Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS21840.roa
File:                     AS21840.roa (raw, json)
Hash identifier:          sm283FdUZVSS0Bu+ctlY6bDaO1Rj4pqPUu8taC5eTtQ=
Subject key identifier:   CF:48:3D:C5:B9:1B:23:1A:21:ED:9B:D8:7A:4D:02:12:BF:C0:E0:1A
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5FA15E5E1AC7AC8FAAE12A19D6526E09A6646E07
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS21840.roa
Signing time:             Fri 06 Jun 2025 07:10:20 +0000
ROA not before:           Fri 06 Jun 2025 07:05:20 +0000
ROA not after:            Fri 05 Jun 2026 07:10:20 +0000
asID:                     21840
IP address blocks:        143.20.93.0/24 maxlen: 24
                          143.20.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:a1:5e:5e:1a:c7:ac:8f:aa:e1:2a:19:d6:52:6e:09:a6:64:6e:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  6 07:05:20 2025 GMT
            Not After : Jun  5 07:10:20 2026 GMT
        Subject: CN=CF483DC5B91B231A21ED9BD87A4D0212BFC0E01A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:33:10:a9:71:7b:08:ef:90:ae:ba:0a:f9:d0:
                    ad:d2:04:70:e2:bb:50:61:0e:3c:ac:16:7f:27:7e:
                    3e:b4:80:9a:11:52:c6:e2:e3:b9:16:3a:61:b4:ec:
                    83:ff:f0:8f:8a:e6:f5:32:d6:41:cd:92:ba:ad:eb:
                    2d:96:f3:c2:bc:7a:54:0a:61:4b:95:65:66:c2:3b:
                    cb:46:c9:fd:40:c8:04:fb:c9:53:93:23:a0:42:92:
                    72:5b:c1:4e:ef:97:51:36:c6:95:34:17:a6:48:42:
                    d8:da:27:6f:32:d4:ea:f1:1e:df:3c:29:b2:34:2a:
                    96:95:60:1a:b9:ba:b5:71:5a:99:9e:f4:ab:3e:1d:
                    cf:ad:11:e7:b9:dd:c5:e2:c2:1a:6b:fc:38:8d:7a:
                    d4:ed:b3:f6:a2:b5:c4:ad:2b:52:72:9e:b5:57:77:
                    05:f6:1c:30:d2:b0:8f:40:bf:c0:01:08:84:31:53:
                    97:11:9a:e9:d8:58:90:33:dd:10:e9:b3:70:23:93:
                    23:e6:1e:e1:8b:cb:de:04:52:2a:de:93:2d:5e:d1:
                    b3:18:c0:3d:67:fd:ee:13:17:04:28:47:39:07:6f:
                    ac:5d:f8:a6:bc:61:18:97:ef:67:c5:a7:a6:d0:58:
                    2b:3d:2d:20:5d:6c:70:2f:3c:39:71:5b:4a:db:28:
                    74:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:48:3D:C5:B9:1B:23:1A:21:ED:9B:D8:7A:4D:02:12:BF:C0:E0:1A
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS21840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.93.0/24
                  143.20.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:0d:2a:77:18:b5:fd:d3:57:f2:29:49:fd:d0:d5:b4:8d:52:
         43:5e:37:2b:17:26:96:4d:85:ab:b4:4e:75:46:a7:fc:ee:e2:
         7b:a2:cc:1c:38:14:4c:76:6d:4c:f1:1a:cb:c0:15:03:09:30:
         6b:84:b9:53:d7:79:c1:fa:87:82:09:a7:ad:5b:bf:dc:9f:75:
         5b:9c:81:b4:7e:e1:6d:78:81:9e:a1:6b:bc:61:47:98:2d:03:
         84:a6:09:8d:c6:34:bc:f4:55:14:03:ab:2b:d4:b2:97:21:10:
         55:29:bd:b9:6e:57:df:9b:8c:7c:f5:b7:8d:a2:37:a0:35:8e:
         97:9a:58:db:5c:fe:ec:e8:aa:58:70:eb:a7:aa:ac:af:27:86:
         b0:e9:29:54:ac:01:76:46:4b:b7:31:76:f6:64:1b:6a:c7:6c:
         b0:99:60:76:7f:7a:64:e1:b1:9c:91:0b:76:fc:2f:d8:db:42:
         ff:b9:32:b8:c2:21:c5:a1:e5:90:3a:58:7e:9f:82:f1:cb:38:
         89:59:ed:e6:f8:8c:b8:f6:53:d1:c4:c8:61:02:16:39:21:45:
         76:35:60:e4:f0:05:8e:46:9c:ac:17:3f:c7:4d:f9:37:99:a6:
         8d:25:d4:66:6a:ed:fc:c9:af:b4:ec:8a:57:62:77:92:45:6d:
         08:8b:9c:e2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUX6FeXhrHrI+q4SoZ1lJuCaZkbgcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDYwNzA1MjBaFw0yNjA2MDUwNzEwMjBaMDMxMTAvBgNV
BAMTKENGNDgzREM1QjkxQjIzMUEyMUVEOUJEODdBNEQwMjEyQkZDMEUwMUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeMxCpcXsI75Cuugr50K3SBHDi
u1BhDjysFn8nfj60gJoRUsbi47kWOmG07IP/8I+K5vUy1kHNkrqt6y2W88K8elQK
YUuVZWbCO8tGyf1AyAT7yVOTI6BCknJbwU7vl1E2xpU0F6ZIQtjaJ28y1OrxHt88
KbI0KpaVYBq5urVxWpme9Ks+Hc+tEee53cXiwhpr/DiNetTts/aitcStK1JynrVX
dwX2HDDSsI9Av8ABCIQxU5cRmunYWJAz3RDps3AjkyPmHuGLy94EUireky1e0bMY
wD1n/e4TFwQoRzkHb6xd+Ka8YRiX72fFp6bQWCs9LSBdbHAvPDlxW0rbKHSPAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUz0g9xbkbIxoh7ZvYek0CEr/A4BowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACPFF0D
BACPFHMwDQYJKoZIhvcNAQELBQADggEBAFsNKncYtf3TV/IpSf3Q1bSNUkNeNysX
JpZNhau0TnVGp/zu4nuizBw4FEx2bUzxGsvAFQMJMGuEuVPXecH6h4IJp61bv9yf
dVucgbR+4W14gZ6ha7xhR5gtA4SmCY3GNLz0VRQDqyvUspchEFUpvbluV9+bjHz1
t42iN6A1jpeaWNtc/uzoqlhw66eqrK8nhrDpKVSsAXZGS7cxdvZkG2rHbLCZYHZ/
emThsZyRC3b8L9jbQv+5MrjCIcWh5ZA6WH6fgvHLOIlZ7eb4jLj2U9HEyGECFjkh
RXY1YOTwBY5GnKwXP8dN+TeZpo0l1GZq7fzJr7Tsildid5JFbQiLnOI=
-----END CERTIFICATE-----