Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          NpxXa9mHDdi0l9kyPrrdq6KZpSMBV7PlX5ilvVFMIYQ=
Subject key identifier:   2B:51:26:A1:CA:14:7F:29:3F:D2:6D:8F:B1:10:D2:A3:76:FF:22:5A
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2D138406268709DC65AFC68E06CAFCD25B8EB67B
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21859.roa
Signing time:             Mon 04 Aug 2025 10:37:43 +0000
ROA not before:           Mon 04 Aug 2025 10:32:43 +0000
ROA not after:            Mon 03 Aug 2026 10:37:43 +0000
asID:                     21859
IP address blocks:        192.166.114.0/24 maxlen: 24
                          195.206.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 02:42:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:13:84:06:26:87:09:dc:65:af:c6:8e:06:ca:fc:d2:5b:8e:b6:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug  4 10:32:43 2025 GMT
            Not After : Aug  3 10:37:43 2026 GMT
        Subject: CN=2B5126A1CA147F293FD26D8FB110D2A376FF225A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:29:27:67:98:c0:4f:0e:91:0a:aa:62:48:6e:
                    7f:1e:86:c1:84:54:c7:5b:06:b5:c6:6f:34:fe:11:
                    1d:8e:83:59:2b:a2:1f:e1:0e:98:2e:af:8c:7a:b1:
                    df:26:86:99:42:6a:6b:38:ca:88:f1:87:2e:a9:20:
                    4e:0d:8a:7d:1a:ea:23:33:02:12:c7:3a:74:67:9c:
                    36:22:c3:d2:80:80:7a:bd:7f:14:c8:08:86:7f:5f:
                    66:bb:65:0c:61:a1:2b:16:bc:3d:94:87:c3:6e:e5:
                    e0:64:db:33:c5:a7:84:79:f7:b8:ed:61:18:bf:b8:
                    18:f1:83:ce:e8:b5:ca:be:8a:e6:2d:94:b4:24:51:
                    0d:8d:4b:f9:b4:10:66:27:df:e4:28:6b:e0:08:14:
                    9d:7e:e6:7a:85:37:a8:27:30:f7:af:bf:e2:be:45:
                    e0:00:dc:9c:2a:93:a0:73:b7:8d:11:20:bf:aa:45:
                    50:3a:4a:34:10:9d:21:6d:ea:70:0d:aa:aa:b6:e3:
                    62:cc:f7:5d:07:fc:97:c9:ce:b1:0b:d4:cb:a9:6a:
                    93:2d:93:85:31:e0:0d:76:f0:4e:3e:b5:d9:e2:0c:
                    bf:1e:73:5a:17:94:da:4d:e7:33:99:df:d8:86:67:
                    63:c2:11:06:42:3a:39:ea:cc:fc:2b:55:04:8d:53:
                    f5:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:51:26:A1:CA:14:7F:29:3F:D2:6D:8F:B1:10:D2:A3:76:FF:22:5A
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.114.0/24
                  195.206.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:d9:3e:01:cd:10:8f:5f:2b:64:0c:05:c0:59:24:d8:fd:f8:
         a0:a6:ba:f3:09:21:34:9a:ca:64:20:11:2e:9e:35:14:d9:2c:
         ca:87:8b:54:62:74:83:73:2c:37:5d:e1:58:ec:34:87:2d:9c:
         0f:24:30:62:4d:f9:84:64:fc:36:00:0e:ef:59:15:75:52:02:
         a7:08:4a:6b:5c:34:f7:ec:7b:77:43:32:2f:1c:f6:0d:c7:e4:
         5b:d4:d8:0b:66:3e:f1:90:a1:70:67:10:7b:a6:67:01:d2:eb:
         bc:2e:f3:30:cc:d7:fe:48:ed:11:c2:f9:94:12:0c:55:53:c1:
         ef:84:30:a4:6e:8d:47:f6:b2:b6:19:2c:38:c4:1d:2b:bb:8c:
         e8:2b:f7:e9:e6:66:b1:3d:97:18:a7:29:f8:31:a5:f6:78:78:
         82:92:cf:cb:9d:26:9f:8b:7c:bc:2c:27:bc:a0:73:e2:47:af:
         82:db:69:a0:f7:d6:c9:4a:81:39:22:35:53:c4:7f:f5:3d:34:
         f8:19:5e:6b:ee:b0:94:77:8c:5d:4a:01:e3:41:28:81:96:32:
         4f:dd:16:78:23:a2:17:2d:91:bc:86:4d:35:53:df:28:b5:78:
         46:a6:39:51:c9:d3:9e:df:be:36:79:f3:c5:11:3d:16:5b:bf:
         f5:44:99:8f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIULROEBiaHCdxlr8aOBsr80luOtnswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA4MDQxMDMyNDNaFw0yNjA4MDMxMDM3NDNaMDMxMTAvBgNV
BAMTKDJCNTEyNkExQ0ExNDdGMjkzRkQyNkQ4RkIxMTBEMkEzNzZGRjIyNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7KSdnmMBPDpEKqmJIbn8ehsGE
VMdbBrXGbzT+ER2Og1kroh/hDpgur4x6sd8mhplCams4yojxhy6pIE4Nin0a6iMz
AhLHOnRnnDYiw9KAgHq9fxTICIZ/X2a7ZQxhoSsWvD2Uh8Nu5eBk2zPFp4R597jt
YRi/uBjxg87otcq+iuYtlLQkUQ2NS/m0EGYn3+Qoa+AIFJ1+5nqFN6gnMPevv+K+
ReAA3Jwqk6Bzt40RIL+qRVA6SjQQnSFt6nANqqq242LM910H/JfJzrEL1MupapMt
k4Ux4A128E4+tdniDL8ec1oXlNpN5zOZ39iGZ2PCEQZCOjnqzPwrVQSNU/X1AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUK1EmocoUfyk/0m2PsRDSo3b/IlowHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBADApnID
BADDzuswDQYJKoZIhvcNAQELBQADggEBAGDZPgHNEI9fK2QMBcBZJNj9+KCmuvMJ
ITSaymQgES6eNRTZLMqHi1RidINzLDdd4VjsNIctnA8kMGJN+YRk/DYADu9ZFXVS
AqcISmtcNPfse3dDMi8c9g3H5FvU2AtmPvGQoXBnEHumZwHS67wu8zDM1/5I7RHC
+ZQSDFVTwe+EMKRujUf2srYZLDjEHSu7jOgr9+nmZrE9lxinKfgxpfZ4eIKSz8ud
Jp+LfLwsJ7ygc+JHr4LbaaD31slKgTkiNVPEf/U9NPgZXmvusJR3jF1KAeNBKIGW
Mk/dFngjohctkbyGTTVT3yi1eEamOVHJ057fvjZ588URPRZbv/VEmY8=
-----END CERTIFICATE-----