Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          PE3R6h1112V4JpnVQGgDdiB2eRU+uZI6Tn0E3Wr3Vh4=
Subject key identifier:   BC:FA:CE:1C:6F:48:BC:85:58:CB:B3:7D:E8:23:0E:64:CB:52:23:23
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       39C46CC21F9A611B1375069A599AEE3CE04857F0
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa
Signing time:             Thu 01 May 2025 00:00:12 +0000
ROA not before:           Wed 30 Apr 2025 23:55:12 +0000
ROA not after:            Thu 30 Apr 2026 00:00:12 +0000
asID:                     21859
IP address blocks:        141.11.48.0/24 maxlen: 24
                          194.60.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 21:31:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:c4:6c:c2:1f:9a:61:1b:13:75:06:9a:59:9a:ee:3c:e0:48:57:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 30 23:55:12 2025 GMT
            Not After : Apr 30 00:00:12 2026 GMT
        Subject: CN=BCFACE1C6F48BC8558CBB37DE8230E64CB522323
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:00:e5:d7:47:f6:df:1f:a8:62:e3:45:55:f1:
                    60:3d:02:20:71:9e:24:02:6c:d4:26:d9:c2:e7:09:
                    c7:71:ef:3d:b0:4b:aa:69:5d:83:75:16:ad:ca:f4:
                    4a:f8:3c:01:74:e1:0d:f9:a5:60:b4:72:6c:10:17:
                    db:0e:05:9f:8c:22:a3:08:f4:c7:17:87:c9:1e:cd:
                    35:1a:e8:2a:87:10:c0:c7:54:37:e7:84:a8:8b:db:
                    79:e0:a3:1a:a4:b5:18:dc:d2:1e:89:d8:df:7a:eb:
                    08:6d:7e:d4:15:c1:62:30:bb:6e:d2:75:1d:56:3f:
                    8b:22:8e:7f:98:eb:01:9d:27:60:8b:68:fd:c2:4b:
                    78:c8:c0:70:7b:f1:42:ef:72:d6:c4:32:64:79:01:
                    f0:7a:6e:4e:eb:35:45:a2:63:0c:02:62:67:a9:95:
                    0d:af:1c:8b:81:fb:a6:cc:da:46:2d:d7:51:23:25:
                    02:38:74:35:bf:d6:62:08:0f:1f:22:20:f5:59:fe:
                    f9:a3:51:31:b7:6c:a0:2d:4d:66:fa:b2:c9:e2:0b:
                    68:1e:8d:14:e5:6c:36:1b:e3:68:b4:06:3a:8e:2f:
                    ed:16:67:44:d0:6a:d7:6b:4d:4f:02:a1:15:a8:28:
                    1e:b5:85:45:f8:fd:d6:5f:af:a3:26:1a:d0:0f:15:
                    0e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:FA:CE:1C:6F:48:BC:85:58:CB:B3:7D:E8:23:0E:64:CB:52:23:23
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.48.0/24
                  194.60.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:5b:72:3e:41:df:b1:dc:37:be:3f:d7:af:61:26:fb:62:03:
         b4:68:98:c7:b9:f6:bf:c9:42:f9:83:11:83:02:97:e1:c2:7a:
         3e:3b:bc:7b:a2:f5:8f:28:9b:9c:86:a9:7f:1b:0a:b6:89:14:
         15:c9:ea:39:92:87:78:d8:51:6f:24:74:70:51:f3:e0:21:82:
         f9:97:79:0f:ba:d2:bd:22:5d:52:87:99:89:09:d3:b9:94:5e:
         87:f5:1a:a1:ba:64:14:73:19:74:28:e4:ae:67:95:cf:7a:14:
         ba:d8:a1:6a:b2:16:77:7d:2d:e0:d8:0e:ef:d3:08:37:0c:3b:
         2f:71:a2:b4:c4:6a:54:c4:7d:65:a6:55:6a:0b:12:54:aa:8a:
         88:24:5b:44:f8:2f:b2:4b:dd:be:1d:19:dc:4e:fc:80:93:1b:
         59:01:e9:38:2b:9e:da:aa:88:93:82:f6:f4:8d:22:8b:65:fd:
         61:23:31:24:99:97:12:fe:76:28:2e:9f:17:82:f4:63:3f:d6:
         69:f6:0b:47:1d:60:05:57:7b:f0:88:80:2d:40:2b:f4:fa:fc:
         d7:40:0d:e8:21:33:13:5f:1f:31:d5:a6:cd:b1:ba:88:3b:34:
         37:22:6d:1c:e4:bb:db:25:fe:80:ea:73:ba:06:8f:a2:d5:dd:
         39:b0:a4:38
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUOcRswh+aYRsTdQaaWZruPOBIV/AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA0MzAyMzU1MTJaFw0yNjA0MzAwMDAwMTJaMDMxMTAvBgNV
BAMTKEJDRkFDRTFDNkY0OEJDODU1OENCQjM3REU4MjMwRTY0Q0I1MjIzMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmAOXXR/bfH6hi40VV8WA9AiBx
niQCbNQm2cLnCcdx7z2wS6ppXYN1Fq3K9Er4PAF04Q35pWC0cmwQF9sOBZ+MIqMI
9McXh8kezTUa6CqHEMDHVDfnhKiL23ngoxqktRjc0h6J2N966whtftQVwWIwu27S
dR1WP4sijn+Y6wGdJ2CLaP3CS3jIwHB78ULvctbEMmR5AfB6bk7rNUWiYwwCYmep
lQ2vHIuB+6bM2kYt11EjJQI4dDW/1mIIDx8iIPVZ/vmjUTG3bKAtTWb6ssniC2ge
jRTlbDYb42i0BjqOL+0WZ0TQatdrTU8CoRWoKB61hUX4/dZfr6MmGtAPFQ6vAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUvPrOHG9IvIVYy7N96CMOZMtSIyMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNCzAD
BADCPF8wDQYJKoZIhvcNAQELBQADggEBAA9bcj5B37HcN74/169hJvtiA7RomMe5
9r/JQvmDEYMCl+HCej47vHui9Y8om5yGqX8bCraJFBXJ6jmSh3jYUW8kdHBR8+Ah
gvmXeQ+60r0iXVKHmYkJ07mUXof1GqG6ZBRzGXQo5K5nlc96FLrYoWqyFnd9LeDY
Du/TCDcMOy9xorTEalTEfWWmVWoLElSqiogkW0T4L7JL3b4dGdxO/ICTG1kB6Tgr
ntqqiJOC9vSNIotl/WEjMSSZlxL+digunxeC9GM/1mn2C0cdYAVXe/CIgC1AK/T6
/NdADeghMxNfHzHVps2xuog7NDcibRzku9sl/oDqc7oGj6LV3TmwpDg=
-----END CERTIFICATE-----