Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
File: AS21840.roa (raw, json)
Hash identifier: mGfc5tS65hy2LaFnwrt7rmfUrGpA9+LoTX33i0qTrOs=
Subject key identifier: 1B:BC:36:46:86:12:37:66:3E:DA:37:2D:24:D5:E1:13:50:E8:6F:53
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 3B0CCE9A6955F179FF4AA834411529625221B5A0
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
Signing time: Fri 01 Aug 2025 08:03:45 +0000
ROA not before: Fri 01 Aug 2025 07:58:45 +0000
ROA not after: Fri 31 Jul 2026 08:03:45 +0000
asID: 21840
IP address blocks: 96.62.247.0/24 maxlen: 24
143.14.132.0/24 maxlen: 24
148.135.173.0/24 maxlen: 24
150.241.198.0/24 maxlen: 24
155.117.51.0/24 maxlen: 24
155.117.60.0/24 maxlen: 24
167.148.196.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 03:00:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:0c:ce:9a:69:55:f1:79:ff:4a:a8:34:41:15:29:62:52:21:b5:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Aug 1 07:58:45 2025 GMT
Not After : Jul 31 08:03:45 2026 GMT
Subject: CN=1BBC3646861237663EDA372D24D5E11350E86F53
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c5:22:c6:39:42:b1:84:72:8a:aa:be:ce:22:
bf:cd:14:86:af:dd:78:e6:50:4b:fb:6f:7d:a9:cc:
13:90:99:f5:50:80:d4:93:19:e6:55:08:f5:9e:5e:
2c:c0:14:06:0a:cf:0c:ad:52:4f:f4:9f:aa:40:b7:
a6:5d:2b:67:51:ec:0f:d6:b9:4e:62:c0:e9:1c:56:
a8:3e:31:88:87:aa:e6:84:09:0b:ea:e1:79:24:c6:
22:4b:fe:3d:85:d1:08:f9:25:5e:e8:dc:11:f3:1a:
34:b5:8a:ed:08:d3:ec:8d:3a:af:d4:4c:99:1b:4c:
fd:60:70:f8:e9:cc:7b:c1:2a:a0:88:71:8e:55:77:
ce:a9:13:c9:5d:26:d3:f6:25:9c:ca:e0:41:77:d3:
21:7b:47:4c:77:f5:5f:1b:c0:c5:50:a9:7a:a8:15:
4e:c5:bf:6e:a3:f0:e3:06:71:4e:99:6a:b3:fa:59:
ec:32:9b:b3:2c:82:a4:47:8c:5d:35:21:f1:5a:e7:
43:5c:4e:05:67:6a:7a:4b:57:13:fd:44:ea:bd:7b:
82:b9:6d:e0:83:29:57:6f:b5:8f:9d:89:5b:11:b0:
5f:69:46:7b:40:1f:f6:92:8f:d4:3d:55:c2:fb:6f:
30:22:87:2f:5c:50:44:a4:4d:73:f4:3e:17:29:b4:
79:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:BC:36:46:86:12:37:66:3E:DA:37:2D:24:D5:E1:13:50:E8:6F:53
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.247.0/24
143.14.132.0/24
148.135.173.0/24
150.241.198.0/24
155.117.51.0/24
155.117.60.0/24
167.148.196.0/24
Signature Algorithm: sha256WithRSAEncryption
ab:5d:e2:26:36:97:09:6f:02:5e:21:58:91:10:16:d7:92:cb:
c9:47:50:f1:5c:fa:97:f9:cd:cd:d0:96:af:f1:40:02:7b:f3:
97:6a:e8:b0:85:7a:f5:e8:5e:73:5f:5d:39:6b:90:fb:14:d9:
19:b7:a5:2a:32:fb:37:4e:93:d8:a7:44:60:bc:e5:d2:3e:b0:
74:97:0b:cd:5b:ce:72:3b:0d:6a:2d:8e:13:87:d0:db:b1:a7:
06:01:ae:31:d4:a6:f4:02:49:43:d6:8c:0f:3c:1d:d6:57:a8:
97:ce:9f:ca:9e:b0:ea:a0:51:47:36:85:ce:f2:1c:fa:28:18:
16:74:cb:3c:7c:df:94:c6:01:81:69:dc:27:8d:27:8b:90:57:
84:97:ee:e3:f4:63:45:7e:36:f5:69:00:97:2b:9f:86:16:8c:
68:70:64:ff:61:fc:c2:9c:e3:bc:ee:44:6d:c7:6b:5f:7b:1c:
2b:8d:19:c9:a6:4f:55:69:67:fb:63:36:7c:a1:6d:fc:d0:52:
bb:e2:c9:c6:42:1b:79:95:a1:9a:ab:fa:7a:cf:ca:ac:59:96:
c0:89:d4:41:a9:19:6a:f6:82:b1:78:e6:cc:2c:9b:3b:f8:66:
64:38:f8:88:cf:f4:fc:d4:d0:32:b2:22:8b:c1:f3:1d:4b:00:
c0:ef:99:55
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIUOwzOmmlV8Xn/Sqg0QRUpYlIhtaAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MDEwNzU4NDVaFw0yNjA3MzEwODAzNDVaMDMxMTAvBgNV
BAMTKDFCQkMzNjQ2ODYxMjM3NjYzRURBMzcyRDI0RDVFMTEzNTBFODZGNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxSLGOUKxhHKKqr7OIr/NFIav
3XjmUEv7b32pzBOQmfVQgNSTGeZVCPWeXizAFAYKzwytUk/0n6pAt6ZdK2dR7A/W
uU5iwOkcVqg+MYiHquaECQvq4XkkxiJL/j2F0Qj5JV7o3BHzGjS1iu0I0+yNOq/U
TJkbTP1gcPjpzHvBKqCIcY5Vd86pE8ldJtP2JZzK4EF30yF7R0x39V8bwMVQqXqo
FU7Fv26j8OMGcU6ZarP6Wewym7MsgqRHjF01IfFa50NcTgVnanpLVxP9ROq9e4K5
beCDKVdvtY+diVsRsF9pRntAH/aSj9Q9VcL7bzAihy9cUESkTXP0PhcptHmTAgMB
AAGjggItMIICKTAdBgNVHQ4EFgQUG7w2RoYSN2Y+2jctJNXhE1Dob1MwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQwYIKwYBBQUHAQcBAf8ENDAyMDAEAgABMCoDBABgPvcD
BACPDoQDBACUh60DBACW8cYDBACbdTMDBACbdTwDBACnlMQwDQYJKoZIhvcNAQEL
BQADggEBAKtd4iY2lwlvAl4hWJEQFteSy8lHUPFc+pf5zc3Qlq/xQAJ785dq6LCF
evXoXnNfXTlrkPsU2Rm3pSoy+zdOk9inRGC85dI+sHSXC81bznI7DWotjhOH0Nux
pwYBrjHUpvQCSUPWjA88HdZXqJfOn8qesOqgUUc2hc7yHPooGBZ0yzx835TGAYFp
3CeNJ4uQV4SX7uP0Y0V+NvVpAJcrn4YWjGhwZP9h/MKc47zuRG3Ha197HCuNGcmm
T1VpZ/tjNnyhbfzQUrviycZCG3mVoZqr+nrPyqxZlsCJ1EGpGWr2grF45swsmzv4
ZmQ4+IjP9PzU0DKyIovB8x1LAMDvmVU=
-----END CERTIFICATE-----
Generated at Mon Aug 4 07:39:42 2025 by rpki-client