Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          SSvd5D7loFYOCg0/hl1BjIJ5AHwLSAThwdEtMkXjeW8=
Subject key identifier:   48:B2:B4:91:3E:1E:40:D9:31:BE:84:35:FF:44:E4:68:52:DE:27:23
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       011E7A465876E0E6C7ED65885C73E88FD59DAA00
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa
Signing time:             Mon 13 Oct 2025 02:36:32 +0000
ROA not before:           Mon 13 Oct 2025 02:31:32 +0000
ROA not after:            Mon 12 Oct 2026 02:36:32 +0000
asID:                     21859
IP address blocks:        141.11.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:1e:7a:46:58:76:e0:e6:c7:ed:65:88:5c:73:e8:8f:d5:9d:aa:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 13 02:31:32 2025 GMT
            Not After : Oct 12 02:36:32 2026 GMT
        Subject: CN=48B2B4913E1E40D931BE8435FF44E46852DE2723
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:8a:b5:6d:21:7f:ca:c9:79:9f:b8:fe:02:fb:
                    86:5b:4a:37:99:e9:49:96:8d:a3:73:88:1c:df:b3:
                    06:48:dd:40:2e:7b:08:3f:f2:db:1b:b5:5f:05:30:
                    7e:e1:c8:97:cb:c6:84:2e:17:2a:56:2e:e5:70:0a:
                    d5:7d:5d:98:cc:de:94:e2:7f:f3:c9:46:a0:d8:9e:
                    56:d2:ff:83:d4:62:0a:fb:4b:a7:23:fa:b8:b5:55:
                    a6:2f:1f:dd:b6:b9:86:27:62:1d:cd:84:09:08:b5:
                    b1:20:10:6f:5e:f7:32:fc:18:5e:22:93:ae:57:e8:
                    01:10:b4:0f:d2:8a:99:0a:50:7c:58:31:cd:a1:4b:
                    7d:a0:ae:86:c3:71:ad:75:21:a0:d9:3f:e4:f6:c1:
                    9a:0c:63:2c:48:05:c4:80:14:e1:81:44:09:25:a1:
                    9b:15:e2:57:2a:ba:2f:8d:0a:b2:e7:20:e4:51:26:
                    7d:e5:9a:5c:e0:87:a6:22:ff:15:c8:70:da:d1:4f:
                    8f:e6:fe:ab:d1:40:3b:d9:23:0e:93:18:71:bd:53:
                    80:11:e8:49:7b:ac:fe:bd:d1:f8:3d:46:fd:05:ba:
                    d0:03:a3:3c:a7:45:48:73:93:a8:1b:88:f7:2c:f5:
                    ec:90:db:1d:99:20:dd:5e:56:58:a3:1b:cc:13:6e:
                    80:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:B2:B4:91:3E:1E:40:D9:31:BE:84:35:FF:44:E4:68:52:DE:27:23
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:22:56:03:a4:a9:ff:15:28:1b:c5:81:9e:28:16:ae:d6:8e:
         8e:d7:69:4c:76:45:d8:05:7f:78:00:a5:99:85:6d:5d:6b:5f:
         26:6b:00:f0:9e:65:13:75:fb:d7:ab:ac:f6:62:2c:97:cd:8e:
         ed:b2:09:81:e2:04:c1:b1:ec:e2:da:3d:0f:b4:0e:2a:15:dd:
         50:30:d1:c6:8c:d9:99:cc:74:db:42:d0:61:1f:4e:e2:d7:ca:
         bd:cd:a8:23:35:4f:02:13:b3:93:8b:f6:40:68:e7:67:26:6b:
         20:99:4b:5c:67:65:26:a1:62:39:23:eb:a9:fc:44:c3:5e:b8:
         61:68:89:04:4d:55:cd:69:a6:d0:e2:96:d3:d3:c3:89:13:7e:
         87:2c:f2:3c:18:2a:93:ab:b9:90:5d:68:31:b1:52:3a:25:63:
         dc:00:dd:16:f8:e8:f9:00:d2:18:1d:0e:8f:e4:64:86:31:47:
         1d:2d:30:a8:c4:b9:d4:30:d8:69:3c:61:f8:43:8b:3e:34:68:
         03:f2:eb:60:7c:7f:90:ad:cf:5b:72:9a:6c:93:0e:2e:fe:c6:
         20:b0:0e:09:69:e7:7f:05:0f:2c:bb:a3:62:d8:10:96:cc:b7:
         5f:16:33:6c:54:00:e8:4d:c6:1d:1a:0d:09:d0:a6:80:1c:63:
         79:5e:a7:4f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUAR56Rlh24ObH7WWIXHPoj9WdqgAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTEwMTMwMjMxMzJaFw0yNjEwMTIwMjM2MzJaMDMxMTAvBgNV
BAMTKDQ4QjJCNDkxM0UxRTQwRDkzMUJFODQzNUZGNDRFNDY4NTJERTI3MjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEirVtIX/KyXmfuP4C+4ZbSjeZ
6UmWjaNziBzfswZI3UAuewg/8tsbtV8FMH7hyJfLxoQuFypWLuVwCtV9XZjM3pTi
f/PJRqDYnlbS/4PUYgr7S6cj+ri1VaYvH922uYYnYh3NhAkItbEgEG9e9zL8GF4i
k65X6AEQtA/SipkKUHxYMc2hS32grobDca11IaDZP+T2wZoMYyxIBcSAFOGBRAkl
oZsV4lcqui+NCrLnIORRJn3lmlzgh6Yi/xXIcNrRT4/m/qvRQDvZIw6TGHG9U4AR
6El7rP690fg9Rv0FutADozynRUhzk6gbiPcs9eyQ2x2ZIN1eVlijG8wTboABAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUSLK0kT4eQNkxvoQ1/0TkaFLeJyMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC3cw
DQYJKoZIhvcNAQELBQADggEBAGgiVgOkqf8VKBvFgZ4oFq7Wjo7XaUx2RdgFf3gA
pZmFbV1rXyZrAPCeZRN1+9errPZiLJfNju2yCYHiBMGx7OLaPQ+0DioV3VAw0caM
2ZnMdNtC0GEfTuLXyr3NqCM1TwITs5OL9kBo52cmayCZS1xnZSahYjkj66n8RMNe
uGFoiQRNVc1pptDiltPTw4kTfocs8jwYKpOruZBdaDGxUjolY9wA3Rb46PkA0hgd
Do/kZIYxRx0tMKjEudQw2Gk8YfhDiz40aAPy62B8f5Ctz1tymmyTDi7+xiCwDglp
538FDyy7o2LYEJbMt18WM2xUAOhNxh0aDQnQpoAcY3lep08=
-----END CERTIFICATE-----