Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          dVkJo2/KtH7ouHFUaOnzmEK55+jt+sktYDgmVOdRtBw=
Subject key identifier:   3F:23:73:36:C9:32:89:CA:FF:4E:B8:63:02:F9:8F:6C:2D:97:92:92
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3A3F8076381F200B9C8FD32543C02B22AC9BD437
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS21859.roa
Signing time:             Mon 27 Oct 2025 06:02:46 +0000
ROA not before:           Mon 27 Oct 2025 05:57:46 +0000
ROA not after:            Mon 26 Oct 2026 06:02:46 +0000
asID:                     21859
IP address blocks:        143.20.11.0/24 maxlen: 24
                          143.20.13.0/24 maxlen: 24
                          143.20.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:3f:80:76:38:1f:20:0b:9c:8f:d3:25:43:c0:2b:22:ac:9b:d4:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 27 05:57:46 2025 GMT
            Not After : Oct 26 06:02:46 2026 GMT
        Subject: CN=3F237336C93289CAFF4EB86302F98F6C2D979292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d6:a8:29:61:a9:8d:f8:f9:6a:f3:b8:a0:ed:
                    f0:6f:dd:a3:42:09:c3:5b:fb:7d:19:a9:d7:42:72:
                    5c:79:d6:32:71:b6:e6:23:4c:50:d7:6f:cc:89:99:
                    b4:23:7a:db:cf:05:68:29:71:03:c5:98:a9:46:66:
                    05:1a:67:fe:af:90:5c:4b:e6:86:d1:c9:0b:4b:99:
                    09:32:01:aa:9f:28:f1:70:0c:76:65:e3:21:fa:0c:
                    6c:df:fe:04:63:cc:7d:35:42:a2:e9:f6:27:37:c5:
                    01:65:31:2d:c2:17:e9:d0:41:2c:6e:4a:e1:c7:85:
                    a5:fb:e9:3f:1f:f1:2d:cc:7b:cf:bd:2d:30:96:ab:
                    1a:19:6e:7d:aa:55:83:d1:0e:77:ff:22:9c:a2:02:
                    ab:89:9e:22:50:e7:3d:49:99:55:af:c8:c5:81:14:
                    16:a4:49:e1:b4:8f:01:95:3c:3a:8b:4d:97:b8:89:
                    6e:43:89:be:bf:9f:64:be:5b:38:11:b2:f8:bc:ff:
                    16:28:06:90:fc:de:74:e9:71:1f:98:b7:ff:bd:e7:
                    56:3b:7e:9e:fc:94:e9:44:a7:65:27:f7:3a:66:52:
                    36:21:3c:2f:50:f8:00:24:f4:80:f2:29:f9:53:db:
                    ca:64:a8:d4:8c:51:dd:3f:21:67:40:af:fb:0e:4c:
                    51:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:23:73:36:C9:32:89:CA:FF:4E:B8:63:02:F9:8F:6C:2D:97:92:92
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.11.0/24
                  143.20.13.0/24
                  143.20.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:c8:f3:c9:1d:0a:60:11:be:93:78:e3:07:0c:60:af:42:b4:
         b0:bb:20:46:dd:ba:79:25:6a:df:dd:a4:30:f2:c0:15:46:73:
         70:7f:fe:05:d3:f5:fc:d4:79:0e:b9:fb:65:d8:6d:2d:00:45:
         c1:7f:71:96:77:23:f9:6a:53:2e:ee:cf:5b:a3:fa:3a:15:47:
         2d:1c:31:13:d1:6d:96:5f:1e:7a:43:a8:69:c9:87:de:3b:08:
         7c:8f:2e:1e:b3:e7:fc:80:88:da:9c:ee:35:c8:aa:2b:09:f3:
         58:36:3d:0a:55:d2:04:72:da:61:08:3a:d1:6f:fe:b6:4c:f1:
         3c:5a:65:f1:13:97:f5:c3:e4:45:6d:30:c3:6a:dc:69:34:cc:
         7e:32:f9:85:b7:21:47:57:e1:0c:00:e2:bb:21:4d:40:49:3c:
         ce:c3:e6:b7:70:32:bb:ed:4c:6b:8e:9c:cb:ff:da:72:57:b1:
         ae:c4:f8:42:62:44:3a:08:18:7c:4c:f8:7c:0e:ba:0c:3b:e7:
         58:5f:be:42:e6:bf:65:6c:1b:17:32:a7:c0:18:23:bf:93:55:
         3f:ac:7d:69:5a:cd:9d:0b:43:10:68:9c:64:e3:fc:41:eb:34:
         8a:da:ce:ec:4d:f9:e2:a1:6d:9c:d8:03:70:13:6c:86:60:ab:
         db:10:7a:8e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUOj+AdjgfIAucj9MlQ8ArIqyb1DcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjcwNTU3NDZaFw0yNjEwMjYwNjAyNDZaMDMxMTAvBgNV
BAMTKDNGMjM3MzM2QzkzMjg5Q0FGRjRFQjg2MzAyRjk4RjZDMkQ5NzkyOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC81qgpYamN+Plq87ig7fBv3aNC
CcNb+30ZqddCclx51jJxtuYjTFDXb8yJmbQjetvPBWgpcQPFmKlGZgUaZ/6vkFxL
5obRyQtLmQkyAaqfKPFwDHZl4yH6DGzf/gRjzH01QqLp9ic3xQFlMS3CF+nQQSxu
SuHHhaX76T8f8S3Me8+9LTCWqxoZbn2qVYPRDnf/IpyiAquJniJQ5z1JmVWvyMWB
FBakSeG0jwGVPDqLTZe4iW5Dib6/n2S+WzgRsvi8/xYoBpD83nTpcR+Yt/+951Y7
fp78lOlEp2Un9zpmUjYhPC9Q+AAk9IDyKflT28pkqNSMUd0/IWdAr/sOTFFzAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUPyNzNskyicr/TrhjAvmPbC2XkpIwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACPFAsD
BACPFA0DBACPFMEwDQYJKoZIhvcNAQELBQADggEBAHHI88kdCmARvpN44wcMYK9C
tLC7IEbdunklat/dpDDywBVGc3B//gXT9fzUeQ65+2XYbS0ARcF/cZZ3I/lqUy7u
z1uj+joVRy0cMRPRbZZfHnpDqGnJh947CHyPLh6z5/yAiNqc7jXIqisJ81g2PQpV
0gRy2mEIOtFv/rZM8TxaZfETl/XD5EVtMMNq3Gk0zH4y+YW3IUdX4QwA4rshTUBJ
PM7D5rdwMrvtTGuOnMv/2nJXsa7E+EJiRDoIGHxM+HwOugw751hfvkLmv2VsGxcy
p8AYI7+TVT+sfWlazZ0LQxBonGTj/EHrNIrazuxN+eKhbZzYA3ATbIZgq9sQeo4=
-----END CERTIFICATE-----