Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          XxmvLhTbAec8Ij/dQAKg2E/hJVelKMQkCLMdIsssmrY=
Subject key identifier:   62:1D:30:CA:31:2C:24:1D:CD:AD:2A:9A:69:70:C9:F2:C0:2A:74:DE
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       14728129911CD5306E26B4B39F5F67C639EFB8C1
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS21859.roa
Signing time:             Tue 30 Sep 2025 10:03:15 +0000
ROA not before:           Tue 30 Sep 2025 09:58:15 +0000
ROA not after:            Tue 29 Sep 2026 10:03:15 +0000
asID:                     21859
IP address blocks:        82.139.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:72:81:29:91:1c:d5:30:6e:26:b4:b3:9f:5f:67:c6:39:ef:b8:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:15 2025 GMT
            Not After : Sep 29 10:03:15 2026 GMT
        Subject: CN=621D30CA312C241DCDAD2A9A6970C9F2C02A74DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b3:d9:76:39:cb:8e:ab:f2:17:bb:4c:ef:6e:
                    20:10:c9:56:74:b9:92:98:f4:21:e9:10:b8:55:11:
                    4d:03:32:bf:13:c8:b3:f5:df:52:49:90:1d:a1:f6:
                    f4:c5:93:af:12:a7:4e:91:53:be:fd:ce:61:ad:e6:
                    bf:69:b2:44:91:3d:df:cc:73:2a:e7:5d:8f:67:cc:
                    77:52:f3:7e:7f:99:59:f2:66:f2:37:4e:bb:34:d7:
                    8d:f2:58:4b:1d:34:8c:53:6d:a1:2f:ab:23:95:1c:
                    81:bd:a7:49:87:b7:d5:53:f2:56:6d:99:e1:64:98:
                    81:9e:7f:26:05:ae:15:42:82:1e:48:58:7d:81:7e:
                    77:08:37:d7:d6:3c:55:7d:3a:dd:96:41:54:a9:79:
                    b8:c8:3b:86:08:d6:af:25:00:7b:90:a3:24:9e:39:
                    f0:58:3f:c5:85:d8:76:e5:6a:dc:30:0e:3c:ef:cc:
                    fd:28:0c:83:81:60:0a:f5:66:ff:d8:83:6c:e0:de:
                    a7:04:17:5b:7e:a0:95:cb:38:d0:d1:4c:60:c0:47:
                    78:3e:48:31:10:31:1b:00:6f:a3:cf:54:f8:0a:8e:
                    b8:fe:9f:00:28:e5:2c:a4:fc:e4:7c:40:b0:b1:09:
                    13:04:a4:34:5f:f7:07:93:ee:be:5d:d7:c5:6c:20:
                    82:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:1D:30:CA:31:2C:24:1D:CD:AD:2A:9A:69:70:C9:F2:C0:2A:74:DE
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:37:7c:b4:5d:ff:cd:5a:7e:f8:34:c1:8a:66:1f:95:df:a0:
         f0:4d:d7:e9:51:d2:0d:7e:02:e0:ad:be:1f:df:65:b7:61:ad:
         2d:cf:dc:37:d8:6d:01:d0:36:30:43:14:c7:43:eb:7f:c0:33:
         19:2c:96:bd:89:7a:68:38:5a:df:72:b7:44:59:ab:8e:22:e2:
         90:9e:b8:6b:d2:4a:85:4d:73:01:ad:97:35:ce:f6:46:8c:02:
         6a:b1:59:6f:8d:56:ec:16:99:27:0b:c5:e3:f4:44:cb:87:53:
         e7:94:01:e3:0a:e2:86:f1:b5:fe:c3:a4:b4:dd:ae:c6:37:1a:
         1e:5c:36:92:37:93:4d:0d:ff:63:56:ac:fc:ea:c0:79:6d:eb:
         59:8b:e8:0d:5e:be:f1:39:5d:67:8f:6d:5d:9f:15:cc:fc:0f:
         85:c6:79:4a:fb:45:90:89:c1:f7:3c:64:88:21:16:2a:a3:75:
         c1:fa:c5:63:2f:f3:0e:dd:e6:8d:60:65:dc:14:9d:12:4d:31:
         60:4b:51:5b:33:cf:9e:aa:26:39:d0:05:2e:5b:af:17:d8:88:
         9e:2d:4d:60:58:2f:c0:42:5b:bf:68:28:6e:ff:c0:39:5f:c7:
         db:b3:75:a0:86:56:80:a0:9c:01:b8:f8:19:13:f6:6a:00:f1:
         5a:33:26:eb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUFHKBKZEc1TBuJrSzn19nxjnvuMEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTVaFw0yNjA5MjkxMDAzMTVaMDMxMTAvBgNV
BAMTKDYyMUQzMENBMzEyQzI0MURDREFEMkE5QTY5NzBDOUYyQzAyQTc0REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGs9l2OcuOq/IXu0zvbiAQyVZ0
uZKY9CHpELhVEU0DMr8TyLP131JJkB2h9vTFk68Sp06RU779zmGt5r9pskSRPd/M
cyrnXY9nzHdS835/mVnyZvI3Trs0143yWEsdNIxTbaEvqyOVHIG9p0mHt9VT8lZt
meFkmIGefyYFrhVCgh5IWH2BfncIN9fWPFV9Ot2WQVSpebjIO4YI1q8lAHuQoySe
OfBYP8WF2HblatwwDjzvzP0oDIOBYAr1Zv/Yg2zg3qcEF1t+oJXLONDRTGDAR3g+
SDEQMRsAb6PPVPgKjrj+nwAo5Syk/OR8QLCxCRMEpDRf9weT7r5d18VsIIJBAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUYh0wyjEsJB3NrSqaaXDJ8sAqdN4wHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSi9Ew
DQYJKoZIhvcNAQELBQADggEBAEo3fLRd/81afvg0wYpmH5XfoPBN1+lR0g1+AuCt
vh/fZbdhrS3P3DfYbQHQNjBDFMdD63/AMxkslr2Jemg4Wt9yt0RZq44i4pCeuGvS
SoVNcwGtlzXO9kaMAmqxWW+NVuwWmScLxeP0RMuHU+eUAeMK4obxtf7DpLTdrsY3
Gh5cNpI3k00N/2NWrPzqwHlt61mL6A1evvE5XWePbV2fFcz8D4XGeUr7RZCJwfc8
ZIghFiqjdcH6xWMv8w7d5o1gZdwUnRJNMWBLUVszz56qJjnQBS5brxfYiJ4tTWBY
L8BCW79oKG7/wDlfx9uzdaCGVoCgnAG4+BkT9moA8VozJus=
-----END CERTIFICATE-----