Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          Zk9+gpkjA2esJe15AjaR4iMJvlUz/eKz1m3lucF5KEs=
Subject key identifier:   4A:8F:A7:BD:79:C8:31:9F:03:30:71:0A:12:72:E2:BA:0F:23:9A:18
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       3401050514D0BA133DA5A7E2B3D6B8AE6AC83E46
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS21859.roa
Signing time:             Thu 26 Jun 2025 03:45:58 +0000
ROA not before:           Thu 26 Jun 2025 03:40:58 +0000
ROA not after:            Thu 25 Jun 2026 03:45:58 +0000
asID:                     21859
IP address blocks:        188.119.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 07:35:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:01:05:05:14:d0:ba:13:3d:a5:a7:e2:b3:d6:b8:ae:6a:c8:3e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jun 26 03:40:58 2025 GMT
            Not After : Jun 25 03:45:58 2026 GMT
        Subject: CN=4A8FA7BD79C8319F0330710A1272E2BA0F239A18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:4e:6d:60:fb:37:99:6d:3f:0d:4d:22:28:c6:
                    22:dd:d6:58:f3:cc:c3:93:2a:6a:c4:f3:77:b5:8f:
                    7e:c4:d8:2d:ec:1b:ef:0b:39:51:2e:44:5a:f7:c0:
                    d7:8b:7a:28:d5:76:c2:a7:a7:67:90:35:f7:f6:36:
                    6a:c1:33:74:21:55:1c:8d:f2:b4:90:30:45:29:bd:
                    90:91:2c:af:93:79:9c:ef:ea:7c:76:e1:f5:2c:26:
                    4a:70:78:5e:5f:20:5f:62:77:09:87:7b:98:d6:af:
                    f1:4b:f1:e8:53:7b:34:96:ad:ad:c0:24:23:2e:0a:
                    2c:eb:6a:65:42:4c:f9:81:d2:e3:18:8d:81:77:39:
                    2e:68:f7:24:47:38:6e:61:79:bf:18:5b:f2:e6:ec:
                    0a:6c:c2:5b:85:14:a0:a6:ca:fa:fd:2d:96:e6:89:
                    db:4f:b8:f2:6f:28:46:2e:dc:19:8b:d8:7c:93:17:
                    cd:ba:ab:55:8f:a2:64:8a:20:2f:ed:07:ce:e0:11:
                    a7:0a:9d:6d:a6:c9:86:34:fb:cf:ff:f6:6e:03:ed:
                    aa:25:bd:32:5e:d7:54:81:74:97:62:82:9f:cb:c0:
                    ec:db:ae:6a:84:5f:3f:42:c0:00:54:c6:7b:9a:64:
                    09:47:52:82:44:49:27:a2:bf:b5:f5:ae:05:9f:55:
                    10:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:8F:A7:BD:79:C8:31:9F:03:30:71:0A:12:72:E2:BA:0F:23:9A:18
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.119.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:28:e1:0a:55:98:87:3b:73:32:72:b8:f6:1a:16:39:c4:5a:
         89:2b:58:05:70:0d:42:74:94:91:35:3a:7a:9d:fd:af:0c:7b:
         2e:43:0f:61:3d:0f:be:e9:41:b9:95:8f:42:64:6f:10:a5:6d:
         2d:d5:28:d9:f9:dd:c9:6a:f2:28:99:1d:73:3f:c3:02:af:74:
         5c:d5:48:62:ff:61:73:cb:c1:9a:78:54:4e:1e:20:54:e3:66:
         f3:81:bc:a6:6e:ae:8c:39:c2:57:88:08:6e:d7:71:eb:7b:cc:
         89:d9:f4:03:7f:ab:d4:ef:ac:2e:fd:6b:40:09:f5:85:51:3a:
         9d:9f:01:69:bf:05:0f:5e:20:ab:ac:ca:d7:fd:98:41:ca:08:
         26:ab:36:ac:df:7d:51:f8:f1:c9:ba:cc:68:76:e4:35:bc:bd:
         77:09:f1:6c:67:70:3d:69:f0:5e:5f:6f:fa:26:c9:32:7a:89:
         6f:77:f5:21:cd:0c:8a:3c:ac:05:d3:45:ee:0b:0d:d7:e8:a5:
         6c:d9:5f:4f:27:70:26:ad:9c:06:b8:01:de:5f:72:bb:67:24:
         15:b2:47:35:df:a0:11:97:83:02:b4:64:ab:37:4e:b1:c2:75:
         cf:ce:a3:57:ea:76:f9:c3:06:c7:2c:4c:e5:36:45:1c:26:08:
         89:04:51:30
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUNAEFBRTQuhM9pafis9a4rmrIPkYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA2MjYwMzQwNThaFw0yNjA2MjUwMzQ1NThaMDMxMTAvBgNV
BAMTKDRBOEZBN0JENzlDODMxOUYwMzMwNzEwQTEyNzJFMkJBMEYyMzlBMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcTm1g+zeZbT8NTSIoxiLd1ljz
zMOTKmrE83e1j37E2C3sG+8LOVEuRFr3wNeLeijVdsKnp2eQNff2NmrBM3QhVRyN
8rSQMEUpvZCRLK+TeZzv6nx24fUsJkpweF5fIF9idwmHe5jWr/FL8ehTezSWra3A
JCMuCizramVCTPmB0uMYjYF3OS5o9yRHOG5heb8YW/Lm7ApswluFFKCmyvr9LZbm
idtPuPJvKEYu3BmL2HyTF826q1WPomSKIC/tB87gEacKnW2myYY0+8//9m4D7aol
vTJe11SBdJdigp/LwOzbrmqEXz9CwABUxnuaZAlHUoJESSeiv7X1rgWfVRA9AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUSo+nvXnIMZ8DMHEKEnLiug8jmhgwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC8d0Uw
DQYJKoZIhvcNAQELBQADggEBAKko4QpVmIc7czJyuPYaFjnEWokrWAVwDUJ0lJE1
Onqd/a8Mey5DD2E9D77pQbmVj0JkbxClbS3VKNn53clq8iiZHXM/wwKvdFzVSGL/
YXPLwZp4VE4eIFTjZvOBvKZurow5wleICG7Xcet7zInZ9AN/q9TvrC79a0AJ9YVR
Op2fAWm/BQ9eIKusytf9mEHKCCarNqzffVH48cm6zGh25DW8vXcJ8WxncD1p8F5f
b/omyTJ6iW939SHNDIo8rAXTRe4LDdfopWzZX08ncCatnAa4Ad5fcrtnJBWyRzXf
oBGXgwK0ZKs3TrHCdc/Oo1fqdvnDBscsTOU2RRwmCIkEUTA=
-----END CERTIFICATE-----