Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          3f1TZIG0xnRYQFoVAiJxyPhM+nUXAGdKVlu/ZIK9PyY=
Subject key identifier:   FC:87:56:20:9B:5E:01:CF:BD:64:FB:3B:2E:1F:EE:DD:45:9A:DC:68
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       6E119F0A46D34BB32BA118480B08710681F18009
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa
Signing time:             Wed 18 Jun 2025 00:02:00 +0000
ROA not before:           Tue 17 Jun 2025 23:57:00 +0000
ROA not after:            Wed 17 Jun 2026 00:02:00 +0000
asID:                     21859
IP address blocks:        141.11.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 10:24:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:11:9f:0a:46:d3:4b:b3:2b:a1:18:48:0b:08:71:06:81:f1:80:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 17 23:57:00 2025 GMT
            Not After : Jun 17 00:02:00 2026 GMT
        Subject: CN=FC8756209B5E01CFBD64FB3B2E1FEEDD459ADC68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:28:46:4d:83:73:ca:ee:1e:0a:3d:50:9d:e8:
                    e1:65:f1:05:6d:3c:ae:21:98:61:e6:ac:51:a7:56:
                    2b:0e:92:63:32:75:d8:cf:89:58:83:02:e0:b4:3d:
                    c5:0e:52:4a:02:28:18:94:a1:47:ca:e7:d2:9f:05:
                    db:a5:82:cf:43:f3:8b:97:64:92:3e:b3:15:a9:a1:
                    71:4d:ee:64:dc:b1:1c:85:71:50:c1:f4:25:9e:12:
                    99:68:15:61:3f:de:99:fd:be:8b:e6:3d:e8:ac:9f:
                    d5:7e:da:6a:38:b0:a8:b9:9e:2e:71:d3:c4:f7:d6:
                    7c:63:0b:64:81:c3:e3:98:d0:e9:af:9c:21:eb:a5:
                    80:3b:4e:fc:56:b5:af:5b:55:6a:40:f5:1e:4f:ed:
                    6a:09:b2:4a:7d:37:cd:b8:e7:0c:b1:61:0f:53:01:
                    a6:43:76:8a:7f:9a:93:61:91:8d:60:e7:f8:7b:c1:
                    62:1c:47:7d:eb:3a:a5:9a:f8:d6:d5:c4:85:93:7f:
                    8c:20:8b:38:b0:3d:8b:37:88:39:f8:7d:ab:68:5e:
                    a4:4d:3a:49:2c:a9:d6:52:11:85:dd:38:57:74:e3:
                    80:e9:ea:d7:6b:f7:53:a7:c7:57:b3:4e:23:ca:52:
                    39:48:94:e0:fc:01:11:f2:06:76:91:d2:23:b0:d4:
                    cd:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:87:56:20:9B:5E:01:CF:BD:64:FB:3B:2E:1F:EE:DD:45:9A:DC:68
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:86:1e:13:b4:ef:64:99:0c:be:2f:f1:c4:61:69:6f:b4:6c:
         de:f6:8f:27:6d:71:80:40:c9:d4:52:e8:36:c3:b5:4a:ef:60:
         80:e5:e2:78:c8:69:05:46:08:49:67:1e:f4:05:9b:dd:ae:77:
         b4:4e:ad:77:da:49:17:ce:fc:8c:90:03:3e:8e:28:89:d3:3d:
         67:7d:b4:f7:42:54:c9:ec:c5:84:38:54:56:88:2f:89:41:ac:
         c1:60:22:3a:74:c0:3a:1b:0b:82:88:0a:1b:59:64:8a:d6:2f:
         1e:06:86:d4:3a:3d:f2:f3:8c:4a:7e:4c:81:1f:0d:8b:e5:5e:
         c2:9f:f3:05:83:64:d2:fc:60:24:84:df:13:1c:b6:d2:e7:34:
         d6:15:e6:68:8b:02:ec:0e:5a:71:ca:af:a8:e3:24:04:d6:56:
         5d:0b:a7:dd:33:52:7d:bd:37:5a:8e:ad:95:f7:6b:12:f1:b8:
         79:2d:30:a5:a1:fb:86:71:3f:1f:d4:e1:b8:8b:a0:32:5f:17:
         64:59:62:86:50:56:f3:04:c6:d0:0a:2c:e0:c3:ba:c8:ea:c3:
         82:35:a4:94:2e:57:85:6f:f8:02:bc:b2:25:2d:3f:bd:07:fb:
         f3:6a:3c:c1:75:85:4e:08:77:f2:2c:5e:dc:ad:60:a6:ad:f5:
         61:49:74:4b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUbhGfCkbTS7MroRhICwhxBoHxgAkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA2MTcyMzU3MDBaFw0yNjA2MTcwMDAyMDBaMDMxMTAvBgNV
BAMTKEZDODc1NjIwOUI1RTAxQ0ZCRDY0RkIzQjJFMUZFRURENDU5QURDNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnKEZNg3PK7h4KPVCd6OFl8QVt
PK4hmGHmrFGnVisOkmMyddjPiViDAuC0PcUOUkoCKBiUoUfK59KfBdulgs9D84uX
ZJI+sxWpoXFN7mTcsRyFcVDB9CWeEploFWE/3pn9vovmPeisn9V+2mo4sKi5ni5x
08T31nxjC2SBw+OY0OmvnCHrpYA7TvxWta9bVWpA9R5P7WoJskp9N8245wyxYQ9T
AaZDdop/mpNhkY1g5/h7wWIcR33rOqWa+NbVxIWTf4wgiziwPYs3iDn4fatoXqRN
OkksqdZSEYXdOFd044Dp6tdr91Onx1ezTiPKUjlIlOD8ARHyBnaR0iOw1M1BAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU/IdWIJteAc+9ZPs7Lh/u3UWa3GgwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCzAw
DQYJKoZIhvcNAQELBQADggEBAM6GHhO072SZDL4v8cRhaW+0bN72jydtcYBAydRS
6DbDtUrvYIDl4njIaQVGCElnHvQFm92ud7ROrXfaSRfO/IyQAz6OKInTPWd9tPdC
VMnsxYQ4VFaIL4lBrMFgIjp0wDobC4KIChtZZIrWLx4GhtQ6PfLzjEp+TIEfDYvl
XsKf8wWDZNL8YCSE3xMcttLnNNYV5miLAuwOWnHKr6jjJATWVl0Lp90zUn29N1qO
rZX3axLxuHktMKWh+4ZxPx/U4biLoDJfF2RZYoZQVvMExtAKLODDusjqw4I1pJQu
V4Vv+AK8siUtP70H+/NqPMF1hU4Id/IsXtytYKat9WFJdEs=
-----END CERTIFICATE-----