Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: sha0wDEtu3YEl6ZN+RU1lV11TXJO/zYOE6FbTlm+C8U=
Subject key identifier: B7:80:A4:EE:B7:20:46:51:8E:8C:77:50:43:79:56:29:58:91:8B:D6
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 02490D329ABED5C2D3E597A5706B64FD18A71C4D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
Signing time: Thu 31 Jul 2025 05:44:25 +0000
ROA not before: Thu 31 Jul 2025 05:39:25 +0000
ROA not after: Thu 30 Jul 2026 05:44:25 +0000
asID: 21859
IP address blocks: 82.24.81.0/24 maxlen: 24
82.25.35.0/24 maxlen: 24
82.26.140.0/24 maxlen: 24
82.27.17.0/24 maxlen: 24
2a13:9500:aa::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 03:00:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:49:0d:32:9a:be:d5:c2:d3:e5:97:a5:70:6b:64:fd:18:a7:1c:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Jul 31 05:39:25 2025 GMT
Not After : Jul 30 05:44:25 2026 GMT
Subject: CN=B780A4EEB72046518E8C77504379562958918BD6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:e7:42:ac:b7:70:b6:b6:13:ba:37:23:f5:9c:
1f:e5:9e:e9:07:a5:f9:b1:8c:7d:4f:79:27:7d:a9:
2c:05:89:97:cf:05:dc:23:aa:83:53:f7:cb:b6:52:
af:7a:3e:3d:25:e4:f6:d6:00:44:d4:6d:14:2f:67:
c4:3f:a9:4d:2c:36:7b:4b:11:c5:cd:dd:bf:6c:01:
05:6f:39:43:67:f5:ee:33:bc:84:ab:23:b1:33:52:
75:b8:26:7a:ac:a5:0a:d9:24:74:4a:d2:20:da:9e:
0a:3c:56:77:d0:2c:30:76:29:2a:3c:f3:66:44:be:
ec:31:27:2b:b7:18:cb:94:0c:5a:1e:9d:99:91:e8:
d1:71:ff:d8:90:c4:e6:60:0f:a2:5f:b3:fc:fd:66:
4a:fe:14:66:5f:a9:09:25:67:38:39:56:c8:73:6e:
82:f6:08:a3:df:2d:3b:ec:8d:87:71:9a:f9:11:f3:
4e:8c:54:f9:6f:3a:da:02:b9:ca:fb:a8:72:a4:2d:
69:49:bf:5c:d5:45:9b:bb:ac:bc:1c:d6:70:7a:b5:
fe:27:21:db:a5:ba:41:0a:e9:9a:c8:c8:55:f9:4f:
ab:1c:38:f2:0e:e9:25:b7:a2:d1:b2:91:33:45:83:
25:6d:2c:78:02:f7:82:84:c3:ae:27:ce:bc:56:26:
0d:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:80:A4:EE:B7:20:46:51:8E:8C:77:50:43:79:56:29:58:91:8B:D6
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.24.81.0/24
82.25.35.0/24
82.26.140.0/24
82.27.17.0/24
IPv6:
2a13:9500:aa::/48
Signature Algorithm: sha256WithRSAEncryption
4a:91:16:02:1e:87:1b:98:b1:08:6b:f3:21:88:0c:3c:e7:ce:
df:1d:47:39:01:35:64:51:dd:dc:aa:be:6d:ae:6a:95:63:00:
70:05:47:58:02:1d:af:00:91:f2:ea:ef:ae:c7:bb:2f:c1:04:
84:b7:b7:36:0f:e9:92:66:06:8b:71:59:60:a6:01:24:89:e7:
3e:61:aa:a6:d1:24:07:a4:97:0f:c6:40:9b:50:25:c6:84:8a:
83:2b:a4:fd:83:1b:08:f6:74:78:dc:95:85:62:44:dc:68:9a:
fe:96:0d:17:3e:96:1b:98:42:a2:77:1e:85:57:4c:af:02:90:
60:a1:72:15:13:e2:ea:08:14:c3:2b:08:35:14:4b:74:8c:c3:
05:95:b0:d7:77:c4:47:6d:88:12:c6:eb:f2:2b:62:99:47:ee:
56:b2:b3:57:70:d8:e2:16:70:e7:46:5e:97:d8:ab:31:6a:ad:
8b:61:de:49:15:e0:d4:21:c0:bd:46:32:2c:71:2d:03:15:94:
1d:0e:5c:6e:22:65:9e:64:db:1d:fc:28:54:46:c4:84:1b:8e:
fb:ca:6b:da:ed:42:ba:91:25:87:f3:99:f5:35:13:51:2c:a8:
ff:29:ef:62:2b:1f:00:ec:28:4b:a3:97:96:f2:52:74:ec:25:
42:a9:a8:10
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgIUAkkNMpq+1cLT5ZelcGtk/RinHE0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MzEwNTM5MjVaFw0yNjA3MzAwNTQ0MjVaMDMxMTAvBgNV
BAMTKEI3ODBBNEVFQjcyMDQ2NTE4RThDNzc1MDQzNzk1NjI5NTg5MThCRDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk50Kst3C2thO6NyP1nB/lnukH
pfmxjH1PeSd9qSwFiZfPBdwjqoNT98u2Uq96Pj0l5PbWAETUbRQvZ8Q/qU0sNntL
EcXN3b9sAQVvOUNn9e4zvISrI7EzUnW4JnqspQrZJHRK0iDango8VnfQLDB2KSo8
82ZEvuwxJyu3GMuUDFoenZmR6NFx/9iQxOZgD6Jfs/z9Zkr+FGZfqQklZzg5Vshz
boL2CKPfLTvsjYdxmvkR806MVPlvOtoCucr7qHKkLWlJv1zVRZu7rLwc1nB6tf4n
IdulukEK6ZrIyFX5T6scOPIO6SW3otGykTNFgyVtLHgC94KEw64nzrxWJg3LAgMB
AAGjggIsMIICKDAdBgNVHQ4EFgQUt4Ck7rcgRlGOjHdQQ3lWKViRi9YwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQgYIKwYBBQUHAQcBAf8EMzAxMB4EAgABMBgDBABSGFED
BABSGSMDBABSGowDBABSGxEwDwQCAAIwCQMHACoTlQAAqjANBgkqhkiG9w0BAQsF
AAOCAQEASpEWAh6HG5ixCGvzIYgMPOfO3x1HOQE1ZFHd3Kq+ba5qlWMAcAVHWAId
rwCR8urvrse7L8EEhLe3Ng/pkmYGi3FZYKYBJInnPmGqptEkB6SXD8ZAm1AlxoSK
gyuk/YMbCPZ0eNyVhWJE3Gia/pYNFz6WG5hConcehVdMrwKQYKFyFRPi6ggUwysI
NRRLdIzDBZWw13fER22IEsbr8itimUfuVrKzV3DY4hZw50Zel9irMWqti2HeSRXg
1CHAvUYyLHEtAxWUHQ5cbiJlnmTbHfwoVEbEhBuO+8pr2u1CupElh/OZ9TUTUSyo
/ynvYisfAOwoS6OXlvJSdOwlQqmoEA==
-----END CERTIFICATE-----
Generated at Mon Aug 4 10:59:34 2025 by rpki-client