Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: 7B51WD7lYvrpEzKp2LOPGvOcCA0Y950LDoyuRBqSuRQ=
Subject key identifier: F4:C1:67:8A:6A:96:E8:F1:DA:42:99:CD:52:E9:F4:23:41:23:B6:E5
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 390D4B8FCEC1F959F50A27C6F69140146EC5F005
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
Signing time: Mon 13 Apr 2026 02:30:05 +0000
ROA not before: Mon 13 Apr 2026 02:25:05 +0000
ROA not after: Mon 12 Apr 2027 02:30:05 +0000
asID: 21859
IP address blocks: 82.21.111.0/24 maxlen: 24
82.21.188.0/24 maxlen: 24
82.22.162.0/24 maxlen: 24
82.22.193.0/24 maxlen: 24
82.22.196.0/24 maxlen: 24
82.23.171.0/24 maxlen: 24
82.25.35.0/24 maxlen: 24
82.26.87.0/24 maxlen: 24
82.26.196.0/24 maxlen: 24
82.27.129.0/24 maxlen: 24
82.27.197.0/24 maxlen: 24
82.29.41.0/24 maxlen: 24
82.38.100.0/24 maxlen: 24
82.38.180.0/24 maxlen: 24
82.38.200.0/24 maxlen: 24
82.39.114.0/24 maxlen: 24
82.39.146.0/24 maxlen: 24
82.39.148.0/24 maxlen: 24
82.39.188.0/24 maxlen: 24
82.39.208.0/24 maxlen: 24
82.40.59.0/24 maxlen: 24
82.41.99.0/24 maxlen: 24
82.41.130.0/24 maxlen: 24
178.83.18.0/24 maxlen: 24
178.83.58.0/24 maxlen: 24
178.83.100.0/24 maxlen: 24
178.83.199.0/24 maxlen: 24
178.83.222.0/24 maxlen: 24
2a13:9500:aa::/48 maxlen: 48
2a13:9500:13f::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
39:0d:4b:8f:ce:c1:f9:59:f5:0a:27:c6:f6:91:40:14:6e:c5:f0:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Apr 13 02:25:05 2026 GMT
Not After : Apr 12 02:30:05 2027 GMT
Subject: CN=F4C1678A6A96E8F1DA4299CD52E9F4234123B6E5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:c8:f4:f3:c0:f9:72:83:cb:e4:c3:86:8f:9b:
47:93:28:16:47:26:a1:18:63:de:aa:80:ff:4f:fd:
17:ca:a4:f2:02:1a:fe:57:f9:55:ce:1c:51:9a:a6:
7c:2c:21:8f:e6:94:5e:fe:59:9e:b5:9a:ec:46:b6:
cc:0d:3f:9e:f6:5c:35:d1:6c:79:82:3d:eb:ba:d3:
9e:b2:81:22:a5:fa:78:c1:cb:01:1f:df:83:21:6a:
b2:22:b3:79:31:97:b8:64:15:cf:71:df:00:5f:93:
66:11:98:49:04:f2:2e:ba:c6:04:3b:01:ee:a4:d9:
78:b8:21:08:e7:21:71:20:dc:a0:3d:c6:c0:18:a3:
ec:e9:ca:b4:2c:d6:ea:bd:9d:1e:54:58:83:37:ac:
8f:d6:79:7f:33:49:09:c5:74:f6:93:f1:a8:dd:58:
53:7a:5a:87:af:21:0b:f9:f4:61:fd:2b:fa:54:e0:
49:96:7e:29:56:d9:b0:04:82:22:6f:c9:38:4c:e7:
85:4d:53:3d:12:68:6b:bb:e5:8e:68:69:17:2f:a2:
ce:b9:f5:79:a6:cf:ff:e2:01:f4:9b:38:a0:9f:84:
32:9c:0a:e0:4c:58:de:55:00:cc:06:a6:fe:09:5a:
66:67:6a:5a:48:bb:ba:02:7b:f3:d3:b4:98:6f:ae:
f6:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:C1:67:8A:6A:96:E8:F1:DA:42:99:CD:52:E9:F4:23:41:23:B6:E5
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.111.0/24
82.21.188.0/24
82.22.162.0/24
82.22.193.0/24
82.22.196.0/24
82.23.171.0/24
82.25.35.0/24
82.26.87.0/24
82.26.196.0/24
82.27.129.0/24
82.27.197.0/24
82.29.41.0/24
82.38.100.0/24
82.38.180.0/24
82.38.200.0/24
82.39.114.0/24
82.39.146.0/24
82.39.148.0/24
82.39.188.0/24
82.39.208.0/24
82.40.59.0/24
82.41.99.0/24
82.41.130.0/24
178.83.18.0/24
178.83.58.0/24
178.83.100.0/24
178.83.199.0/24
178.83.222.0/24
IPv6:
2a13:9500:aa::/48
2a13:9500:13f::/48
Signature Algorithm: sha256WithRSAEncryption
07:2b:54:9b:a3:05:10:5a:18:46:93:50:55:91:20:ec:41:5b:
2e:41:38:c4:52:c1:48:0a:18:db:73:86:90:d2:c6:ca:d0:da:
9d:cb:f3:d2:23:2d:a8:f3:96:38:45:1a:5f:c5:d0:a2:e9:fb:
da:34:92:ee:9c:ef:d5:75:47:05:1d:60:4a:66:f2:7e:6b:a1:
e2:c4:2c:00:d5:e4:c8:67:5c:b9:7a:ce:4f:f7:e1:94:d1:81:
f5:c8:62:07:2e:6b:7a:a8:13:5c:0d:18:a5:52:9a:15:3e:b6:
18:16:7d:fd:a0:34:11:e7:b8:e9:89:cd:fd:f8:fa:bd:59:1d:
c0:84:42:ae:5b:74:c5:62:b8:d1:f9:0c:eb:8f:9c:01:d0:c5:
f9:8c:e2:11:7b:cc:09:d9:ba:d2:57:81:74:b1:b7:14:52:4b:
4d:5e:86:c0:64:49:a9:5f:76:23:64:00:29:77:85:be:6d:76:
9c:33:8b:c9:38:cd:91:1f:da:53:76:f8:8d:c9:f8:88:61:72:
ce:f1:0b:0b:56:bd:23:30:3c:d9:b8:1e:1e:28:ef:81:0f:c7:
21:02:c1:c6:a9:23:a6:9e:f6:01:70:fe:be:bf:56:48:00:21:
41:b5:8a:d7:7f:ab:6a:33:f8:e6:a3:27:b1:91:26:bd:df:14:
93:fe:64:6c
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUOQ1Lj87B+Vn1CifG9pFAFG7F8AUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTMwMjI1MDVaFw0yNzA0MTIwMjMwMDVaMDMxMTAvBgNV
BAMTKEY0QzE2NzhBNkE5NkU4RjFEQTQyOTlDRDUyRTlGNDIzNDEyM0I2RTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfyPTzwPlyg8vkw4aPm0eTKBZH
JqEYY96qgP9P/RfKpPICGv5X+VXOHFGapnwsIY/mlF7+WZ61muxGtswNP572XDXR
bHmCPeu6056ygSKl+njBywEf34MharIis3kxl7hkFc9x3wBfk2YRmEkE8i66xgQ7
Ae6k2Xi4IQjnIXEg3KA9xsAYo+zpyrQs1uq9nR5UWIM3rI/WeX8zSQnFdPaT8ajd
WFN6WoevIQv59GH9K/pU4EmWfilW2bAEgiJvyThM54VNUz0SaGu75Y5oaRcvos65
9Xmmz//iAfSbOKCfhDKcCuBMWN5VAMwGpv4JWmZnalpIu7oCe/PTtJhvrvZrAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQU9MFnimqW6PHaQpnNUun0I0EjtuUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgd8GCCsGAQUFBwEHAQH/BIHPMIHMMIGvBAIAATCBqAME
AFIVbwMEAFIVvAMEAFIWogMEAFIWwQMEAFIWxAMEAFIXqwMEAFIZIwMEAFIaVwME
AFIaxAMEAFIbgQMEAFIbxQMEAFIdKQMEAFImZAMEAFImtAMEAFImyAMEAFIncgME
AFInkgMEAFInlAMEAFInvAMEAFIn0AMEAFIoOwMEAFIpYwMEAFIpggMEALJTEgME
ALJTOgMEALJTZAMEALJTxwMEALJT3jAYBAIAAjASAwcAKhOVAACqAwcAKhOVAAE/
MA0GCSqGSIb3DQEBCwUAA4IBAQAHK1SbowUQWhhGk1BVkSDsQVsuQTjEUsFIChjb
c4aQ0sbK0Nqdy/PSIy2o85Y4RRpfxdCi6fvaNJLunO/VdUcFHWBKZvJ+a6HixCwA
1eTIZ1y5es5P9+GU0YH1yGIHLmt6qBNcDRilUpoVPrYYFn39oDQR57jpic39+Pq9
WR3AhEKuW3TFYrjR+Qzrj5wB0MX5jOIRe8wJ2brSV4F0sbcUUktNXobAZEmpX3Yj
ZAApd4W+bXacM4vJOM2RH9pTdviNyfiIYXLO8QsLVr0jMDzZuB4eKO+BD8chAsHG
qSOmnvYBcP6+v1ZIACFBtYrXf6tqM/jmoyexkSa93xST/mRs
-----END CERTIFICATE-----
Generated at Fri Apr 17 15:46:57 2026 by rpki-client