Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          Wmb+1MQw1libDHrdezgqqyTw3U3LNoYvjWu5MPbIr/w=
Subject key identifier:   F8:11:7A:FB:8C:29:4B:BC:7D:70:ED:46:33:A5:AB:11:D5:20:12:38
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       5D4CCF5451E479B629628C8AF505AB4EE81C8348
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa
Signing time:             Fri 25 Oct 2024 00:01:58 +0000
ROA not before:           Thu 24 Oct 2024 23:56:58 +0000
ROA not after:            Fri 24 Oct 2025 00:01:58 +0000
asID:                     21859
IP address blocks:        141.11.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:4c:cf:54:51:e4:79:b6:29:62:8c:8a:f5:05:ab:4e:e8:1c:83:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 24 23:56:58 2024 GMT
            Not After : Oct 24 00:01:58 2025 GMT
        Subject: CN=F8117AFB8C294BBC7D70ED4633A5AB11D5201238
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:12:14:8a:ef:85:f7:36:df:74:60:d0:00:da:
                    87:25:33:28:9b:77:7f:95:c3:a5:4e:cb:b2:70:dc:
                    d5:b1:e8:42:1f:ad:c3:04:69:f4:1e:43:2b:f6:11:
                    2f:8d:1c:6b:78:25:b2:dc:5e:f6:08:1b:0f:4a:a1:
                    92:b4:f8:f1:95:60:8b:3d:8e:a6:5f:10:2f:0e:2f:
                    2f:45:19:c8:fe:55:6a:96:be:67:dc:7d:b6:a1:0e:
                    c8:55:0d:69:e2:15:31:16:c8:00:c8:21:31:26:af:
                    db:bb:94:91:33:eb:dc:7e:b3:15:2a:fc:b7:f6:56:
                    68:c6:6f:aa:f6:57:9c:a6:cd:c1:c0:7d:68:51:5d:
                    69:7f:10:b2:e7:3e:da:ea:39:e6:40:ea:ca:9c:3b:
                    b0:78:d2:f8:82:9a:61:7b:4b:8b:11:7c:46:ab:41:
                    64:6d:17:b9:6e:8a:e8:93:a7:1d:ea:95:04:16:58:
                    37:a3:df:3b:0d:cc:14:9e:c1:bf:c3:31:0d:ff:9f:
                    41:7b:18:08:fb:c7:5c:45:12:58:88:27:3c:d9:2e:
                    4c:e4:26:10:ed:a4:90:27:9f:19:d7:52:d7:8e:2b:
                    31:8d:3d:5c:6b:a0:21:18:0b:1f:10:45:61:ac:f5:
                    f5:29:19:99:c3:0b:b2:d5:e8:72:f0:59:36:c1:51:
                    22:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:11:7A:FB:8C:29:4B:BC:7D:70:ED:46:33:A5:AB:11:D5:20:12:38
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:4b:77:91:c9:8e:4b:61:a6:29:fb:03:63:02:2a:0b:f1:7c:
         df:cc:71:79:68:cb:5e:82:99:d3:43:45:ac:19:30:8f:b1:8c:
         74:f6:57:18:d2:cc:7b:1b:63:42:65:ef:1d:34:3b:cb:b2:e3:
         1d:f3:43:3d:b2:a6:ec:97:03:4b:28:6a:42:c8:c5:af:3d:3f:
         75:89:3d:16:52:71:43:ec:a3:a8:c0:81:86:45:da:b6:89:09:
         8f:1c:3f:03:38:4a:d3:ad:b8:3e:f1:0a:3d:60:31:22:ac:42:
         68:d5:19:59:c6:28:87:04:fa:28:b1:ec:f0:f5:14:7b:bf:28:
         50:62:61:e2:b9:b9:a7:be:50:ea:29:97:1b:a6:cc:b2:fa:3b:
         0b:6d:50:58:48:ee:aa:3a:7a:21:27:ed:6f:ba:96:89:2e:eb:
         c1:2e:21:61:f7:2c:f9:bd:33:a5:b4:8f:f3:29:2d:99:72:a2:
         26:77:de:b7:d9:16:7a:f3:52:18:1d:e7:6a:ea:07:de:13:a8:
         b9:22:f0:ec:df:44:7b:2c:e3:df:d6:52:a0:59:37:47:03:7b:
         1f:05:1a:d2:ba:8d:26:5d:b8:89:d3:a5:1c:30:53:88:b5:8b:
         d1:61:ee:fc:7f:d7:c0:b5:bc:ad:f2:33:3f:b0:36:4d:5a:e5:
         e9:28:7c:62
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUXUzPVFHkebYpYoyK9QWrTugcg0gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjQyMzU2NThaFw0yNTEwMjQwMDAxNThaMDMxMTAvBgNV
BAMTKEY4MTE3QUZCOEMyOTRCQkM3RDcwRUQ0NjMzQTVBQjExRDUyMDEyMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQEhSK74X3Nt90YNAA2oclMyib
d3+Vw6VOy7Jw3NWx6EIfrcMEafQeQyv2ES+NHGt4JbLcXvYIGw9KoZK0+PGVYIs9
jqZfEC8OLy9FGcj+VWqWvmfcfbahDshVDWniFTEWyADIITEmr9u7lJEz69x+sxUq
/Lf2VmjGb6r2V5ymzcHAfWhRXWl/ELLnPtrqOeZA6sqcO7B40viCmmF7S4sRfEar
QWRtF7luiuiTpx3qlQQWWDej3zsNzBSewb/DMQ3/n0F7GAj7x1xFEliIJzzZLkzk
JhDtpJAnnxnXUteOKzGNPVxroCEYCx8QRWGs9fUpGZnDC7LV6HLwWTbBUSK5AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+BF6+4wpS7x9cO1GM6WrEdUgEjgwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCzAw
DQYJKoZIhvcNAQELBQADggEBADlLd5HJjkthpin7A2MCKgvxfN/McXloy16CmdND
RawZMI+xjHT2VxjSzHsbY0Jl7x00O8uy4x3zQz2ypuyXA0soakLIxa89P3WJPRZS
cUPso6jAgYZF2raJCY8cPwM4StOtuD7xCj1gMSKsQmjVGVnGKIcE+iix7PD1FHu/
KFBiYeK5uae+UOoplxumzLL6OwttUFhI7qo6eiEn7W+6loku68EuIWH3LPm9M6W0
j/MpLZlyoiZ33rfZFnrzUhgd52rqB94TqLki8OzfRHss49/WUqBZN0cDex8FGtK6
jSZduInTpRwwU4i1i9Fh7vx/18C1vK3yMz+wNk1a5ekofGI=
-----END CERTIFICATE-----