Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          D/NSdcgfh0jtACPYEhg4e6xFcbp3FyuuYvh2us6OwrY=
Subject key identifier:   CB:C9:6B:42:06:05:1A:E7:80:D3:65:A4:1A:2A:EB:5D:ED:73:17:4E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5050DFCD5EBEE9377B4C850DDEADD873F55C4AC1
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa
Signing time:             Fri 20 Jun 2025 00:02:01 +0000
ROA not before:           Thu 19 Jun 2025 23:57:01 +0000
ROA not after:            Fri 19 Jun 2026 00:02:01 +0000
asID:                     21859
IP address blocks:        82.24.81.0/24 maxlen: 24
                          82.26.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:50:df:cd:5e:be:e9:37:7b:4c:85:0d:de:ad:d8:73:f5:5c:4a:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 19 23:57:01 2025 GMT
            Not After : Jun 19 00:02:01 2026 GMT
        Subject: CN=CBC96B4206051AE780D365A41A2AEB5DED73174E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:56:2d:8b:94:5c:18:a2:fb:5f:38:6f:b9:81:
                    f9:b6:54:ef:10:38:d4:c4:3f:37:c6:ea:f5:50:c6:
                    d7:c9:f5:24:d0:17:b1:9e:da:49:97:0c:f8:3a:94:
                    a6:75:e7:e4:9d:4c:bf:87:4c:33:0e:b6:a4:07:e0:
                    6d:80:8b:df:ba:7e:83:b1:61:c6:48:10:53:99:eb:
                    ae:46:6d:80:3a:13:34:af:bd:5e:91:15:4d:63:50:
                    29:0f:f8:2e:d7:ac:cf:3f:d0:10:06:23:b9:a1:43:
                    3f:2d:9b:f2:1e:19:a9:29:7c:60:46:16:5d:57:8b:
                    7f:70:cf:26:e2:1d:1f:d6:c7:06:c7:f4:37:a2:1e:
                    e4:22:c6:a5:bc:5a:5e:93:11:d2:b4:45:fa:ef:1a:
                    c3:3a:dd:64:40:68:64:09:48:98:9e:d0:56:50:f4:
                    50:9d:d0:ac:8e:d4:93:a0:d3:db:ba:28:4b:e7:9c:
                    c3:10:1c:e9:d0:8b:b7:00:c5:1a:6a:15:f3:58:cb:
                    88:4c:57:c7:54:35:45:b8:ed:1b:34:12:d9:b1:b2:
                    b3:d9:b6:64:b8:3d:e9:e3:75:6a:83:b9:cf:d5:9f:
                    ee:77:c6:f4:76:8a:47:34:c3:d7:66:da:19:66:6a:
                    48:41:0c:9f:ab:4c:52:69:45:84:de:90:67:35:ea:
                    26:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:C9:6B:42:06:05:1A:E7:80:D3:65:A4:1A:2A:EB:5D:ED:73:17:4E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.81.0/24
                  82.26.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:c4:cd:f7:72:7f:1a:1f:8c:c4:76:a9:00:69:8e:18:08:9f:
         7a:2b:5e:9b:be:48:c3:dd:41:00:66:df:4d:8e:a1:1a:13:5b:
         e8:4c:e2:0d:ff:75:94:06:26:25:65:b0:f7:4a:57:48:27:d8:
         aa:7a:8f:40:88:ea:05:be:c5:fc:3a:3e:87:de:cb:28:0e:d8:
         eb:9c:7c:44:b2:09:22:d2:75:a1:d5:5b:1e:ee:4f:72:64:e6:
         50:e5:d6:bf:18:a8:01:2e:31:87:de:5c:43:a9:25:aa:ca:55:
         2e:f3:91:df:61:c6:2e:8d:c0:e8:7f:ea:6b:72:a8:a5:5d:20:
         9f:3f:a0:6f:c7:2e:b0:54:72:79:f1:9f:79:f1:97:11:0e:c0:
         d2:66:f0:5b:80:54:8c:85:55:42:d8:91:76:dc:a1:b5:0b:1d:
         ac:0f:eb:61:7f:66:29:b7:6f:81:c2:92:de:32:d3:c5:27:13:
         07:a0:26:e2:98:9d:93:cb:07:fa:62:62:d8:df:fc:40:1e:6b:
         3f:e1:99:00:bf:9f:e6:88:6f:2e:75:a3:f9:b0:05:d9:1a:ad:
         e5:1d:09:4d:94:fb:3c:97:fe:a3:03:b9:a4:aa:79:4a:84:9a:
         a9:3a:cc:02:5d:cf:7e:be:d2:06:c1:c6:b0:00:6a:92:b0:36:
         11:e1:13:f5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUUFDfzV6+6Td7TIUN3q3Yc/VcSsEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTkyMzU3MDFaFw0yNjA2MTkwMDAyMDFaMDMxMTAvBgNV
BAMTKENCQzk2QjQyMDYwNTFBRTc4MEQzNjVBNDFBMkFFQjVERUQ3MzE3NEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzVi2LlFwYovtfOG+5gfm2VO8Q
ONTEPzfG6vVQxtfJ9STQF7Ge2kmXDPg6lKZ15+SdTL+HTDMOtqQH4G2Ai9+6foOx
YcZIEFOZ665GbYA6EzSvvV6RFU1jUCkP+C7XrM8/0BAGI7mhQz8tm/IeGakpfGBG
Fl1Xi39wzybiHR/WxwbH9DeiHuQixqW8Wl6TEdK0RfrvGsM63WRAaGQJSJie0FZQ
9FCd0KyO1JOg09u6KEvnnMMQHOnQi7cAxRpqFfNYy4hMV8dUNUW47Rs0EtmxsrPZ
tmS4PenjdWqDuc/Vn+53xvR2ikc0w9dm2hlmakhBDJ+rTFJpRYTekGc16iYpAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUy8lrQgYFGueA02WkGirrXe1zF04wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABSGFED
BABSGowwDQYJKoZIhvcNAQELBQADggEBAETEzfdyfxofjMR2qQBpjhgIn3orXpu+
SMPdQQBm302OoRoTW+hM4g3/dZQGJiVlsPdKV0gn2Kp6j0CI6gW+xfw6PofeyygO
2OucfESyCSLSdaHVWx7uT3Jk5lDl1r8YqAEuMYfeXEOpJarKVS7zkd9hxi6NwOh/
6mtyqKVdIJ8/oG/HLrBUcnnxn3nxlxEOwNJm8FuAVIyFVULYkXbcobULHawP62F/
Zim3b4HCkt4y08UnEwegJuKYnZPLB/piYtjf/EAeaz/hmQC/n+aIby51o/mwBdka
reUdCU2U+zyX/qMDuaSqeUqEmqk6zAJdz36+0gbBxrAAapKwNhHhE/U=
-----END CERTIFICATE-----