Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          0Ry2RqpB2ScASxJP1zrGNUJsOv/C3qpMt8W/k9vvoOQ=
Subject key identifier:   06:36:4A:F0:00:DB:23:E9:14:CC:3D:CA:9E:4A:C7:00:12:F9:10:0E
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       537ED788AD4ADA336F648AF3512CC6DFBECE0F4A
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21859.roa
Signing time:             Thu 16 Oct 2025 06:11:41 +0000
ROA not before:           Thu 16 Oct 2025 06:06:41 +0000
ROA not after:            Thu 15 Oct 2026 06:11:41 +0000
asID:                     21859
IP address blocks:        45.157.17.0/24 maxlen: 24
                          195.206.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:7e:d7:88:ad:4a:da:33:6f:64:8a:f3:51:2c:c6:df:be:ce:0f:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 16 06:06:41 2025 GMT
            Not After : Oct 15 06:11:41 2026 GMT
        Subject: CN=06364AF000DB23E914CC3DCA9E4AC70012F9100E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:05:79:2e:76:f7:7a:8f:bf:ce:ed:84:3f:91:
                    3c:6b:3d:7e:8b:6f:41:83:c7:26:3c:ec:79:f3:95:
                    44:e9:f7:1c:41:63:73:26:69:a6:3d:8a:f6:74:93:
                    65:62:a0:1e:0e:93:a2:84:92:a5:92:45:4f:72:a1:
                    b1:bc:a1:f0:01:d3:91:cf:af:b5:2c:d0:30:5e:ff:
                    44:f5:71:f5:6a:1f:ed:2f:75:19:dd:fb:aa:2a:5c:
                    00:f2:38:cf:15:bf:a5:d7:be:93:db:c4:49:af:f8:
                    64:53:82:75:54:ba:e5:b2:7f:b0:64:bf:0c:6d:f4:
                    57:bc:ea:45:5a:43:a8:bd:b6:47:f5:bd:ca:60:9c:
                    28:4c:bb:08:bd:6e:e4:c8:c5:35:08:89:a9:e7:6c:
                    59:7a:33:3e:76:c3:a4:e3:42:cf:a0:ab:d9:30:01:
                    b4:b8:17:5a:17:f2:f1:36:d8:dc:96:5b:f2:a8:bc:
                    62:82:6e:7d:d1:c5:f5:7d:b0:42:28:0e:29:17:71:
                    22:f0:45:81:d0:58:4e:06:39:79:17:4f:c6:98:73:
                    dd:ac:06:d1:f4:47:87:85:f7:09:9c:37:b0:4d:f5:
                    be:a2:87:31:98:c1:db:1b:ac:9c:1f:6f:e7:32:91:
                    af:21:8d:7b:46:df:59:00:ad:d4:61:f4:28:1d:6d:
                    74:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:36:4A:F0:00:DB:23:E9:14:CC:3D:CA:9E:4A:C7:00:12:F9:10:0E
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.17.0/24
                  195.206.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:fb:9e:bb:61:63:59:85:30:50:b7:cc:df:45:81:9f:8a:6a:
         88:9d:86:07:a4:d5:59:e8:4a:53:f4:73:6f:5c:5b:00:1e:3c:
         57:9b:e7:6e:4a:31:fb:38:b4:97:a5:cd:1a:df:dc:cf:0a:bd:
         b7:d3:38:90:4d:19:3b:56:a5:59:c7:3b:8e:3a:22:b5:af:84:
         c5:6a:64:40:3f:be:df:55:b6:1b:da:98:44:a5:0f:74:3e:09:
         fe:ff:41:89:eb:84:bd:8d:a5:4a:d2:ca:08:ff:55:c1:d5:e3:
         d9:d1:f3:52:9f:30:f4:d3:93:f6:f5:31:ca:b5:69:be:df:92:
         41:ea:a2:fc:0d:11:8f:54:d4:b0:49:e1:10:db:eb:95:7a:63:
         87:c0:ea:15:db:83:d0:92:60:c0:cc:1d:0f:46:d8:d5:cb:5a:
         05:c0:0d:3d:3a:29:53:9e:51:21:8a:bd:8e:b9:b9:4d:7c:13:
         1d:4c:b8:65:58:cc:73:6f:30:ee:2a:05:51:ee:dc:9e:72:d6:
         64:af:31:29:83:91:73:28:34:8c:7b:7d:5a:4e:da:54:18:1a:
         47:fc:ce:6e:45:1b:32:9c:58:1c:4b:72:de:21:f3:7d:e7:66:
         8a:5a:d5:71:0e:48:a1:12:c9:ee:44:bb:b0:4f:ab:eb:89:cb:
         3d:65:e3:d9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUU37XiK1K2jNvZIrzUSzG377OD0owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEwMTYwNjA2NDFaFw0yNjEwMTUwNjExNDFaMDMxMTAvBgNV
BAMTKDA2MzY0QUYwMDBEQjIzRTkxNENDM0RDQTlFNEFDNzAwMTJGOTEwMEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDABXkudvd6j7/O7YQ/kTxrPX6L
b0GDxyY87HnzlUTp9xxBY3MmaaY9ivZ0k2VioB4Ok6KEkqWSRU9yobG8ofAB05HP
r7Us0DBe/0T1cfVqH+0vdRnd+6oqXADyOM8Vv6XXvpPbxEmv+GRTgnVUuuWyf7Bk
vwxt9Fe86kVaQ6i9tkf1vcpgnChMuwi9buTIxTUIiannbFl6Mz52w6TjQs+gq9kw
AbS4F1oX8vE22NyWW/KovGKCbn3RxfV9sEIoDikXcSLwRYHQWE4GOXkXT8aYc92s
BtH0R4eF9wmcN7BN9b6ihzGYwdsbrJwfb+cyka8hjXtG31kArdRh9CgdbXRhAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUBjZK8ADbI+kUzD3KnkrHABL5EA4wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtnRED
BADDzuswDQYJKoZIhvcNAQELBQADggEBAKv7nrthY1mFMFC3zN9FgZ+Kaoidhgek
1VnoSlP0c29cWwAePFeb525KMfs4tJelzRrf3M8KvbfTOJBNGTtWpVnHO446IrWv
hMVqZEA/vt9VthvamESlD3Q+Cf7/QYnrhL2NpUrSygj/VcHV49nR81KfMPTTk/b1
Mcq1ab7fkkHqovwNEY9U1LBJ4RDb65V6Y4fA6hXbg9CSYMDMHQ9G2NXLWgXADT06
KVOeUSGKvY65uU18Ex1MuGVYzHNvMO4qBVHu3J5y1mSvMSmDkXMoNIx7fVpO2lQY
Gkf8zm5FGzKcWBxLct4h833nZopa1XEOSKESye5Eu7BPq+uJyz1l49k=
-----END CERTIFICATE-----