Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
File: AS21840.roa (raw, json)
Hash identifier: ZoI0lFeCSgCzX8cr5plfWyi+CFX3yoW+HUEoiAWEacg=
Subject key identifier: 07:28:8A:FE:AC:A6:66:ED:C7:3B:96:C7:B2:61:27:3F:2B:BB:0B:26
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 78BE4D18FDC33727C727AE59EFA70BA9A3199638
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
Signing time: Mon 02 Mar 2026 00:02:15 +0000
ROA not before: Sun 01 Mar 2026 23:57:15 +0000
ROA not after: Mon 01 Mar 2027 00:02:15 +0000
asID: 21840
IP address blocks: 96.62.247.0/24 maxlen: 24
150.241.198.0/24 maxlen: 24
167.148.196.0/24 maxlen: 24
168.222.48.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
78:be:4d:18:fd:c3:37:27:c7:27:ae:59:ef:a7:0b:a9:a3:19:96:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Mar 1 23:57:15 2026 GMT
Not After : Mar 1 00:02:15 2027 GMT
Subject: CN=07288AFEACA666EDC73B96C7B261273F2BBB0B26
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:8d:5a:70:76:47:b7:c1:ad:3a:5b:b2:e4:ab:
93:ee:01:49:6e:34:fa:59:53:91:ce:20:ce:7b:b7:
a7:a4:63:4e:ab:6b:f4:f9:fd:44:99:21:15:28:cf:
6e:ea:fc:79:2b:cb:cd:f7:e1:7b:d5:01:68:94:f1:
6f:53:17:92:84:04:3c:52:4b:f7:f5:9b:34:7e:ee:
60:98:b6:0d:85:76:07:f3:89:ca:a4:d2:ca:37:c5:
68:fe:07:3a:10:8e:2c:00:ca:df:8c:c2:c2:d7:f7:
77:41:22:19:61:ee:ac:b3:01:0a:18:ae:fb:ef:2d:
6b:1f:fc:d0:87:30:d7:ed:2a:9f:72:1f:5a:80:fc:
c5:19:25:43:21:a9:8a:8e:b0:d4:8f:49:a2:32:6e:
f0:7f:52:f9:2e:97:14:09:05:e5:a1:52:c2:a5:96:
6a:cd:37:ad:23:55:6e:3d:64:03:00:0a:15:c4:98:
a4:2d:66:18:5b:ca:44:ec:39:94:87:ba:a4:fd:0b:
1a:fb:ea:06:5b:2d:cd:37:36:c4:e6:8d:98:d0:04:
84:f7:42:a6:75:9d:a8:f8:eb:27:bf:08:eb:88:6f:
75:c1:10:df:78:75:7b:6e:d0:ad:d7:d1:48:74:16:
45:54:43:88:60:4c:89:b4:98:70:97:a7:f3:e9:c5:
f2:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:28:8A:FE:AC:A6:66:ED:C7:3B:96:C7:B2:61:27:3F:2B:BB:0B:26
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS21840.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.247.0/24
150.241.198.0/24
167.148.196.0/24
168.222.48.0/24
Signature Algorithm: sha256WithRSAEncryption
55:ba:de:0f:0c:bb:ae:71:22:09:3f:81:63:b4:08:ae:d3:ae:
e9:22:cb:85:07:5d:07:48:8c:91:63:da:9e:a5:95:10:96:65:
42:9b:38:79:a8:df:fc:39:4c:d5:f4:34:9e:bb:24:05:66:d3:
9e:0c:35:66:25:42:77:d9:57:d8:e7:97:2f:85:56:ef:cc:84:
e8:d4:31:e5:a3:70:64:ae:2e:be:cc:f8:1b:3a:b2:42:7a:37:
8d:3e:67:12:76:7e:82:3b:0d:d9:a9:f2:47:bf:b4:02:77:56:
cc:ea:20:bf:73:d1:9d:bf:64:5a:d1:b7:dc:2d:23:bb:8b:aa:
52:79:da:62:6d:9a:3a:ce:f0:7d:47:0b:93:2d:8a:6c:4a:b2:
44:66:c4:fa:80:08:17:ab:a2:6d:ad:12:c6:43:6a:c4:54:4a:
18:d9:00:30:3d:66:6a:ac:fc:46:9a:5f:73:51:96:c2:92:08:
8d:e3:32:17:59:e1:07:c1:11:91:32:52:b4:bc:f2:f7:3a:36:
a4:3c:37:d6:7c:fe:1a:2e:29:3a:b8:2f:8b:1e:00:79:c9:c8:
f4:70:6f:f6:97:c5:03:ca:04:c3:7a:3d:cf:3c:6b:e4:bf:01:
93:50:51:b8:5b:35:e2:8c:d3:d4:84:6e:22:ad:59:b3:b1:a2:
8d:5d:f0:e7
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUeL5NGP3DNyfHJ65Z76cLqaMZljgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMDEyMzU3MTVaFw0yNzAzMDEwMDAyMTVaMDMxMTAvBgNV
BAMTKDA3Mjg4QUZFQUNBNjY2RURDNzNCOTZDN0IyNjEyNzNGMkJCQjBCMjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7jVpwdke3wa06W7Lkq5PuAUlu
NPpZU5HOIM57t6ekY06ra/T5/USZIRUoz27q/Hkry8334XvVAWiU8W9TF5KEBDxS
S/f1mzR+7mCYtg2Fdgfzicqk0so3xWj+BzoQjiwAyt+MwsLX93dBIhlh7qyzAQoY
rvvvLWsf/NCHMNftKp9yH1qA/MUZJUMhqYqOsNSPSaIybvB/UvkulxQJBeWhUsKl
lmrNN60jVW49ZAMAChXEmKQtZhhbykTsOZSHuqT9Cxr76gZbLc03NsTmjZjQBIT3
QqZ1naj46ye/COuIb3XBEN94dXtu0K3X0Uh0FkVUQ4hgTIm0mHCXp/PpxfLxAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUByiK/qymZu3HO5bHsmEnPyu7CyYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMQYIKwYBBQUHAQcBAf8EIjAgMB4EAgABMBgDBABgPvcD
BACW8cYDBACnlMQDBACo3jAwDQYJKoZIhvcNAQELBQADggEBAFW63g8Mu65xIgk/
gWO0CK7Trukiy4UHXQdIjJFj2p6llRCWZUKbOHmo3/w5TNX0NJ67JAVm054MNWYl
QnfZV9jnly+FVu/MhOjUMeWjcGSuLr7M+Bs6skJ6N40+ZxJ2foI7Ddmp8ke/tAJ3
VszqIL9z0Z2/ZFrRt9wtI7uLqlJ52mJtmjrO8H1HC5MtimxKskRmxPqACBerom2t
EsZDasRUShjZADA9Zmqs/EaaX3NRlsKSCI3jMhdZ4QfBEZEyUrS88vc6NqQ8N9Z8
/houKTq4L4seAHnJyPRwb/aXxQPKBMN6Pc88a+S/AZNQUbhbNeKM09SEbiKtWbOx
oo1d8Oc=
-----END CERTIFICATE-----
Generated at Mon Mar 2 03:04:06 2026 by rpki-client