Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          09tSiolm/leamLm1I0WBwX7niOlwsHvW7/iHs3UdiKs=
Subject key identifier:   37:59:D4:16:3B:21:9C:71:60:86:26:C6:87:8D:9A:98:BC:C8:07:4C
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       7D2FB8FCEFBBEE0E1D8EE0C83FCE261B085E4D3E
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS21859.roa
Signing time:             Thu 25 Apr 2024 00:00:20 +0000
ROA not before:           Wed 24 Apr 2024 23:55:20 +0000
ROA not after:            Thu 24 Apr 2025 00:00:20 +0000
asID:                     21859
IP address blocks:        91.124.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:2f:b8:fc:ef:bb:ee:0e:1d:8e:e0:c8:3f:ce:26:1b:08:5e:4d:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 24 23:55:20 2024 GMT
            Not After : Apr 24 00:00:20 2025 GMT
        Subject: CN=3759D4163B219C71608626C6878D9A98BCC8074C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:03:5c:5a:78:21:07:36:63:05:a6:14:15:89:
                    ed:71:56:16:51:3c:22:c9:61:86:47:c6:82:e2:e5:
                    79:39:3d:23:17:ec:f6:90:d2:91:bd:4b:14:b2:e4:
                    df:df:d5:06:77:9f:ee:ae:5f:59:29:c7:59:e0:63:
                    85:32:38:17:1b:6d:03:15:e5:f6:cf:77:57:1f:1d:
                    8d:f8:8e:98:fd:c1:b7:f7:c0:4d:e2:0d:08:b6:b5:
                    12:d4:24:b1:73:71:e5:51:1d:ac:88:c7:27:f7:02:
                    ed:d0:3c:f8:b4:30:76:35:b3:67:ca:59:a8:c3:6f:
                    64:93:31:af:c3:91:3c:03:58:3a:fd:9c:48:2c:b1:
                    2b:7e:90:c7:46:fa:be:4b:6c:eb:6c:86:6e:7b:ad:
                    5f:48:af:ed:39:af:bd:23:a8:0e:80:cd:67:f8:82:
                    02:5a:fb:f9:8f:d0:4f:0f:54:25:9d:cd:63:f9:00:
                    08:5b:d0:6a:15:f5:4d:ae:35:82:f5:3c:c5:a8:a7:
                    97:41:cc:6a:3f:01:a7:ad:05:2a:94:9c:8b:62:cb:
                    0b:62:15:98:11:a6:4f:4f:35:19:66:47:01:a3:a4:
                    44:f9:bf:7b:1b:2b:93:e2:a4:c7:a7:07:a3:c7:80:
                    92:95:ce:af:81:88:e6:e2:e9:82:49:3f:70:04:b8:
                    ab:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:59:D4:16:3B:21:9C:71:60:86:26:C6:87:8D:9A:98:BC:C8:07:4C
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:31:43:4a:24:a1:86:93:9f:87:76:69:72:13:5b:63:ca:53:
         ad:f1:73:2e:49:23:7b:e8:29:53:19:b8:6d:c0:21:22:2e:58:
         a1:8c:84:34:0f:7d:f7:b8:78:cd:35:7c:54:d5:1d:da:f4:8d:
         48:94:63:c6:34:bf:8d:36:29:a0:a5:68:03:c7:0a:9d:58:45:
         d6:d0:fb:e9:3e:9e:2d:d9:f0:9c:e3:e1:b9:93:f2:95:6a:29:
         4e:85:bb:59:57:b7:43:65:c9:82:6f:9d:9a:0f:3a:b7:94:42:
         ba:a8:ca:c3:72:2c:9f:f4:2f:8e:43:4f:65:5d:51:6c:00:3f:
         c0:58:e7:8e:bf:36:7a:03:6f:5d:1f:39:1b:61:5f:b0:ed:e7:
         39:6d:8c:c1:ca:aa:cb:6b:26:9f:6d:21:80:b2:b1:3f:19:2e:
         c1:8f:22:8f:e3:19:78:7b:80:12:87:e6:83:0d:50:8a:fb:08:
         e4:9b:ec:94:36:84:93:a9:7d:53:e7:05:3c:19:3a:60:a7:b2:
         87:b0:66:72:ad:f5:01:ca:ce:df:c9:47:1f:99:23:68:42:bb:
         3f:ff:22:da:84:1b:56:af:5d:dc:4b:ae:af:dd:b3:65:58:a2:
         d5:b6:1a:a8:32:78:3d:a2:10:79:08:bd:3c:56:d9:73:7a:46:
         85:e6:78:22
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUfS+4/O+77g4djuDIP84mGwheTT4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDA0MjQyMzU1MjBaFw0yNTA0MjQwMDAwMjBaMDMxMTAvBgNV
BAMTKDM3NTlENDE2M0IyMTlDNzE2MDg2MjZDNjg3OEQ5QTk4QkNDODA3NEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwA1xaeCEHNmMFphQVie1xVhZR
PCLJYYZHxoLi5Xk5PSMX7PaQ0pG9SxSy5N/f1QZ3n+6uX1kpx1ngY4UyOBcbbQMV
5fbPd1cfHY34jpj9wbf3wE3iDQi2tRLUJLFzceVRHayIxyf3Au3QPPi0MHY1s2fK
WajDb2STMa/DkTwDWDr9nEgssSt+kMdG+r5LbOtshm57rV9Ir+05r70jqA6AzWf4
ggJa+/mP0E8PVCWdzWP5AAhb0GoV9U2uNYL1PMWop5dBzGo/AaetBSqUnItiywti
FZgRpk9PNRlmRwGjpET5v3sbK5PipMenB6PHgJKVzq+BiObi6YJJP3AEuKtlAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUN1nUFjshnHFghibGh42amLzIB0wwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbfIww
DQYJKoZIhvcNAQELBQADggEBAIExQ0okoYaTn4d2aXITW2PKU63xcy5JI3voKVMZ
uG3AISIuWKGMhDQPffe4eM01fFTVHdr0jUiUY8Y0v402KaClaAPHCp1YRdbQ++k+
ni3Z8Jzj4bmT8pVqKU6Fu1lXt0NlyYJvnZoPOreUQrqoysNyLJ/0L45DT2VdUWwA
P8BY546/NnoDb10fORthX7Dt5zltjMHKqstrJp9tIYCysT8ZLsGPIo/jGXh7gBKH
5oMNUIr7COSb7JQ2hJOpfVPnBTwZOmCnsoewZnKt9QHKzt/JRx+ZI2hCuz//ItqE
G1avXdxLrq/ds2VYotW2GqgyeD2iEHkIvTxW2XN6RoXmeCI=
-----END CERTIFICATE-----