Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          mPpZc9CggRozpHBW5IWEYxhtAXCkd/zDAm29z2eK5E4=
Subject key identifier:   17:99:1B:1B:DD:7B:C8:4F:0C:30:C4:35:FF:FE:90:01:E1:93:74:E8
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6B60AF7EDDF978303C564BF25A755BA3EB9A5F78
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21859.roa
Signing time:             Sun 26 Oct 2025 08:26:47 +0000
ROA not before:           Sun 26 Oct 2025 08:21:47 +0000
ROA not after:            Sun 25 Oct 2026 08:26:47 +0000
asID:                     21859
IP address blocks:        195.206.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:55:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:60:af:7e:dd:f9:78:30:3c:56:4b:f2:5a:75:5b:a3:eb:9a:5f:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 26 08:21:47 2025 GMT
            Not After : Oct 25 08:26:47 2026 GMT
        Subject: CN=17991B1BDD7BC84F0C30C435FFFE9001E19374E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:96:28:2d:f6:ac:0e:34:d9:4d:e1:59:c7:17:
                    b6:84:1a:0b:d2:d6:ea:0e:18:cc:6e:28:4d:93:17:
                    5b:1d:a8:8c:e3:6b:fa:81:08:7d:d8:49:b5:af:01:
                    9a:f0:91:74:d8:3c:b8:ef:96:39:e4:a6:3f:b3:9a:
                    b3:3f:d3:25:4c:f3:59:19:fc:72:f5:4e:4f:b6:3c:
                    c1:8b:43:d0:df:4d:00:05:b9:20:9c:f0:d4:5b:e7:
                    cb:57:4c:5c:14:51:33:e8:7b:69:3b:6b:65:76:a2:
                    3f:cb:53:77:4a:4e:68:f0:d4:88:2f:d5:a1:9b:a9:
                    48:a7:42:4f:86:bb:d9:46:4a:4d:1c:5f:41:7f:15:
                    73:ed:10:22:cc:b8:e4:cf:89:37:3d:e8:a3:4c:24:
                    d5:f3:f9:2c:de:2b:06:41:06:8d:b7:9e:ef:8e:11:
                    08:53:39:7a:a6:9f:88:9d:ae:b8:3f:55:f0:22:c3:
                    68:3c:20:1d:c0:c1:67:3e:f0:c2:57:4a:b8:ce:c9:
                    3c:8f:55:90:a1:63:fc:a8:ed:83:87:9e:05:5f:ae:
                    a1:83:0a:a1:bc:43:65:52:58:39:36:06:66:81:ae:
                    55:5c:d7:8c:d1:d5:fb:57:5f:3a:c0:19:0c:6f:f8:
                    ec:1c:25:a6:65:6f:5c:86:4e:ce:c1:16:4f:ad:18:
                    20:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:99:1B:1B:DD:7B:C8:4F:0C:30:C4:35:FF:FE:90:01:E1:93:74:E8
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.206.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:9b:f2:0e:6c:cd:37:38:09:79:4b:f7:d3:03:c9:ad:e4:b6:
         2f:0d:af:2f:91:31:46:c8:8c:64:9b:94:be:af:c9:c1:72:90:
         70:96:23:34:49:d3:e5:dd:d2:6c:7b:e7:04:fe:48:cc:a2:bd:
         41:20:09:9f:3f:f3:b7:5a:b3:5f:ab:f5:2e:ce:fc:55:ff:0d:
         43:ee:ed:e2:5d:43:cf:3f:bf:21:64:bf:7a:18:c6:c2:02:da:
         6d:2d:d2:bd:bf:e5:b0:7c:be:26:43:84:cb:d7:a4:75:2a:89:
         c1:d8:fb:5d:5d:1f:69:c8:c6:05:4e:e2:f0:a6:8f:dc:06:4c:
         b5:9c:f7:26:25:24:03:64:f1:3f:b0:46:60:7a:c2:20:61:67:
         8a:0e:a7:3a:fd:93:1a:e8:1f:7b:98:8f:6c:25:90:6c:c5:8e:
         65:e3:3c:ce:15:3e:c0:4d:d3:5e:9f:12:56:63:e0:3b:e7:8a:
         b0:2b:74:54:96:93:f7:c5:42:61:8e:90:8c:d1:84:3d:1f:ea:
         ab:8d:74:d9:d4:36:f9:f6:2e:3a:c4:98:95:26:fe:70:97:21:
         87:24:80:95:98:36:16:22:5e:c6:89:9b:fe:35:ce:17:3a:f6:
         57:2b:8b:e9:f4:90:da:75:c1:5a:85:75:32:8c:a2:50:b1:ae:
         f9:89:aa:14
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUa2Cvft35eDA8VkvyWnVbo+uaX3gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEwMjYwODIxNDdaFw0yNjEwMjUwODI2NDdaMDMxMTAvBgNV
BAMTKDE3OTkxQjFCREQ3QkM4NEYwQzMwQzQzNUZGRkU5MDAxRTE5Mzc0RTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyligt9qwONNlN4VnHF7aEGgvS
1uoOGMxuKE2TF1sdqIzja/qBCH3YSbWvAZrwkXTYPLjvljnkpj+zmrM/0yVM81kZ
/HL1Tk+2PMGLQ9DfTQAFuSCc8NRb58tXTFwUUTPoe2k7a2V2oj/LU3dKTmjw1Igv
1aGbqUinQk+Gu9lGSk0cX0F/FXPtECLMuOTPiTc96KNMJNXz+SzeKwZBBo23nu+O
EQhTOXqmn4idrrg/VfAiw2g8IB3AwWc+8MJXSrjOyTyPVZChY/yo7YOHngVfrqGD
CqG8Q2VSWDk2BmaBrlVc14zR1ftXXzrAGQxv+OwcJaZlb1yGTs7BFk+tGCCbAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUF5kbG917yE8MMMQ1//6QAeGTdOgwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDzusw
DQYJKoZIhvcNAQELBQADggEBAIab8g5szTc4CXlL99MDya3kti8Nry+RMUbIjGSb
lL6vycFykHCWIzRJ0+Xd0mx75wT+SMyivUEgCZ8/87das1+r9S7O/FX/DUPu7eJd
Q88/vyFkv3oYxsIC2m0t0r2/5bB8viZDhMvXpHUqicHY+11dH2nIxgVO4vCmj9wG
TLWc9yYlJANk8T+wRmB6wiBhZ4oOpzr9kxroH3uYj2wlkGzFjmXjPM4VPsBN016f
ElZj4DvnirArdFSWk/fFQmGOkIzRhD0f6quNdNnUNvn2LjrEmJUm/nCXIYckgJWY
NhYiXsaJm/41zhc69lcri+n0kNp1wVqFdTKMolCxrvmJqhQ=
-----END CERTIFICATE-----