Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
File: AS21840.roa (raw, json)
Hash identifier: EyL8u3IWH1OffQtxHtVjEPxdmkQTOjco+qCOAuUpiwM=
Subject key identifier: DD:4F:DA:2E:CF:9A:22:C0:D2:D2:30:8F:EB:05:6D:AF:C3:CB:1A:59
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 4102DF7B3FDAF773AB3FBC3722F49D6AB7F6175A
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
Signing time: Thu 12 Feb 2026 08:05:05 +0000
ROA not before: Thu 12 Feb 2026 08:00:05 +0000
ROA not after: Thu 11 Feb 2027 08:05:05 +0000
asID: 21840
IP address blocks: 96.62.247.0/24 maxlen: 24
150.241.198.0/24 maxlen: 24
155.117.51.0/24 maxlen: 24
167.148.196.0/24 maxlen: 24
168.222.48.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
41:02:df:7b:3f:da:f7:73:ab:3f:bc:37:22:f4:9d:6a:b7:f6:17:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Feb 12 08:00:05 2026 GMT
Not After : Feb 11 08:05:05 2027 GMT
Subject: CN=DD4FDA2ECF9A22C0D2D2308FEB056DAFC3CB1A59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:51:86:28:9f:c5:51:15:e3:99:72:e7:b6:7f:
cd:9a:92:5e:42:d8:5e:86:ff:ca:72:54:2e:a4:84:
33:a5:77:a5:2d:e0:7d:4b:67:23:8e:3e:c1:39:04:
37:9b:e4:5d:c6:9b:15:d3:63:6d:52:dc:c2:52:6a:
72:cf:1c:7f:50:77:9d:77:e9:2e:84:06:4d:e9:e2:
b1:82:54:13:1d:8f:eb:c3:19:b9:f5:34:ec:5a:38:
27:d7:07:5e:40:4b:51:62:b4:1f:d4:ba:ba:dd:53:
98:73:02:b8:19:fa:2d:00:7f:53:a1:9c:b8:47:91:
7b:f6:43:65:c4:fe:d4:b9:ac:7e:9c:d7:b6:c0:dc:
65:19:4f:31:0a:ae:6d:78:29:1b:7c:6a:62:d9:e6:
2d:58:a3:bb:27:a4:1a:dc:6e:f0:09:d0:a3:b2:c7:
96:36:1d:fa:eb:4d:76:b6:46:61:96:fb:e9:fb:93:
d5:d9:1d:9a:30:16:d0:55:a9:c1:70:52:8f:d0:85:
22:1d:63:f7:2b:13:68:a2:c2:64:e1:6c:11:7b:27:
a2:55:ed:a3:b0:ca:a1:28:c8:82:3c:1f:d3:8b:83:
5c:e8:89:78:6e:e8:14:8e:0e:86:40:12:33:fa:41:
11:ec:f3:ea:b9:95:31:94:f4:45:a3:62:df:08:ad:
93:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:4F:DA:2E:CF:9A:22:C0:D2:D2:30:8F:EB:05:6D:AF:C3:CB:1A:59
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.247.0/24
150.241.198.0/24
155.117.51.0/24
167.148.196.0/24
168.222.48.0/24
Signature Algorithm: sha256WithRSAEncryption
68:fb:3a:2c:e8:00:93:28:cf:6a:1f:cc:96:73:8a:b5:80:53:
9a:0c:47:69:cd:71:42:d8:3f:e7:84:90:cb:2c:03:d2:e3:de:
1c:19:51:a1:fe:f8:e1:8e:9b:94:32:af:26:07:46:c1:c7:8f:
c3:2b:e7:53:9e:5d:e7:61:8b:37:cc:8e:55:f8:d7:fa:f1:a1:
cc:61:9b:f4:f4:d4:ce:ad:6c:69:50:e5:c8:51:16:3d:69:ea:
55:4d:38:d1:7b:43:3c:d0:10:c7:02:e7:d7:7d:e7:e0:50:60:
f1:bf:13:b4:78:16:74:a9:52:6c:de:69:26:44:99:1c:0a:9b:
45:06:3f:61:40:36:c5:6e:66:0b:f8:27:9d:35:24:d9:84:c4:
7a:35:4e:b6:0d:5d:14:76:e7:cc:fd:67:8a:45:18:10:8c:94:
47:ee:01:e0:3a:d8:a2:f1:a5:01:43:63:1d:a5:0b:35:f0:45:
22:9e:fb:da:8c:d5:91:fc:1d:d9:f4:82:c9:5a:3e:00:aa:bc:
bc:5f:46:c1:06:13:af:c0:99:c5:12:b7:a4:e2:e8:f6:44:78:
14:ba:cc:99:a2:fc:bb:46:20:0d:4b:f9:f0:27:6a:25:e6:19:
c4:0d:fb:b0:48:36:cc:0c:83:4a:2b:a6:75:9c:d6:b7:f7:c0:
bf:51:b8:b7
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIUQQLfez/a93OrP7w3IvSdarf2F1owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMTIwODAwMDVaFw0yNzAyMTEwODA1MDVaMDMxMTAvBgNV
BAMTKERENEZEQTJFQ0Y5QTIyQzBEMkQyMzA4RkVCMDU2REFGQzNDQjFBNTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUUYYon8VRFeOZcue2f82akl5C
2F6G/8pyVC6khDOld6Ut4H1LZyOOPsE5BDeb5F3GmxXTY21S3MJSanLPHH9Qd513
6S6EBk3p4rGCVBMdj+vDGbn1NOxaOCfXB15AS1FitB/UurrdU5hzArgZ+i0Af1Oh
nLhHkXv2Q2XE/tS5rH6c17bA3GUZTzEKrm14KRt8amLZ5i1Yo7snpBrcbvAJ0KOy
x5Y2HfrrTXa2RmGW++n7k9XZHZowFtBVqcFwUo/QhSIdY/crE2iiwmThbBF7J6JV
7aOwyqEoyII8H9OLg1zoiXhu6BSODoZAEjP6QRHs8+q5lTGU9EWjYt8IrZORAgMB
AAGjggIhMIICHTAdBgNVHQ4EFgQU3U/aLs+aIsDS0jCP6wVtr8PLGlkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNwYIKwYBBQUHAQcBAf8EKDAmMCQEAgABMB4DBABgPvcD
BACW8cYDBACbdTMDBACnlMQDBACo3jAwDQYJKoZIhvcNAQELBQADggEBAGj7Oizo
AJMoz2ofzJZzirWAU5oMR2nNcULYP+eEkMssA9Lj3hwZUaH++OGOm5QyryYHRsHH
j8Mr51OeXedhizfMjlX41/rxocxhm/T01M6tbGlQ5chRFj1p6lVNONF7QzzQEMcC
59d95+BQYPG/E7R4FnSpUmzeaSZEmRwKm0UGP2FANsVuZgv4J501JNmExHo1TrYN
XRR258z9Z4pFGBCMlEfuAeA62KLxpQFDYx2lCzXwRSKe+9qM1ZH8Hdn0gslaPgCq
vLxfRsEGE6/AmcUSt6Ti6PZEeBS6zJmi/LtGIA1L+fAnaiXmGcQN+7BINswMg0or
pnWc1rf3wL9RuLc=
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:27:03 2026 by rpki-client