Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS21991.roa
File:                     AS21991.roa (raw, json)
Hash identifier:          rKMxrxRUyMSEUkg4+wg04Wcn5nQBiq8qO4tzQDjiLbQ=
Subject key identifier:   49:63:97:56:C3:44:6E:28:F1:55:75:FA:17:CA:FC:04:B0:74:A5:A7
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       2DDF415DB36BEA6CFEED9E4F6AF360E82809DF5A
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS21991.roa
Signing time:             Fri 26 Jun 2026 08:08:44 +0000
ROA not before:           Fri 26 Jun 2026 08:03:44 +0000
ROA not after:            Fri 25 Jun 2027 08:08:44 +0000
asID:                     21991
IP address blocks:        2a0f:85c1::/48 maxlen: 48
                          2a0f:85c1:31::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Jul 2026 14:28:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:df:41:5d:b3:6b:ea:6c:fe:ed:9e:4f:6a:f3:60:e8:28:09:df:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jun 26 08:03:44 2026 GMT
            Not After : Jun 25 08:08:44 2027 GMT
        Subject: CN=49639756C3446E28F15575FA17CAFC04B074A5A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ad:90:7d:9f:b7:05:04:82:dc:27:c2:58:0f:
                    dd:b5:70:ef:4b:ce:48:8b:96:a0:f0:83:df:2e:21:
                    fb:a0:de:75:98:16:6e:af:8c:a3:43:d0:3b:00:d6:
                    af:ce:2d:65:fe:34:58:4f:e0:b0:6b:ed:c2:2e:07:
                    8a:1b:83:b3:cb:76:fd:bc:a1:9c:0a:88:53:46:6a:
                    da:bf:ea:46:e3:de:5d:3f:1c:43:1d:bd:d1:80:04:
                    74:5e:77:e2:57:7f:3a:a5:2c:52:b4:b1:b4:e3:e5:
                    f1:29:a9:ac:60:3b:96:93:93:e7:6f:8d:1a:57:ad:
                    85:3e:ec:1f:8e:01:22:a1:cc:54:f6:58:24:4f:de:
                    b8:13:4e:ae:0d:ff:27:04:1b:11:01:c8:f3:09:09:
                    29:2e:1d:2f:8f:dc:bc:73:19:b2:14:59:85:c5:38:
                    a7:00:e2:59:22:1c:98:bd:e5:37:ed:fd:a5:46:2e:
                    66:4d:4a:b1:92:57:e8:20:33:94:7e:8f:17:cf:64:
                    cb:1a:18:48:a1:5a:36:62:fb:90:1a:0b:6c:6a:de:
                    44:a3:60:c9:44:ff:ea:a6:bf:25:80:d1:d3:97:e9:
                    dd:c2:62:f4:a5:ec:f9:3b:d5:a9:16:5a:da:2c:b8:
                    be:52:c3:f5:83:d1:58:57:b8:71:77:ce:c0:b4:78:
                    a2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:63:97:56:C3:44:6E:28:F1:55:75:FA:17:CA:FC:04:B0:74:A5:A7
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS21991.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1::/48
                  2a0f:85c1:31::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:6f:22:fc:2a:44:49:fc:52:6a:0e:fd:68:9e:7b:36:ce:fe:
         f8:33:68:64:53:62:46:40:a4:42:3b:ec:4e:49:f9:d2:5b:a2:
         68:14:79:8b:b6:8d:4a:8e:70:9e:9b:33:97:07:ca:b9:52:e0:
         29:4a:14:9a:97:2c:5a:24:00:b8:8f:63:7a:83:9a:55:98:b4:
         22:71:2e:a7:e3:ee:ba:49:b8:cb:d3:33:26:f4:8a:7d:50:f5:
         80:55:2d:d9:51:b3:8f:2f:10:4f:cc:14:00:68:8d:41:6f:ba:
         8e:09:49:c7:85:54:86:15:a6:4a:7c:53:1a:bf:71:2d:cb:3a:
         59:2a:7e:ad:5a:c4:5c:fd:fd:c4:5c:40:15:16:c1:9f:b5:8e:
         ba:d5:a7:6e:f4:e5:94:8d:13:5f:60:94:f2:dc:d5:52:d6:19:
         58:c1:7b:7c:32:b7:ad:85:15:20:87:36:4c:da:cc:17:5c:82:
         02:1a:08:76:be:bb:ab:43:70:cc:ba:a9:28:cd:20:09:fa:84:
         a5:26:e4:9c:73:db:8b:41:a7:fa:24:c3:a9:2b:29:59:d9:c0:
         e2:0b:08:1e:cf:74:0b:fc:af:71:4a:56:6a:2a:93:a5:cf:15:
         4c:23:a1:65:7e:be:23:d0:3b:14:2c:59:57:6f:a2:ba:21:fc:
         b3:0b:a0:08
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIULd9BXbNr6mz+7Z5PavNg6CgJ31owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA2MjYwODAzNDRaFw0yNzA2MjUwODA4NDRaMDMxMTAvBgNV
BAMTKDQ5NjM5NzU2QzM0NDZFMjhGMTU1NzVGQTE3Q0FGQzA0QjA3NEE1QTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsrZB9n7cFBILcJ8JYD921cO9L
zkiLlqDwg98uIfug3nWYFm6vjKND0DsA1q/OLWX+NFhP4LBr7cIuB4obg7PLdv28
oZwKiFNGatq/6kbj3l0/HEMdvdGABHRed+JXfzqlLFK0sbTj5fEpqaxgO5aTk+dv
jRpXrYU+7B+OASKhzFT2WCRP3rgTTq4N/ycEGxEByPMJCSkuHS+P3LxzGbIUWYXF
OKcA4lkiHJi95Tft/aVGLmZNSrGSV+ggM5R+jxfPZMsaGEihWjZi+5AaC2xq3kSj
YMlE/+qmvyWA0dOX6d3CYvSl7Pk71akWWtosuL5Sw/WD0VhXuHF3zsC0eKIBAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUSWOXVsNEbijxVXX6F8r8BLB0pacwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE5OTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwAqD4XB
AAADBwAqD4XBADEwDQYJKoZIhvcNAQELBQADggEBAFlvIvwqREn8UmoO/WieezbO
/vgzaGRTYkZApEI77E5J+dJbomgUeYu2jUqOcJ6bM5cHyrlS4ClKFJqXLFokALiP
Y3qDmlWYtCJxLqfj7rpJuMvTMyb0in1Q9YBVLdlRs48vEE/MFABojUFvuo4JSceF
VIYVpkp8Uxq/cS3LOlkqfq1axFz9/cRcQBUWwZ+1jrrVp2705ZSNE19glPLc1VLW
GVjBe3wyt62FFSCHNkzazBdcggIaCHa+u6tDcMy6qSjNIAn6hKUm5Jxz24tBp/ok
w6krKVnZwOILCB7PdAv8r3FKVmoqk6XPFUwjoWV+viPQOxQsWVdvoroh/LMLoAg=
-----END CERTIFICATE-----
Generated at Thu Jul 16 22:45:19 2026 by rpki-client