Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS21991.roa
File:                     AS21991.roa (raw, json)
Hash identifier:          FNUeRHJiwluUfhVRpsiP+A+wvx+Zb0zrHlrnGNZcaEo=
Subject key identifier:   AE:4C:7B:2D:80:88:30:F6:58:32:51:CA:63:7A:01:22:A2:9A:8B:3A
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       0C1866036040EAEA92242DB796D90CAF3EEE4520
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS21991.roa
Signing time:             Fri 25 Jul 2025 08:07:38 +0000
ROA not before:           Fri 25 Jul 2025 08:02:38 +0000
ROA not after:            Fri 24 Jul 2026 08:07:38 +0000
asID:                     21991
IP address blocks:        2a0f:85c1::/48 maxlen: 48
                          2a0f:85c1:31::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 17:44:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:18:66:03:60:40:ea:ea:92:24:2d:b7:96:d9:0c:af:3e:ee:45:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:38 2025 GMT
            Not After : Jul 24 08:07:38 2026 GMT
        Subject: CN=AE4C7B2D808830F6583251CA637A0122A29A8B3A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:61:04:fe:8d:d0:33:f8:17:1e:d6:18:1d:8e:
                    f8:4c:ca:0b:80:68:e3:7c:92:e7:46:18:bd:4b:08:
                    26:42:31:f0:64:e3:86:f3:ba:e0:7a:9b:67:da:f3:
                    27:43:6f:fd:1d:23:1e:d7:92:07:55:60:e6:51:ef:
                    0c:bc:35:45:d2:40:26:b1:ef:32:29:0b:17:a6:6d:
                    cc:4a:75:2e:12:b5:fc:bf:90:0f:ed:9d:12:29:fc:
                    cd:ca:62:44:4a:4b:79:e0:6b:aa:0b:bd:c2:d7:8f:
                    33:c2:c9:72:d4:a2:5d:44:58:85:d5:25:c9:4a:55:
                    ac:23:8b:d1:74:0a:66:c7:d7:32:72:85:dd:89:81:
                    68:90:c6:77:5d:ea:0b:db:23:18:82:72:3b:31:3b:
                    4f:f1:f6:9e:cb:6e:46:7b:21:07:60:9c:4c:fc:0b:
                    5c:22:b7:4e:e9:3b:6a:ca:e8:11:3a:4d:bf:c5:83:
                    51:bc:f5:df:76:af:e5:6e:0d:93:2c:1d:54:92:3e:
                    ba:11:fe:99:e3:c4:5d:95:1e:70:bf:7c:d2:94:84:
                    2d:ee:e0:6a:20:b5:ab:70:d3:64:28:2b:81:e4:86:
                    d2:df:02:3a:cb:08:dd:97:d4:53:7f:59:ae:7b:8b:
                    65:61:12:98:5a:f9:15:e0:46:a6:ac:4b:7e:9f:af:
                    da:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:4C:7B:2D:80:88:30:F6:58:32:51:CA:63:7A:01:22:A2:9A:8B:3A
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS21991.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1::/48
                  2a0f:85c1:31::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:a6:68:18:fb:3a:e2:21:df:7c:0a:8b:0e:d1:e4:45:6f:e8:
         64:5c:59:b3:64:97:79:db:2d:34:85:8a:40:72:6c:98:ce:62:
         8e:a2:70:8d:86:94:d1:11:00:55:90:0d:6b:5b:4f:1f:d1:ae:
         6e:ae:d9:e1:59:02:1a:20:f4:a4:91:02:e9:97:26:42:a3:98:
         65:25:69:73:cc:cd:f9:f4:9a:6c:9b:20:48:e9:90:80:f4:e3:
         0f:fc:e3:43:06:df:33:ae:ba:83:8b:ab:d7:01:26:d0:a5:28:
         58:9c:80:b7:7b:4d:0a:0c:b2:90:2e:26:6f:ed:d4:43:8b:94:
         40:68:6d:31:e0:29:ed:b5:a2:c7:b8:c1:51:1f:e2:3c:d3:fe:
         65:b4:3b:fe:37:bc:09:63:c0:c0:30:53:78:be:2e:c3:ea:bb:
         09:f4:a0:f2:bb:83:d2:38:0d:e9:9e:86:31:82:c8:03:a9:52:
         e4:53:4a:cf:6a:a0:de:ae:25:7b:8f:6a:6f:66:6e:24:52:49:
         f6:a5:4c:9c:1a:99:1a:b6:eb:69:fe:9c:c1:d4:0f:51:d0:72:
         95:b6:d8:c3:85:b1:cf:80:c4:d0:83:de:73:a6:65:11:a7:fc:
         4e:6d:71:59:cb:e9:0a:2c:5b:f2:ad:41:32:64:af:eb:21:82:
         43:e6:37:ea
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUDBhmA2BA6uqSJC23ltkMrz7uRSAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzhaFw0yNjA3MjQwODA3MzhaMDMxMTAvBgNV
BAMTKEFFNEM3QjJEODA4ODMwRjY1ODMyNTFDQTYzN0EwMTIyQTI5QThCM0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbYQT+jdAz+Bce1hgdjvhMyguA
aON8kudGGL1LCCZCMfBk44bzuuB6m2fa8ydDb/0dIx7XkgdVYOZR7wy8NUXSQCax
7zIpCxembcxKdS4Stfy/kA/tnRIp/M3KYkRKS3nga6oLvcLXjzPCyXLUol1EWIXV
JclKVawji9F0CmbH1zJyhd2JgWiQxndd6gvbIxiCcjsxO0/x9p7LbkZ7IQdgnEz8
C1wit07pO2rK6BE6Tb/Fg1G89d92r+VuDZMsHVSSProR/pnjxF2VHnC/fNKUhC3u
4Gogtatw02QoK4HkhtLfAjrLCN2X1FN/Wa57i2VhEpha+RXgRqasS36fr9qbAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUrkx7LYCIMPZYMlHKY3oBIqKaizowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE5OTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwAqD4XB
AAADBwAqD4XBADEwDQYJKoZIhvcNAQELBQADggEBAISmaBj7OuIh33wKiw7R5EVv
6GRcWbNkl3nbLTSFikBybJjOYo6icI2GlNERAFWQDWtbTx/Rrm6u2eFZAhog9KSR
AumXJkKjmGUlaXPMzfn0mmybIEjpkID04w/840MG3zOuuoOLq9cBJtClKFicgLd7
TQoMspAuJm/t1EOLlEBobTHgKe21ose4wVEf4jzT/mW0O/43vAljwMAwU3i+LsPq
uwn0oPK7g9I4DemehjGCyAOpUuRTSs9qoN6uJXuPam9mbiRSSfalTJwamRq262n+
nMHUD1HQcpW22MOFsc+AxNCD3nOmZRGn/E5tcVnL6QosW/KtQTJkr+shgkPmN+o=
-----END CERTIFICATE-----