Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: LSCYIXDhMHrnzSFdQnozjpHo2d1f9z3Y5E1xx7nLW2c=
Subject key identifier: 91:01:9E:43:8D:34:5B:1F:A5:CE:55:1B:7B:33:0E:10:D3:51:61:81
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 6268F86AD66B8EAD88F53F26C0F765EFD4C1D586
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
Signing time: Mon 23 Feb 2026 06:52:00 +0000
ROA not before: Mon 23 Feb 2026 06:47:00 +0000
ROA not after: Mon 22 Feb 2027 06:52:00 +0000
asID: 21859
IP address blocks: 82.21.111.0/24 maxlen: 24
82.21.188.0/24 maxlen: 24
82.22.45.0/24 maxlen: 24
82.22.162.0/24 maxlen: 24
82.22.193.0/24 maxlen: 24
82.22.196.0/24 maxlen: 24
82.23.171.0/24 maxlen: 24
82.23.172.0/24 maxlen: 24
82.25.35.0/24 maxlen: 24
82.26.87.0/24 maxlen: 24
82.26.196.0/24 maxlen: 24
82.27.129.0/24 maxlen: 24
82.27.197.0/24 maxlen: 24
82.38.180.0/24 maxlen: 24
82.38.200.0/24 maxlen: 24
82.39.114.0/24 maxlen: 24
82.39.146.0/24 maxlen: 24
82.39.148.0/24 maxlen: 24
82.39.208.0/24 maxlen: 24
82.40.59.0/24 maxlen: 24
82.41.99.0/24 maxlen: 24
178.83.18.0/24 maxlen: 24
178.83.58.0/24 maxlen: 24
178.83.100.0/24 maxlen: 24
178.83.199.0/24 maxlen: 24
178.83.222.0/24 maxlen: 24
2a13:9500:aa::/48 maxlen: 48
2a13:9500:13f::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
62:68:f8:6a:d6:6b:8e:ad:88:f5:3f:26:c0:f7:65:ef:d4:c1:d5:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Feb 23 06:47:00 2026 GMT
Not After : Feb 22 06:52:00 2027 GMT
Subject: CN=91019E438D345B1FA5CE551B7B330E10D3516181
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:21:cf:bc:d3:50:29:bc:6a:ee:9e:d7:b1:da:
33:d4:cf:76:73:19:2f:8a:fa:f0:ee:03:b2:14:57:
ca:f1:7f:9f:ea:b5:53:cf:6e:8c:a4:46:1f:3f:b2:
5b:d1:bf:81:67:b0:5a:78:d9:81:83:29:82:e1:e1:
b8:53:b1:ac:3f:cb:b3:21:96:14:4a:a6:3a:58:ab:
5d:97:3f:e2:90:8c:cf:17:5b:72:a5:04:a5:2e:42:
88:bf:e8:66:0a:b9:c6:6f:a6:e6:81:61:f5:fd:d9:
6c:60:af:f3:10:4c:5b:01:ee:db:b1:2c:d3:62:d8:
3c:99:0f:da:b3:ab:60:b7:9f:ce:9b:11:cb:44:58:
22:74:0f:97:90:ae:3f:3c:cc:94:6b:95:83:10:9a:
6f:7c:4d:6b:77:5f:6c:7a:03:5e:d8:77:de:ca:7a:
61:fb:b7:fe:5a:2c:8b:89:9f:25:17:75:c6:d8:49:
4c:8d:6b:5a:4a:d5:bc:f2:5a:e0:e6:74:00:52:9c:
81:be:87:79:d7:75:24:9f:b9:cf:7a:1e:6b:e6:ce:
34:ea:44:fb:8b:5d:4a:82:c4:b2:be:08:69:a8:a9:
59:c2:50:e9:cd:b7:ec:a6:03:02:54:1d:36:c5:24:
1b:dc:0c:9b:65:6c:31:69:e2:9b:f3:bd:9e:7c:d7:
e6:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:01:9E:43:8D:34:5B:1F:A5:CE:55:1B:7B:33:0E:10:D3:51:61:81
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.111.0/24
82.21.188.0/24
82.22.45.0/24
82.22.162.0/24
82.22.193.0/24
82.22.196.0/24
82.23.171.0-82.23.172.255
82.25.35.0/24
82.26.87.0/24
82.26.196.0/24
82.27.129.0/24
82.27.197.0/24
82.38.180.0/24
82.38.200.0/24
82.39.114.0/24
82.39.146.0/24
82.39.148.0/24
82.39.208.0/24
82.40.59.0/24
82.41.99.0/24
178.83.18.0/24
178.83.58.0/24
178.83.100.0/24
178.83.199.0/24
178.83.222.0/24
IPv6:
2a13:9500:aa::/48
2a13:9500:13f::/48
Signature Algorithm: sha256WithRSAEncryption
7e:46:a7:35:d0:8a:7f:59:fa:2d:a9:7d:85:b1:85:39:94:b3:
c9:ae:d1:c3:22:7a:8a:c1:ef:d4:fd:30:32:79:b5:10:c1:1c:
82:a2:b1:3b:b2:b4:eb:ac:e4:03:21:f6:5d:69:4a:c5:75:e5:
f4:10:26:ba:b9:f8:79:b5:57:78:cb:6a:a2:1d:99:48:8d:73:
a4:76:9c:72:4e:bc:a0:e7:41:a8:23:da:28:b2:db:91:7e:4f:
d1:62:9c:f6:e8:0a:c5:e8:a3:ac:3b:dd:e5:ec:0c:2b:3f:a8:
0c:16:24:b4:0a:31:a2:07:34:2d:3b:15:2a:b8:31:e9:5e:b3:
f4:df:69:b6:a5:aa:f0:0e:75:c9:ae:83:34:a9:c8:a5:01:03:
42:5d:c3:4b:eb:40:98:3d:ea:8e:de:a2:d3:e1:73:a8:5b:34:
a4:1c:5a:78:17:6d:56:fb:42:5e:23:5c:28:c0:ba:30:22:04:
d6:b3:6a:50:5c:95:38:81:fb:fe:57:de:fa:64:9c:0f:79:10:
02:ab:72:11:83:41:92:f1:7c:00:e2:78:8e:e1:72:f7:98:00:
fe:27:fb:87:37:a2:f0:fa:34:e3:54:79:85:53:8d:57:d2:9a:
50:9f:f8:5c:00:6c:16:ad:08:b0:d9:27:81:06:79:a6:87:65:
bd:66:b3:f4
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgIUYmj4atZrjq2I9T8mwPdl79TB1YYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMjMwNjQ3MDBaFw0yNzAyMjIwNjUyMDBaMDMxMTAvBgNV
BAMTKDkxMDE5RTQzOEQzNDVCMUZBNUNFNTUxQjdCMzMwRTEwRDM1MTYxODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyIc+801ApvGruntex2jPUz3Zz
GS+K+vDuA7IUV8rxf5/qtVPPboykRh8/slvRv4FnsFp42YGDKYLh4bhTsaw/y7Mh
lhRKpjpYq12XP+KQjM8XW3KlBKUuQoi/6GYKucZvpuaBYfX92Wxgr/MQTFsB7tux
LNNi2DyZD9qzq2C3n86bEctEWCJ0D5eQrj88zJRrlYMQmm98TWt3X2x6A17Yd97K
emH7t/5aLIuJnyUXdcbYSUyNa1pK1bzyWuDmdABSnIG+h3nXdSSfuc96HmvmzjTq
RPuLXUqCxLK+CGmoqVnCUOnNt+ymAwJUHTbFJBvcDJtlbDFp4pvzvZ581+ZhAgMB
AAGjggLAMIICvDAdBgNVHQ4EFgQUkQGeQ400Wx+lzlUbezMOENNRYYEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgdUGCCsGAQUFBwEHAQH/BIHFMIHCMIGlBAIAATCBngME
AFIVbwMEAFIVvAMEAFIWLQMEAFIWogMEAFIWwQMEAFIWxDAMAwQAUherAwQAUhes
AwQAUhkjAwQAUhpXAwQAUhrEAwQAUhuBAwQAUhvFAwQAUia0AwQAUibIAwQAUidy
AwQAUieSAwQAUieUAwQAUifQAwQAUig7AwQAUiljAwQAslMSAwQAslM6AwQAslNk
AwQAslPHAwQAslPeMBgEAgACMBIDBwAqE5UAAKoDBwAqE5UAAT8wDQYJKoZIhvcN
AQELBQADggEBAH5GpzXQin9Z+i2pfYWxhTmUs8mu0cMieorB79T9MDJ5tRDBHIKi
sTuytOus5AMh9l1pSsV15fQQJrq5+Hm1V3jLaqIdmUiNc6R2nHJOvKDnQagj2iiy
25F+T9FinPboCsXoo6w73eXsDCs/qAwWJLQKMaIHNC07FSq4Meles/TfabalqvAO
dcmugzSpyKUBA0Jdw0vrQJg96o7eotPhc6hbNKQcWngXbVb7Ql4jXCjAujAiBNaz
alBclTiB+/5X3vpknA95EAKrchGDQZLxfADieI7hcveYAP4n+4c3ovD6NONUeYVT
jVfSmlCf+FwAbBatCLDZJ4EGeaaHZb1ms/Q=
-----END CERTIFICATE-----
Generated at Mon Mar 2 05:10:16 2026 by rpki-client