Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          FzRtQ3AL07kg3M9gcVbyrtDJ45pwlcOYKOEsWMZxsbI=
Subject key identifier:   A4:29:E4:4B:72:30:73:8D:75:F7:1D:D2:0C:B4:D1:BA:55:E6:01:ED
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       68EFFA3EFBD294AE075A3A91E22CDD5C1B9C3B18
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS21859.roa
Signing time:             Sat 31 May 2025 21:05:54 +0000
ROA not before:           Sat 31 May 2025 21:00:54 +0000
ROA not after:            Sat 30 May 2026 21:05:54 +0000
asID:                     21859
IP address blocks:        5.252.82.0/24 maxlen: 24
                          179.61.155.0/24 maxlen: 24
                          181.215.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:ef:fa:3e:fb:d2:94:ae:07:5a:3a:91:e2:2c:dd:5c:1b:9c:3b:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 31 21:00:54 2025 GMT
            Not After : May 30 21:05:54 2026 GMT
        Subject: CN=A429E44B7230738D75F71DD20CB4D1BA55E601ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:a7:d5:b3:9b:5e:71:25:ce:1c:b0:40:1b:b0:
                    ff:eb:ae:e1:91:6d:d1:61:69:82:56:2e:9c:de:fd:
                    d5:cd:99:4b:42:71:e4:00:7f:de:44:38:d4:f1:f3:
                    9a:db:b2:dc:b0:b2:ed:de:2f:17:79:75:c4:c9:db:
                    19:02:a4:f1:a3:b4:2d:44:a4:92:c9:a2:24:09:2c:
                    ae:ac:e3:5f:65:c1:f0:fe:fe:79:62:5a:39:d8:2c:
                    1f:b0:e7:8a:63:08:b0:16:ff:46:a6:e7:4e:4b:35:
                    11:5c:7b:2a:79:01:11:d3:b7:bc:1b:fa:5a:7a:9d:
                    a3:b7:9a:bc:fe:ee:20:fb:86:30:53:35:03:ca:fb:
                    7b:e6:b5:e4:90:69:f4:d8:08:65:a4:8f:6d:f2:94:
                    0f:56:2f:e0:ec:72:10:93:62:9b:c8:58:ff:ee:81:
                    dc:4f:b9:9f:2c:1f:2a:42:9e:68:88:2f:84:fa:92:
                    64:df:c2:76:9f:50:31:12:75:81:3c:cc:98:cd:d3:
                    47:4e:69:11:0b:49:09:10:b6:b6:c4:01:76:09:53:
                    54:b3:eb:22:02:77:d3:a3:00:88:75:bd:06:8d:df:
                    89:7b:07:74:d0:29:ae:85:24:46:08:57:f9:53:69:
                    bf:da:40:30:41:26:91:76:21:e6:df:f5:f7:ca:2d:
                    88:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:29:E4:4B:72:30:73:8D:75:F7:1D:D2:0C:B4:D1:BA:55:E6:01:ED
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.82.0/24
                  179.61.155.0/24
                  181.215.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:47:9c:b0:81:6d:ea:84:eb:1c:fb:63:ed:b3:ac:c8:29:ab:
         ae:5c:83:01:7c:52:76:f4:c5:f9:ae:99:da:59:dd:7f:98:21:
         82:4f:30:c6:5c:b1:64:e0:45:a3:76:3c:6d:9a:20:e5:17:f1:
         d1:06:c4:e9:cd:11:ec:54:3b:1e:6e:db:b2:91:84:62:9d:a4:
         d5:de:f4:80:ad:73:22:9b:13:04:0e:b4:08:0d:2b:70:37:ea:
         41:da:bf:95:ea:3f:c3:c6:76:6b:9d:53:73:71:56:87:fe:71:
         be:fe:df:23:cb:a9:b2:c8:78:e6:8c:03:59:6c:28:bd:0c:09:
         73:6f:10:23:5d:20:c0:0e:67:32:29:d9:8f:f8:59:75:30:17:
         90:25:2f:bd:52:15:fb:ff:76:dd:fc:14:64:1e:5e:21:72:a2:
         20:8c:e9:54:1d:30:69:a3:6d:4b:b2:18:90:6a:7d:e4:1a:a7:
         fb:78:33:0b:a7:3d:fb:dc:c4:a9:9c:f4:84:c2:33:5f:c0:78:
         42:01:d4:1f:9b:dc:3c:39:a7:43:8e:d9:d4:ce:9f:dc:e8:a4:
         33:da:6d:d7:78:cb:97:ad:1d:79:0b:31:23:6d:0d:45:b0:0a:
         b9:ff:34:01:93:fd:7c:2b:5d:b0:ef:90:7a:43:6a:ed:47:e3:
         cd:20:74:78
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUaO/6PvvSlK4HWjqR4izdXBucOxgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MzEyMTAwNTRaFw0yNjA1MzAyMTA1NTRaMDMxMTAvBgNV
BAMTKEE0MjlFNDRCNzIzMDczOEQ3NUY3MUREMjBDQjREMUJBNTVFNjAxRUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWp9Wzm15xJc4csEAbsP/rruGR
bdFhaYJWLpze/dXNmUtCceQAf95EONTx85rbstywsu3eLxd5dcTJ2xkCpPGjtC1E
pJLJoiQJLK6s419lwfD+/nliWjnYLB+w54pjCLAW/0am505LNRFceyp5ARHTt7wb
+lp6naO3mrz+7iD7hjBTNQPK+3vmteSQafTYCGWkj23ylA9WL+DschCTYpvIWP/u
gdxPuZ8sHypCnmiIL4T6kmTfwnafUDESdYE8zJjN00dOaRELSQkQtrbEAXYJU1Sz
6yICd9OjAIh1vQaN34l7B3TQKa6FJEYIV/lTab/aQDBBJpF2Iebf9ffKLYiFAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUpCnkS3Iwc4119x3SDLTRulXmAe0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAAF/FID
BACzPZsDBAC1180wDQYJKoZIhvcNAQELBQADggEBABZHnLCBbeqE6xz7Y+2zrMgp
q65cgwF8Unb0xfmumdpZ3X+YIYJPMMZcsWTgRaN2PG2aIOUX8dEGxOnNEexUOx5u
27KRhGKdpNXe9ICtcyKbEwQOtAgNK3A36kHav5XqP8PGdmudU3NxVof+cb7+3yPL
qbLIeOaMA1lsKL0MCXNvECNdIMAOZzIp2Y/4WXUwF5AlL71SFfv/dt38FGQeXiFy
oiCM6VQdMGmjbUuyGJBqfeQap/t4MwunPfvcxKmc9ITCM1/AeEIB1B+b3Dw5p0OO
2dTOn9zopDPabdd4y5etHXkLMSNtDUWwCrn/NAGT/XwrXbDvkHpDau1H480gdHg=
-----END CERTIFICATE-----