Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: fK4u35eC3lPxyfuQ333UGy0hi8/NZRGVpPkjBK0o7q4=
Subject key identifier: C8:64:9F:64:86:1E:3A:B0:D5:C4:0C:C2:47:24:4D:2B:4D:57:1C:10
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 79C9660EED5642E62F1C82380CFF61B917563DAA
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
Signing time: Mon 03 Nov 2025 09:28:49 +0000
ROA not before: Mon 03 Nov 2025 09:23:49 +0000
ROA not after: Mon 02 Nov 2026 09:28:49 +0000
asID: 21859
IP address blocks: 82.21.188.0/24 maxlen: 24
82.22.45.0/24 maxlen: 24
82.22.63.0/24 maxlen: 24
82.22.187.0/24 maxlen: 24
82.23.172.0/24 maxlen: 24
82.25.35.0/24 maxlen: 24
82.25.143.0/24 maxlen: 24
82.26.122.0/24 maxlen: 24
2a13:9500:aa::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
79:c9:66:0e:ed:56:42:e6:2f:1c:82:38:0c:ff:61:b9:17:56:3d:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Nov 3 09:23:49 2025 GMT
Not After : Nov 2 09:28:49 2026 GMT
Subject: CN=C8649F64861E3AB0D5C40CC247244D2B4D571C10
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:39:6d:57:b7:0d:eb:da:f1:12:ce:7b:00:44:
c4:82:44:39:84:a7:cf:0a:8f:cb:87:96:eb:c4:21:
cd:64:4f:e6:f9:d1:29:38:73:ef:6e:cd:6f:51:88:
e8:99:59:75:8f:72:c3:f7:20:86:7a:de:1e:1c:d4:
f8:7e:bd:e4:aa:1b:c9:1c:36:d4:c2:c1:e3:c0:0c:
14:5b:a2:81:49:70:15:89:71:f2:b4:dc:0d:e6:4f:
71:27:55:aa:6f:eb:44:0f:66:db:7a:d2:68:c1:0a:
05:c1:7f:f7:68:d2:35:17:06:5a:2c:14:a8:5d:ec:
6f:d8:3c:4e:52:0c:47:77:32:95:d6:69:e2:79:8b:
08:a9:3b:cd:bb:54:0f:fc:bf:a2:74:a7:27:23:83:
90:c6:f3:d5:70:49:e3:27:cc:8c:ba:6c:89:ba:29:
64:50:7c:3c:60:95:c1:f8:b3:55:e6:ba:05:96:55:
51:27:72:98:40:b5:02:8a:51:06:fd:f0:90:d7:cd:
02:5b:6e:87:b7:57:af:c5:b6:a7:88:48:54:0f:22:
4c:4c:7a:f2:9a:14:5c:45:d0:46:33:db:d6:d7:1d:
46:88:50:8d:0c:02:8e:0c:91:4f:87:73:c3:46:7d:
a4:d9:71:2b:01:df:46:c3:79:17:ad:86:53:61:6d:
11:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:64:9F:64:86:1E:3A:B0:D5:C4:0C:C2:47:24:4D:2B:4D:57:1C:10
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.188.0/24
82.22.45.0/24
82.22.63.0/24
82.22.187.0/24
82.23.172.0/24
82.25.35.0/24
82.25.143.0/24
82.26.122.0/24
IPv6:
2a13:9500:aa::/48
Signature Algorithm: sha256WithRSAEncryption
5d:be:d6:26:ba:73:8b:84:ef:aa:2c:ad:a8:e2:2a:3e:4e:f1:
44:b3:c9:19:d1:a5:02:ff:73:1f:73:f1:8e:32:8c:f4:54:f4:
35:8a:51:cd:97:d4:29:c5:36:a7:87:e8:21:77:ae:01:e2:86:
78:c1:b5:ca:68:82:ba:c2:75:dc:68:0b:45:cf:3f:85:09:28:
fa:14:d0:4f:b4:a4:d8:55:1b:8b:5f:82:ee:7f:b6:c7:81:fb:
e5:06:91:d9:4d:e8:95:58:63:14:74:4f:08:74:e9:63:97:dc:
a6:00:63:e5:3b:f3:7b:1a:be:0b:03:3e:0f:4b:02:21:ff:d0:
c6:2d:95:da:af:12:40:5b:97:5e:b7:89:ab:59:e8:85:e2:2e:
eb:4d:7d:12:35:72:e4:d4:b2:4d:d9:80:e9:fe:e2:77:ff:33:
6c:2a:d8:d8:a8:dd:57:ac:ac:67:18:6d:71:28:1e:64:77:42:
6f:3b:4e:f5:b3:a1:41:1c:bd:f8:24:d9:bf:58:64:a3:15:91:
b6:1c:f4:46:83:0b:4d:25:85:5c:b5:9c:0f:cb:22:f7:be:a1:
ec:1e:94:4c:79:7f:11:77:74:c6:22:4a:f0:ab:c9:ba:ef:92:
08:0a:f0:c8:fc:5d:67:09:65:64:f4:5e:cc:47:7c:58:6a:a0:
da:8a:eb:98
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUeclmDu1WQuYvHII4DP9huRdWPaowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTExMDMwOTIzNDlaFw0yNjExMDIwOTI4NDlaMDMxMTAvBgNV
BAMTKEM4NjQ5RjY0ODYxRTNBQjBENUM0MENDMjQ3MjQ0RDJCNEQ1NzFDMTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeOW1Xtw3r2vESznsARMSCRDmE
p88Kj8uHluvEIc1kT+b50Sk4c+9uzW9RiOiZWXWPcsP3IIZ63h4c1Ph+veSqG8kc
NtTCwePADBRbooFJcBWJcfK03A3mT3EnVapv60QPZtt60mjBCgXBf/do0jUXBlos
FKhd7G/YPE5SDEd3MpXWaeJ5iwipO827VA/8v6J0pycjg5DG89VwSeMnzIy6bIm6
KWRQfDxglcH4s1XmugWWVVEncphAtQKKUQb98JDXzQJbboe3V6/FtqeISFQPIkxM
evKaFFxF0EYz29bXHUaIUI0MAo4MkU+Hc8NGfaTZcSsB30bDeRethlNhbRGFAgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUyGSfZIYeOrDVxAzCRyRNK01XHBAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwWgYIKwYBBQUHAQcBAf8ESzBJMDYEAgABMDADBABSFbwD
BABSFi0DBABSFj8DBABSFrsDBABSF6wDBABSGSMDBABSGY8DBABSGnowDwQCAAIw
CQMHACoTlQAAqjANBgkqhkiG9w0BAQsFAAOCAQEAXb7WJrpzi4TvqiytqOIqPk7x
RLPJGdGlAv9zH3PxjjKM9FT0NYpRzZfUKcU2p4foIXeuAeKGeMG1ymiCusJ13GgL
Rc8/hQko+hTQT7Sk2FUbi1+C7n+2x4H75QaR2U3olVhjFHRPCHTpY5fcpgBj5Tvz
exq+CwM+D0sCIf/Qxi2V2q8SQFuXXreJq1noheIu6019EjVy5NSyTdmA6f7id/8z
bCrY2KjdV6ysZxhtcSgeZHdCbztO9bOhQRy9+CTZv1hkoxWRthz0RoMLTSWFXLWc
D8si976h7B6UTHl/EXd0xiJK8KvJuu+SCArwyPxdZwllZPRezEd8WGqg2orrmA==
-----END CERTIFICATE-----
Generated at Wed Nov 5 06:26:37 2025 by rpki-client