Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          BDBkNLrnEteewQQJOY7aTKJE0MIlmgqh4aR5KnCmrBY=
Subject key identifier:   A1:FD:2C:B8:18:85:6F:E4:13:99:02:04:75:73:CF:5B:02:B3:AC:31
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5B14668D09A6691A5BB7A838B7CEDA4D4EA2AF14
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS21859.roa
Signing time:             Fri 18 Apr 2025 06:55:15 +0000
ROA not before:           Fri 18 Apr 2025 06:50:15 +0000
ROA not after:            Fri 17 Apr 2026 06:55:15 +0000
asID:                     21859
IP address blocks:        179.61.155.0/24 maxlen: 24
                          181.215.205.0/24 maxlen: 24
                          191.101.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:14:66:8d:09:a6:69:1a:5b:b7:a8:38:b7:ce:da:4d:4e:a2:af:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 18 06:50:15 2025 GMT
            Not After : Apr 17 06:55:15 2026 GMT
        Subject: CN=A1FD2CB818856FE4139902047573CF5B02B3AC31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1f:59:a0:27:78:0c:a0:09:c4:53:3c:44:12:
                    47:5e:17:5f:5a:92:c4:b9:c9:cd:0a:3c:20:e2:67:
                    4f:a7:dd:bb:48:42:bf:bb:6d:ef:10:7c:ed:bd:67:
                    e7:99:af:c0:29:2e:38:d4:85:91:3c:39:9c:1e:2e:
                    d5:f1:b8:db:ab:59:b6:ef:4a:fb:c1:a8:1c:86:e5:
                    f9:50:7e:98:ae:82:b7:c1:f4:6f:eb:a0:5d:c8:ba:
                    d1:a1:fb:de:08:55:e6:e9:fd:72:ca:96:5d:ff:68:
                    5e:47:bc:a5:c3:d5:2a:d3:83:2c:aa:27:8e:1a:09:
                    e6:e4:12:e6:40:f6:b9:dd:51:af:c1:f4:b8:95:02:
                    d6:22:da:8a:a7:63:7a:b5:77:1d:15:94:57:71:c0:
                    76:eb:e5:6e:ad:a0:80:3a:35:86:b2:9c:8f:8d:e6:
                    ca:3a:f2:a3:b9:be:ab:13:6b:68:d4:44:1b:67:f0:
                    68:3d:0d:2a:e1:c9:c3:16:a9:dd:ad:1a:1f:86:72:
                    cf:34:c3:e4:b9:16:e2:fb:c2:f6:14:99:ea:d6:17:
                    33:1f:0b:1d:4e:4c:cf:25:63:ab:5d:5f:43:ff:83:
                    e2:0b:23:0d:e2:a4:0d:ef:ce:df:96:eb:55:f1:1e:
                    ae:ea:c2:dc:02:03:86:bf:30:b6:34:d7:73:97:2f:
                    b6:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:FD:2C:B8:18:85:6F:E4:13:99:02:04:75:73:CF:5B:02:B3:AC:31
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.155.0/24
                  181.215.205.0/24
                  191.101.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:9c:3d:52:56:0c:51:b5:7a:63:7c:a2:fe:e4:57:64:0b:b7:
         bf:54:30:5a:71:c6:e8:6b:39:47:1d:78:a4:a4:96:9d:07:19:
         39:88:f3:49:2e:04:b7:f7:58:10:71:64:68:6f:54:eb:64:58:
         91:44:9a:7f:bb:e7:cf:03:44:ae:06:b7:d2:47:f7:97:44:11:
         fc:b9:1f:c6:bb:1c:f1:f1:cf:2c:2d:c9:9a:33:d4:95:5f:e0:
         b0:42:17:4f:3a:7d:0c:5a:b8:43:be:31:33:68:ad:7a:0f:3f:
         a5:ac:a0:0f:6b:08:ad:b9:da:04:3b:f2:b9:3d:9a:ba:48:55:
         d7:bf:6f:f7:40:02:c5:56:aa:34:65:2a:80:77:57:a2:f6:b4:
         bb:a0:ed:0f:63:e4:a7:9d:de:05:3b:38:aa:c6:51:31:c2:6c:
         bb:16:16:03:12:5a:28:12:d5:ca:34:50:80:08:7a:bb:ba:c1:
         27:cc:01:65:72:df:b8:66:a0:fe:05:21:a9:f5:da:74:92:57:
         10:0c:0b:41:5b:a7:35:e2:0b:1b:c2:6f:64:07:32:37:95:42:
         c7:39:56:ff:71:a7:d4:08:ef:4e:f8:0b:03:c3:0e:31:7d:28:
         de:9f:ba:45:eb:66:d6:2a:e9:fc:28:89:5b:0d:96:3a:f5:63:
         e7:e1:6e:6b
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUWxRmjQmmaRpbt6g4t87aTU6irxQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA0MTgwNjUwMTVaFw0yNjA0MTcwNjU1MTVaMDMxMTAvBgNV
BAMTKEExRkQyQ0I4MTg4NTZGRTQxMzk5MDIwNDc1NzNDRjVCMDJCM0FDMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1H1mgJ3gMoAnEUzxEEkdeF19a
ksS5yc0KPCDiZ0+n3btIQr+7be8QfO29Z+eZr8ApLjjUhZE8OZweLtXxuNurWbbv
SvvBqByG5flQfpiugrfB9G/roF3IutGh+94IVebp/XLKll3/aF5HvKXD1SrTgyyq
J44aCebkEuZA9rndUa/B9LiVAtYi2oqnY3q1dx0VlFdxwHbr5W6toIA6NYaynI+N
5so68qO5vqsTa2jURBtn8Gg9DSrhycMWqd2tGh+Gcs80w+S5FuL7wvYUmerWFzMf
Cx1OTM8lY6tdX0P/g+ILIw3ipA3vzt+W61XxHq7qwtwCA4a/MLY013OXL7YhAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUof0suBiFb+QTmQIEdXPPWwKzrDEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACzPZsD
BAC1180DBAC/Zb0wDQYJKoZIhvcNAQELBQADggEBACacPVJWDFG1emN8ov7kV2QL
t79UMFpxxuhrOUcdeKSklp0HGTmI80kuBLf3WBBxZGhvVOtkWJFEmn+7588DRK4G
t9JH95dEEfy5H8a7HPHxzywtyZoz1JVf4LBCF086fQxauEO+MTNorXoPP6WsoA9r
CK252gQ78rk9mrpIVde/b/dAAsVWqjRlKoB3V6L2tLug7Q9j5Ked3gU7OKrGUTHC
bLsWFgMSWigS1co0UIAIeru6wSfMAWVy37hmoP4FIan12nSSVxAMC0FbpzXiCxvC
b2QHMjeVQsc5Vv9xp9QI7074CwPDDjF9KN6fukXrZtYq6fwoiVsNljr1Y+fhbms=
-----END CERTIFICATE-----