Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS21840.roa
File:                     AS21840.roa (raw, json)
Hash identifier:          P4SwHqRAhXBVfK267KEufnGWWjRWlOkCrvYgnwp/9HU=
Subject key identifier:   0B:0A:12:B9:03:BB:59:C7:5B:9D:46:FA:82:4E:41:F5:A7:FB:72:E6
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0D380FA2A743E7F5F09FF88975458C01FC5E7247
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS21840.roa
Signing time:             Fri 27 Jun 2025 09:50:14 +0000
ROA not before:           Fri 27 Jun 2025 09:45:14 +0000
ROA not after:            Fri 26 Jun 2026 09:50:14 +0000
asID:                     21840
IP address blocks:        92.112.37.0/24 maxlen: 24
                          178.93.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:38:0f:a2:a7:43:e7:f5:f0:9f:f8:89:75:45:8c:01:fc:5e:72:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 27 09:45:14 2025 GMT
            Not After : Jun 26 09:50:14 2026 GMT
        Subject: CN=0B0A12B903BB59C75B9D46FA824E41F5A7FB72E6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8a:68:9f:ac:2f:43:f1:6b:f9:48:36:b0:33:
                    67:d6:ac:f9:06:76:ec:ef:5a:09:77:9f:83:ac:5d:
                    a4:07:06:ce:20:f4:f0:3c:74:94:c7:93:8c:6a:fb:
                    ac:8f:88:0c:f2:58:1d:05:e4:35:73:2a:08:44:26:
                    94:0f:5d:87:bb:3e:2e:2a:16:ad:63:bd:25:4d:0e:
                    02:d6:81:a2:e8:13:33:24:5c:d5:98:78:4f:62:c3:
                    16:16:fb:06:f5:96:7e:44:a7:79:64:58:22:05:8a:
                    c7:50:41:58:56:54:e7:c6:b4:c5:e2:c8:c1:2e:bd:
                    56:c6:94:7c:2d:65:21:c8:d1:50:87:e1:05:32:1b:
                    a9:1a:97:6e:40:18:62:bc:3b:5b:45:7b:16:62:59:
                    99:61:2a:02:8a:0c:b5:f3:b6:cb:53:a3:84:a5:ea:
                    7d:ba:c9:bd:d9:58:3b:f6:97:78:cd:4e:47:11:38:
                    85:6d:0f:36:d8:27:5f:af:8e:04:97:3d:bc:15:f7:
                    d6:d4:c4:cd:e4:a7:1d:bf:84:5b:b7:aa:3a:c3:58:
                    78:b6:3b:da:e0:6e:03:56:9d:04:30:a5:20:45:f4:
                    cd:8b:fb:76:3b:dd:ac:f3:6b:93:05:75:e5:0d:14:
                    00:25:25:b8:c1:51:2a:63:1e:33:b5:7a:dc:cd:45:
                    06:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:0A:12:B9:03:BB:59:C7:5B:9D:46:FA:82:4E:41:F5:A7:FB:72:E6
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS21840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.112.37.0/24
                  178.93.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:6a:11:bd:ad:eb:44:a7:85:59:1a:d0:70:ca:75:a2:b0:05:
         db:09:26:0c:9a:6a:ce:4d:61:9a:76:d3:16:75:08:dd:96:f0:
         3d:5b:93:9e:1f:26:e6:d6:de:1f:14:16:38:8d:6b:f5:e3:5a:
         10:0e:d5:42:f0:61:da:5d:96:2b:0f:cf:c5:11:02:24:56:8a:
         5f:ab:51:b5:44:9e:f8:1f:1c:4c:de:6e:39:f7:6e:14:7b:68:
         ae:15:f2:4a:40:7a:bf:93:be:72:2a:33:ab:28:3a:88:1a:27:
         dd:14:47:7a:0e:21:a9:95:cb:18:e5:05:81:80:8a:e7:86:a0:
         6e:1a:00:a8:53:93:a2:2d:9e:30:28:37:75:1b:ac:1e:4a:d8:
         9a:c5:ee:84:ce:46:3a:d4:80:04:5d:b6:fe:e5:70:ea:ae:b5:
         32:43:ea:1b:66:7e:68:b5:ee:1c:4f:7a:fc:ab:ae:27:2b:d9:
         c2:55:a1:cc:3d:0d:71:00:da:53:c5:26:2b:d9:ba:b7:89:2f:
         db:f3:71:9a:c9:7d:e6:5b:71:e0:5b:6e:b1:80:34:b9:9d:c5:
         ce:56:34:43:6f:67:0a:87:2e:b0:3b:f1:b2:53:27:87:3c:dc:
         cd:ad:0c:57:34:e5:af:e9:9a:4e:5f:1b:ab:f9:da:b9:90:d6:
         22:64:54:c2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUDTgPoqdD5/Xwn/iJdUWMAfxeckcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MjcwOTQ1MTRaFw0yNjA2MjYwOTUwMTRaMDMxMTAvBgNV
BAMTKDBCMEExMkI5MDNCQjU5Qzc1QjlENDZGQTgyNEU0MUY1QTdGQjcyRTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfimifrC9D8Wv5SDawM2fWrPkG
duzvWgl3n4OsXaQHBs4g9PA8dJTHk4xq+6yPiAzyWB0F5DVzKghEJpQPXYe7Pi4q
Fq1jvSVNDgLWgaLoEzMkXNWYeE9iwxYW+wb1ln5Ep3lkWCIFisdQQVhWVOfGtMXi
yMEuvVbGlHwtZSHI0VCH4QUyG6kal25AGGK8O1tFexZiWZlhKgKKDLXztstTo4Sl
6n26yb3ZWDv2l3jNTkcROIVtDzbYJ1+vjgSXPbwV99bUxM3kpx2/hFu3qjrDWHi2
O9rgbgNWnQQwpSBF9M2L+3Y73azza5MFdeUNFAAlJbjBUSpjHjO1etzNRQapAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUCwoSuQO7WcdbnUb6gk5B9af7cuYwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABccCUD
BACyXVowDQYJKoZIhvcNAQELBQADggEBAKFqEb2t60SnhVka0HDKdaKwBdsJJgya
as5NYZp20xZ1CN2W8D1bk54fJubW3h8UFjiNa/XjWhAO1ULwYdpdlisPz8URAiRW
il+rUbVEnvgfHEzebjn3bhR7aK4V8kpAer+TvnIqM6soOogaJ90UR3oOIamVyxjl
BYGAiueGoG4aAKhTk6ItnjAoN3UbrB5K2JrF7oTORjrUgARdtv7lcOqutTJD6htm
fmi17hxPevyrricr2cJVocw9DXEA2lPFJivZureJL9vzcZrJfeZbceBbbrGANLmd
xc5WNENvZwqHLrA78bJTJ4c83M2tDFc05a/pmk5fG6v52rmQ1iJkVMI=
-----END CERTIFICATE-----