Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS21840.roa
File:                     AS21840.roa (raw, json)
Hash identifier:          MtQmkfm/uToYsDqJNw8jPw+ymxxMyHIbIQ6LsH8iNsM=
Subject key identifier:   42:3C:CF:B5:8E:A9:08:C1:C2:6A:B4:D4:21:66:16:FF:34:4A:97:F8
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       4C07594354D302462AB5B39B28FB18260BFEF3E2
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS21840.roa
Signing time:             Wed 11 Jun 2025 11:09:52 +0000
ROA not before:           Wed 11 Jun 2025 11:04:52 +0000
ROA not after:            Wed 10 Jun 2026 11:09:52 +0000
asID:                     21840
IP address blocks:        178.93.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:07:59:43:54:d3:02:46:2a:b5:b3:9b:28:fb:18:26:0b:fe:f3:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 11 11:04:52 2025 GMT
            Not After : Jun 10 11:09:52 2026 GMT
        Subject: CN=423CCFB58EA908C1C26AB4D4216616FF344A97F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:db:58:b7:10:e0:4c:18:9e:63:10:25:80:d1:
                    d9:8a:1f:f4:76:c9:cf:89:31:64:05:da:4b:24:3b:
                    bd:0b:ac:4e:a4:4c:83:73:e3:fd:a5:23:3a:6c:23:
                    65:b6:9c:a8:9a:b4:a3:9a:0d:c8:41:19:a2:21:25:
                    b4:d0:b3:51:45:fc:1e:29:8e:c8:cb:6e:19:7a:1f:
                    be:55:7d:11:38:13:c1:92:66:eb:04:a8:2a:e2:03:
                    0c:57:83:1a:e2:89:df:2f:df:3c:e7:e9:5e:08:9f:
                    f2:00:f6:63:fc:88:08:3d:dd:31:b5:45:22:2a:1a:
                    04:f8:c1:3d:e8:86:2f:95:be:d5:46:e5:bc:ec:b1:
                    3b:fd:31:a8:c5:a7:2e:62:ec:43:cd:db:a8:86:82:
                    cb:ee:11:5d:27:cf:c6:a4:a9:90:4b:a3:13:6f:ba:
                    3d:7f:a6:da:40:f9:24:57:1d:8e:83:ee:6e:4b:85:
                    ac:f5:4e:23:4e:96:b9:90:35:db:3c:d2:ec:e5:c6:
                    84:d2:ba:91:ae:88:3f:6f:c3:32:8a:b3:f2:d7:e3:
                    da:c1:67:49:91:f2:3f:03:ad:07:bd:92:94:e8:7d:
                    8c:4f:70:0b:3b:6f:30:5a:4d:7a:da:76:01:b3:09:
                    c7:b7:63:60:95:bb:67:24:05:a1:31:4d:94:a9:f9:
                    48:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:3C:CF:B5:8E:A9:08:C1:C2:6A:B4:D4:21:66:16:FF:34:4A:97:F8
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS21840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.93.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:0b:50:1f:cf:1f:b3:37:3f:ed:72:b6:0e:84:a3:cd:50:0c:
         e0:a2:51:b1:42:80:b3:f6:2b:a2:08:bd:01:77:34:81:a0:9c:
         c3:35:c3:97:cf:31:a9:74:03:b4:42:83:f2:4f:4a:35:cd:28:
         68:11:21:44:ae:74:2e:4d:20:97:c6:90:8b:64:8c:2a:27:e4:
         c1:3d:0b:42:b9:30:ea:18:6a:e5:3c:f1:6c:e2:88:98:9a:fd:
         49:92:ae:58:aa:76:8e:f4:9a:0e:7c:66:0f:4e:0b:4e:c5:05:
         6e:8a:52:1b:44:3b:92:96:37:9f:7a:79:a5:f3:8d:54:8e:df:
         10:75:a1:68:eb:04:06:74:23:4e:e1:38:0c:91:7e:2b:36:81:
         c1:dd:41:ee:88:5d:64:37:c5:98:d6:16:10:7d:2e:4c:50:3d:
         7c:2e:a2:f5:40:ec:2b:9c:8b:bc:26:e3:54:ea:62:d3:d2:b0:
         c7:6a:87:3c:cb:73:28:be:e1:f1:e0:f2:14:56:c1:0f:12:3e:
         5a:47:f4:2a:5c:ef:7b:6e:eb:2c:6c:e8:9a:8a:0a:22:3f:ed:
         b0:13:79:78:41:48:bc:9c:a9:f1:49:8b:1f:a4:41:13:e9:a1:
         21:6d:ff:26:26:12:9d:17:29:81:52:6f:7f:56:cd:0c:93:fc:
         fd:85:d9:e4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUTAdZQ1TTAkYqtbObKPsYJgv+8+IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MTExMTA0NTJaFw0yNjA2MTAxMTA5NTJaMDMxMTAvBgNV
BAMTKDQyM0NDRkI1OEVBOTA4QzFDMjZBQjRENDIxNjYxNkZGMzQ0QTk3RjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC621i3EOBMGJ5jECWA0dmKH/R2
yc+JMWQF2kskO70LrE6kTINz4/2lIzpsI2W2nKiatKOaDchBGaIhJbTQs1FF/B4p
jsjLbhl6H75VfRE4E8GSZusEqCriAwxXgxriid8v3zzn6V4In/IA9mP8iAg93TG1
RSIqGgT4wT3ohi+VvtVG5bzssTv9MajFpy5i7EPN26iGgsvuEV0nz8akqZBLoxNv
uj1/ptpA+SRXHY6D7m5Lhaz1TiNOlrmQNds80uzlxoTSupGuiD9vwzKKs/LX49rB
Z0mR8j8DrQe9kpTofYxPcAs7bzBaTXradgGzCce3Y2CVu2ckBaExTZSp+Uh7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUQjzPtY6pCMHCarTUIWYW/zRKl/gwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACyXVow
DQYJKoZIhvcNAQELBQADggEBAEQLUB/PH7M3P+1ytg6Eo81QDOCiUbFCgLP2K6II
vQF3NIGgnMM1w5fPMal0A7RCg/JPSjXNKGgRIUSudC5NIJfGkItkjCon5ME9C0K5
MOoYauU88WziiJia/UmSrliqdo70mg58Zg9OC07FBW6KUhtEO5KWN596eaXzjVSO
3xB1oWjrBAZ0I07hOAyRfis2gcHdQe6IXWQ3xZjWFhB9LkxQPXwuovVA7Cuci7wm
41TqYtPSsMdqhzzLcyi+4fHg8hRWwQ8SPlpH9Cpc73tu6yxs6JqKCiI/7bATeXhB
SLycqfFJix+kQRPpoSFt/yYmEp0XKYFSb39WzQyT/P2F2eQ=
-----END CERTIFICATE-----