Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          CtYHG883mJdQchH/uv1++UVhDC4vyeruD1G6PCIwqcw=
Subject key identifier:   DD:08:6D:65:AF:19:69:28:EA:03:C1:9C:A3:9E:06:C2:29:EC:37:AC
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1E48962F9E08143250D2457527D808A2F7033333
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS21859.roa
Signing time:             Mon 20 Jan 2025 00:02:44 +0000
ROA not before:           Sun 19 Jan 2025 23:57:44 +0000
ROA not after:            Mon 19 Jan 2026 00:02:44 +0000
asID:                     21859
IP address blocks:        181.215.205.0/24 maxlen: 24
                          191.101.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:48:96:2f:9e:08:14:32:50:d2:45:75:27:d8:08:a2:f7:03:33:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 19 23:57:44 2025 GMT
            Not After : Jan 19 00:02:44 2026 GMT
        Subject: CN=DD086D65AF196928EA03C19CA39E06C229EC37AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:45:47:be:24:f6:8e:e0:8b:14:90:d5:7c:f3:
                    10:4e:33:e5:52:1c:01:ab:a1:cb:99:3b:1d:7c:5c:
                    d3:d7:56:e3:a1:b5:37:14:61:76:33:52:1f:ae:98:
                    71:bd:5a:83:f7:10:9c:a7:3d:2d:85:e4:4e:a2:6b:
                    9a:d9:84:69:4f:18:66:c8:f0:47:81:7c:6a:c3:bc:
                    1d:8b:1d:a5:eb:92:39:d6:ef:00:9b:26:09:c5:cc:
                    12:fd:68:46:31:36:ed:7d:2b:41:53:cf:9a:06:18:
                    8e:53:ed:41:fb:3c:68:3c:bb:be:fd:e1:63:a6:53:
                    ad:33:51:42:14:9f:8c:9a:d7:3b:fe:e5:85:97:fa:
                    36:c5:65:5d:7d:5b:70:06:7f:e2:88:b3:b4:7c:51:
                    37:ca:80:da:38:65:62:33:a3:7c:ff:8d:3e:e8:80:
                    cf:98:85:99:7a:7d:fd:fa:e9:8d:c3:a4:bf:40:44:
                    49:d1:eb:d4:32:45:03:23:e7:80:f7:f1:6a:32:28:
                    4f:ae:4a:cf:da:de:96:48:c2:95:2c:ac:e5:7f:5c:
                    04:51:1d:11:d9:a9:87:11:3e:4a:d8:e7:de:c4:09:
                    f8:37:4e:0a:06:98:ee:a1:42:48:27:de:9c:c3:28:
                    da:82:5d:dc:93:27:66:d5:c5:9a:51:38:51:74:ce:
                    5f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:08:6D:65:AF:19:69:28:EA:03:C1:9C:A3:9E:06:C2:29:EC:37:AC
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.205.0/24
                  191.101.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:8b:3b:43:32:be:29:9a:1e:10:5b:6f:37:c4:2e:37:9d:a5:
         c3:cf:8d:d6:e0:5e:03:54:c0:1f:bc:d5:01:5e:0c:84:ae:d2:
         6b:79:14:16:82:e5:6c:97:d2:7e:0a:dd:64:20:81:c9:55:8e:
         99:61:f9:14:f4:be:06:b4:ca:e8:a6:83:dd:6d:ed:57:ca:b3:
         3c:10:4b:2e:4d:9c:22:00:2a:52:2f:46:98:2f:0a:a4:60:0f:
         e3:b9:cf:d4:a2:ea:16:7a:bb:d1:79:77:d0:75:24:cb:6b:ab:
         9d:ec:c9:9a:df:2a:3a:da:09:83:7d:48:12:34:33:12:ac:02:
         b0:e0:91:23:91:a6:92:ef:c4:5c:69:27:19:66:78:5f:80:87:
         73:d9:10:85:43:56:7b:c2:05:2c:18:35:6d:c9:e9:9a:1a:da:
         3a:4c:dd:38:00:31:bb:8b:74:03:b7:70:fc:64:6b:e0:fc:e1:
         ad:85:02:66:b0:4a:32:1a:48:66:99:7c:c8:85:2f:04:c1:e8:
         55:5f:bf:cd:47:fe:bc:5e:cc:9d:fc:d7:85:ab:8f:6f:b3:ab:
         c0:cc:6b:5a:f1:82:70:63:c8:33:09:42:08:09:23:8c:ee:08:
         2b:04:6a:e2:17:32:2c:26:f7:ab:74:cf:4c:ad:06:b2:79:c4:
         2e:bc:c3:e7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUHkiWL54IFDJQ0kV1J9gIovcDMzMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMTkyMzU3NDRaFw0yNjAxMTkwMDAyNDRaMDMxMTAvBgNV
BAMTKEREMDg2RDY1QUYxOTY5MjhFQTAzQzE5Q0EzOUUwNkMyMjlFQzM3QUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1RUe+JPaO4IsUkNV88xBOM+VS
HAGrocuZOx18XNPXVuOhtTcUYXYzUh+umHG9WoP3EJynPS2F5E6ia5rZhGlPGGbI
8EeBfGrDvB2LHaXrkjnW7wCbJgnFzBL9aEYxNu19K0FTz5oGGI5T7UH7PGg8u779
4WOmU60zUUIUn4ya1zv+5YWX+jbFZV19W3AGf+KIs7R8UTfKgNo4ZWIzo3z/jT7o
gM+YhZl6ff366Y3DpL9AREnR69QyRQMj54D38WoyKE+uSs/a3pZIwpUsrOV/XARR
HRHZqYcRPkrY597ECfg3TgoGmO6hQkgn3pzDKNqCXdyTJ2bVxZpROFF0zl/lAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU3QhtZa8ZaSjqA8Gco54GwinsN6wwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC1180D
BAC/Zb0wDQYJKoZIhvcNAQELBQADggEBAHGLO0MyvimaHhBbbzfELjedpcPPjdbg
XgNUwB+81QFeDISu0mt5FBaC5WyX0n4K3WQggclVjplh+RT0vga0yuimg91t7VfK
szwQSy5NnCIAKlIvRpgvCqRgD+O5z9Si6hZ6u9F5d9B1JMtrq53syZrfKjraCYN9
SBI0MxKsArDgkSORppLvxFxpJxlmeF+Ah3PZEIVDVnvCBSwYNW3J6Zoa2jpM3TgA
MbuLdAO3cPxka+D84a2FAmawSjIaSGaZfMiFLwTB6FVfv81H/rxezJ3814Wrj2+z
q8DMa1rxgnBjyDMJQggJI4zuCCsEauIXMiwm96t0z0ytBrJ5xC68w+c=
-----END CERTIFICATE-----