyg8kBVSiJRWFWoAY8/ewjqe3/pffqqNVJ8iJefh6S+mykUKUr
yHZO9ZKJhCWc1iuABBIGSUyuHaAmct+Axygrp+bIReUOoMUzP6Xwsbv+Ha8yP/Q7
4h70SC/cYPUN+vqDnj1S6FHn/mYXyloKpJQ9wtxEujNQIfuDzTHPR9B9vFACEM4g
yk2FU+VCytB9nDqitnRycWOG1SqiGwq2Fy7SsIGpcMvifcp80AxNvVugLucVAgMB
AAGjggIhMIICHTAdBgNVHQ4EFgQU7264MjvEFxjkCGJl21kfNzj+AIcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNwYIKwYBBQUHAQcBAf8EKDAmMCQEAgABMB4DBABgPvcD
BACUh60DBACW8cYDBACbdTMDBACnlMQwDQYJKoZIhvcNAQELBQADggEBADznQg1+
wL5IqrTu+MexDCPiFAi2eZGyPZPLIVzRDsdOqPIhQ0Y7M/ZwK8f2Axs6nFnsPpzV
CEtEWHD+2lP/Chr9uD+peadlN31q6DfuwTJ2qIy75U+PyJV+odfXDN9l3Bpd7qc3
lIc2n6V3v2GLmpDkwb2wYiKq2LGcwW/EUGrLYPLL6a380gWez01AQcGLQHnnRiHe
V8bqJBpZbXHLWlSRMgYlo+KEfhG54gQSUEfnsFG0DIkDDW18SkJK+6MFruw9atb2
hYyCFX9PoFqLOJ1sQOX21XWIqUgR9f0Op/imzt7AfmAxqkBZbHVDkyIJci/HEwTo
5GLgBVla5VAYpFg=
-----END CERTIFICATE-----
Generated at Wed Nov 5 07:43:16 2025 by rpki-client