Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          joiNqFMkPsXORNWvMpuwf5tJByB+Ur9u2UAjBwYJH2w=
Subject key identifier:   2E:F2:5D:F7:95:7C:FB:96:FA:66:CE:40:DE:99:E8:BB:C3:DE:C5:F3
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       3B559D80A169089CB3278889042686740DC58F81
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21859.roa
Signing time:             Sat 04 Apr 2026 00:00:29 +0000
ROA not before:           Fri 03 Apr 2026 23:55:29 +0000
ROA not after:            Sat 03 Apr 2027 00:00:29 +0000
asID:                     21859
IP address blocks:        193.29.98.0/24 maxlen: 24
                          194.104.156.0/24 maxlen: 24
                          194.147.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 23:56:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:55:9d:80:a1:69:08:9c:b3:27:88:89:04:26:86:74:0d:c5:8f:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr  3 23:55:29 2026 GMT
            Not After : Apr  3 00:00:29 2027 GMT
        Subject: CN=2EF25DF7957CFB96FA66CE40DE99E8BBC3DEC5F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:69:31:e4:41:c7:b2:9f:b8:9b:c9:2c:ae:73:
                    fb:1e:00:6f:8e:e7:64:03:37:52:17:7f:88:93:b6:
                    90:ea:b3:71:11:25:90:c9:e1:b7:bf:7d:dc:70:e4:
                    06:b2:a3:12:55:dd:be:83:14:bd:d3:f2:20:70:15:
                    c5:b5:d5:24:4a:c7:67:36:17:47:a8:44:bb:25:d9:
                    c4:a8:65:35:61:d7:cb:d5:65:cd:4f:a9:0d:37:0d:
                    7b:4d:4f:91:56:91:a2:91:d3:9c:92:c1:e2:4e:01:
                    1f:ef:1a:9b:1b:9b:fa:fe:2e:cc:33:7a:e6:46:c4:
                    f8:80:0f:d6:54:7f:73:2a:57:18:71:60:70:21:0c:
                    8d:20:3f:50:35:e0:25:4b:1d:07:8f:be:2d:32:2f:
                    cc:d4:36:33:00:10:dd:6f:86:ea:e5:af:c6:1a:43:
                    56:bf:64:60:27:e3:fe:ec:77:64:42:2f:3b:c2:2b:
                    3e:dc:a6:80:2c:4b:14:72:0d:3a:17:cd:4a:e1:df:
                    10:04:5e:7a:ae:00:2c:c7:17:fe:bf:e5:64:14:93:
                    ef:f0:c3:80:23:ec:ba:54:a4:86:11:11:df:53:d6:
                    b8:09:fa:71:2d:6a:6f:76:22:91:18:cd:1f:0e:4b:
                    9e:bf:cc:bd:fb:ae:42:c2:cd:8f:34:81:88:12:a3:
                    d7:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:F2:5D:F7:95:7C:FB:96:FA:66:CE:40:DE:99:E8:BB:C3:DE:C5:F3
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.98.0/24
                  194.104.156.0/24
                  194.147.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:0c:0d:ef:97:42:87:55:f8:9a:d7:2b:aa:a7:dd:29:ac:73:
         eb:dd:20:eb:25:8b:22:8a:8a:8c:04:0b:10:f6:3d:0c:ee:94:
         11:72:f8:0d:c4:57:c5:dc:92:9c:04:1e:3b:88:84:8c:e5:c4:
         79:e9:52:f1:13:29:e5:a2:ac:a5:fe:da:57:71:69:7a:71:3c:
         b7:bd:64:40:3b:28:37:39:dc:7b:c2:f2:13:de:e9:63:a6:71:
         88:0f:83:58:12:f6:72:d5:cd:42:92:02:b2:61:53:8e:e9:96:
         77:79:14:d1:0f:89:ea:f5:61:95:80:32:31:ec:3d:51:ff:d8:
         12:5f:3d:d9:ff:1b:5e:62:ce:c2:dd:a7:27:13:61:19:e7:67:
         ff:fe:0c:28:74:da:32:44:13:5b:fc:84:30:db:bf:b9:4c:c0:
         25:ee:a0:5a:7c:5e:0c:5e:4f:11:ab:74:02:01:4c:c1:ce:c1:
         37:bd:14:50:62:61:ae:52:55:c2:94:db:8c:6b:92:24:e9:9b:
         54:05:9b:ac:1e:b3:1f:14:9e:bf:f0:77:65:c9:13:09:d2:2f:
         21:6e:0d:16:58:45:ae:7d:ac:7d:f4:46:96:06:1c:55:f0:57:
         37:ad:b3:50:27:73:40:6e:7f:fc:d5:29:ae:51:17:a0:e2:37:
         a8:70:16:25
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUO1WdgKFpCJyzJ4iJBCaGdA3Fj4EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA0MDMyMzU1MjlaFw0yNzA0MDMwMDAwMjlaMDMxMTAvBgNV
BAMTKDJFRjI1REY3OTU3Q0ZCOTZGQTY2Q0U0MERFOTlFOEJCQzNERUM1RjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVaTHkQceyn7ibySyuc/seAG+O
52QDN1IXf4iTtpDqs3ERJZDJ4be/fdxw5AayoxJV3b6DFL3T8iBwFcW11SRKx2c2
F0eoRLsl2cSoZTVh18vVZc1PqQ03DXtNT5FWkaKR05ySweJOAR/vGpsbm/r+Lswz
euZGxPiAD9ZUf3MqVxhxYHAhDI0gP1A14CVLHQePvi0yL8zUNjMAEN1vhurlr8Ya
Q1a/ZGAn4/7sd2RCLzvCKz7cpoAsSxRyDToXzUrh3xAEXnquACzHF/6/5WQUk+/w
w4Aj7LpUpIYREd9T1rgJ+nEtam92IpEYzR8OS56/zL37rkLCzY80gYgSo9fVAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQULvJd95V8+5b6Zs5A3pnou8PexfMwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBADBHWID
BADCaJwDBADCkwQwDQYJKoZIhvcNAQELBQADggEBAIMMDe+XQodV+JrXK6qn3Sms
c+vdIOsliyKKiowECxD2PQzulBFy+A3EV8XckpwEHjuIhIzlxHnpUvETKeWirKX+
2ldxaXpxPLe9ZEA7KDc53HvC8hPe6WOmcYgPg1gS9nLVzUKSArJhU47plnd5FNEP
ier1YZWAMjHsPVH/2BJfPdn/G15izsLdpycTYRnnZ//+DCh02jJEE1v8hDDbv7lM
wCXuoFp8XgxeTxGrdAIBTMHOwTe9FFBiYa5SVcKU24xrkiTpm1QFm6wesx8Unr/w
d2XJEwnSLyFuDRZYRa59rH30RpYGHFXwVzets1Anc0Buf/zVKa5RF6DiN6hwFiU=
-----END CERTIFICATE-----