Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          9jFtDg7G1yVWfx177udYfBtTDKUEtXJ7KvVwDsjMbt8=
Subject key identifier:   6E:93:49:95:63:4B:6C:E4:80:17:D2:AF:41:7C:2C:0F:FD:C2:0A:00
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       34A2A47AD2282575F25B04E75CDFC02E5CF64F95
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS21859.roa
Signing time:             Thu 04 Jun 2026 07:42:55 +0000
ROA not before:           Thu 04 Jun 2026 07:37:55 +0000
ROA not after:            Thu 03 Jun 2027 07:42:55 +0000
asID:                     21859
IP address blocks:        51.194.215.0/24 maxlen: 24
                          51.241.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Jun 2026 05:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:a2:a4:7a:d2:28:25:75:f2:5b:04:e7:5c:df:c0:2e:5c:f6:4f:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  4 07:37:55 2026 GMT
            Not After : Jun  3 07:42:55 2027 GMT
        Subject: CN=6E934995634B6CE48017D2AF417C2C0FFDC20A00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ec:3d:0c:2a:fa:43:8e:20:f6:62:bc:d6:90:
                    81:fc:dd:d0:5a:51:d1:90:da:eb:83:65:2f:67:52:
                    5b:a0:37:ab:fe:f0:e3:fb:67:10:03:4c:1b:96:bc:
                    c2:03:b1:d2:b7:24:77:9a:b1:31:b1:3c:53:d4:ce:
                    a7:2e:87:a8:37:24:06:c2:27:bf:fe:f1:9d:f0:ef:
                    26:69:3d:e7:13:3b:e9:bc:4c:68:33:c9:59:c2:ee:
                    70:ba:69:c6:e9:d0:e4:74:ac:6e:7a:06:c5:27:09:
                    1b:17:f8:12:ba:89:27:3f:40:9c:6e:1f:68:55:de:
                    6d:23:8f:bc:ca:78:21:0b:26:06:03:55:83:c0:48:
                    2b:89:85:78:bb:60:14:e6:22:d2:ef:1d:a6:4e:10:
                    a0:f5:d2:35:75:a1:1e:6a:21:5b:82:bc:75:ab:e9:
                    0d:aa:29:f1:f7:d6:33:d5:de:03:ca:0b:b1:b3:41:
                    1e:2e:73:14:29:25:b7:26:5f:24:39:1e:f8:2d:57:
                    5d:43:8f:a6:62:59:b2:15:06:ab:02:45:f9:1c:17:
                    d5:fc:90:8f:a9:79:8b:ea:34:b8:51:91:ac:e4:c7:
                    10:99:6c:eb:c6:0b:a8:9f:73:a9:fa:bc:7d:a0:f4:
                    46:c9:cf:b0:be:5e:76:81:04:e7:96:51:e4:ba:eb:
                    aa:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:93:49:95:63:4B:6C:E4:80:17:D2:AF:41:7C:2C:0F:FD:C2:0A:00
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.215.0/24
                  51.241.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:32:d9:1b:94:2b:0b:9d:b7:a3:b8:0c:c5:80:68:50:6a:97:
         2a:53:26:33:5b:81:84:01:da:c2:b4:3f:22:62:24:f2:2e:75:
         75:01:16:01:aa:73:38:0d:e9:f2:8a:67:13:5b:77:09:55:f9:
         4b:a1:d8:ee:39:bc:d7:05:b8:8c:e8:5c:19:ee:b6:95:29:bc:
         f1:1f:3e:88:56:6e:bc:8f:b0:55:b6:01:e7:f2:47:67:1e:c3:
         31:52:26:94:46:4f:0e:f4:81:ea:da:38:b2:c8:74:84:07:84:
         d6:ea:df:50:b5:93:32:70:af:72:df:c4:82:17:f9:da:4a:6e:
         26:19:d4:f6:62:45:f1:0d:ce:3a:e8:20:bf:28:d1:f8:54:7f:
         35:dd:05:6c:13:3a:66:9f:7d:a5:ba:ef:d5:18:6b:28:53:7b:
         b4:0b:e0:5a:a6:d2:ce:bd:d3:96:48:36:3c:fd:cc:a5:3a:65:
         eb:3d:b3:af:d3:d6:c6:06:e2:77:72:91:ff:f4:50:0a:25:1d:
         99:df:68:bc:eb:97:55:a8:9e:99:8d:4c:d3:d5:ac:2e:d2:6f:
         9a:97:80:6a:b7:d4:34:fa:ee:98:99:15:a5:5d:2b:c5:af:46:
         39:a2:e5:04:ae:e4:62:24:54:05:5a:c3:0d:65:7c:61:18:03:
         43:16:ac:5e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUNKKketIoJXXyWwTnXN/ALlz2T5UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDQwNzM3NTVaFw0yNzA2MDMwNzQyNTVaMDMxMTAvBgNV
BAMTKDZFOTM0OTk1NjM0QjZDRTQ4MDE3RDJBRjQxN0MyQzBGRkRDMjBBMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP7D0MKvpDjiD2YrzWkIH83dBa
UdGQ2uuDZS9nUlugN6v+8OP7ZxADTBuWvMIDsdK3JHeasTGxPFPUzqcuh6g3JAbC
J7/+8Z3w7yZpPecTO+m8TGgzyVnC7nC6acbp0OR0rG56BsUnCRsX+BK6iSc/QJxu
H2hV3m0jj7zKeCELJgYDVYPASCuJhXi7YBTmItLvHaZOEKD10jV1oR5qIVuCvHWr
6Q2qKfH31jPV3gPKC7GzQR4ucxQpJbcmXyQ5HvgtV11Dj6ZiWbIVBqsCRfkcF9X8
kI+peYvqNLhRkazkxxCZbOvGC6ifc6n6vH2g9EbJz7C+XnaBBOeWUeS666otAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUbpNJlWNLbOSAF9KvQXwsD/3CCgAwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAzwtcD
BAAz8X8wDQYJKoZIhvcNAQELBQADggEBABoy2RuUKwudt6O4DMWAaFBqlypTJjNb
gYQB2sK0PyJiJPIudXUBFgGqczgN6fKKZxNbdwlV+Uuh2O45vNcFuIzoXBnutpUp
vPEfPohWbryPsFW2AefyR2cewzFSJpRGTw70geraOLLIdIQHhNbq31C1kzJwr3Lf
xIIX+dpKbiYZ1PZiRfENzjroIL8o0fhUfzXdBWwTOmaffaW679UYayhTe7QL4Fqm
0s6905ZINjz9zKU6Zes9s6/T1sYG4ndykf/0UAolHZnfaLzrl1WonpmNTNPVrC7S
b5qXgGq31DT67piZFaVdK8WvRjmi5QSu5GIkVAVaww1lfGEYA0MWrF4=
-----END CERTIFICATE-----