Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58212.roa
File:                     AS58212.roa (raw, json)
Hash identifier:          edUTk5Lf6AlJDcvScIxkFoANHeRzpXcqW80YkouxV9s=
Subject key identifier:   3B:13:F5:89:73:C7:28:31:FD:6E:35:3B:B5:DF:C8:92:94:0D:B2:0E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       36B29F7C5F25A9EF42BF8D363AD49C62B0B49247
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58212.roa
Signing time:             Thu 14 Aug 2025 16:56:58 +0000
ROA not before:           Thu 14 Aug 2025 16:51:58 +0000
ROA not after:            Thu 13 Aug 2026 16:56:58 +0000
asID:                     58212
IP address blocks:        45.93.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:b2:9f:7c:5f:25:a9:ef:42:bf:8d:36:3a:d4:9c:62:b0:b4:92:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 14 16:51:58 2025 GMT
            Not After : Aug 13 16:56:58 2026 GMT
        Subject: CN=3B13F58973C72831FD6E353BB5DFC892940DB20E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:19:7b:9f:35:e3:c5:78:14:fc:c1:34:66:9f:
                    ed:59:35:36:c2:16:07:54:b9:28:3e:83:33:4b:a6:
                    49:27:42:a5:ca:cb:c4:09:4b:58:23:65:05:be:23:
                    ef:df:9a:f5:f7:90:66:b7:ea:ea:31:3b:1d:6e:d1:
                    7f:8b:e4:81:3a:ad:05:24:76:77:2f:61:8a:59:6a:
                    0c:3a:67:c1:3c:b0:15:80:1b:0c:2d:08:63:72:20:
                    fd:22:f4:76:b0:3e:8d:f9:59:bb:41:d1:af:ce:6e:
                    c6:da:87:d9:90:47:34:1f:c5:1b:f6:a3:fd:b1:cd:
                    ab:39:aa:f9:84:fd:da:4c:c9:65:3e:f6:33:c6:ae:
                    c3:17:d8:6a:c3:69:b1:26:f7:2c:4c:25:71:1e:1f:
                    57:2b:8a:63:4f:ef:fe:ea:3e:fb:2e:af:90:d2:b3:
                    cb:e4:97:ba:9c:f3:f7:4b:a8:b0:9d:bb:71:a8:39:
                    ba:3e:35:86:ad:40:b6:a5:9f:d7:60:b6:4b:7a:8d:
                    74:d2:f7:5c:eb:1b:a1:0b:a2:0b:e8:12:4e:0c:d6:
                    cb:50:24:b5:fd:43:94:b4:26:b2:63:0f:5c:39:36:
                    c9:8c:c5:b8:16:0c:5a:98:bc:c0:dd:cd:ec:f8:70:
                    9d:9e:c3:36:d2:1a:a2:67:63:eb:0e:d6:a8:90:5b:
                    47:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:13:F5:89:73:C7:28:31:FD:6E:35:3B:B5:DF:C8:92:94:0D:B2:0E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58212.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:bb:a2:bf:98:fd:e7:7a:15:9b:b3:e8:63:3a:5b:bc:0c:99:
         31:e7:76:31:e6:08:e0:28:2d:9e:77:a7:34:bf:9c:e4:21:16:
         18:b5:6d:d6:06:7d:06:ae:d3:fb:33:64:ad:a7:f9:a8:5a:c4:
         8c:50:d1:ee:85:ac:49:3e:b7:42:ae:0a:19:ed:63:ab:26:64:
         e6:91:61:31:ed:c8:58:bb:35:b6:ec:4d:f5:74:a9:e7:65:90:
         66:f0:7f:d5:2c:4b:bb:0b:2f:8d:a1:57:7c:71:65:9c:07:38:
         e5:5d:a8:20:4b:f5:20:55:2c:25:af:06:5b:38:7b:33:54:e5:
         20:f4:ed:b7:bc:bb:67:6b:6f:25:cf:a2:f1:4a:34:2e:1a:d5:
         70:26:60:c9:57:9a:58:25:e7:4b:83:d0:2d:55:37:f5:a6:ff:
         f0:1e:da:39:8d:6b:7e:4a:54:31:c8:06:af:ae:19:01:9f:8a:
         3a:73:3c:f1:d5:bf:d3:6b:32:30:64:73:be:af:b6:b3:57:a1:
         07:9d:f7:89:4b:2b:93:3e:fa:31:9d:7f:d5:28:f6:73:55:d5:
         36:a5:04:47:06:22:cd:55:ce:17:e8:3a:e9:19:75:2d:65:77:
         77:66:c1:b0:d3:ed:2b:24:21:11:6e:08:e0:04:40:f0:b7:78:
         0c:fd:2c:a9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUNrKffF8lqe9Cv402OtScYrC0kkcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MTQxNjUxNThaFw0yNjA4MTMxNjU2NThaMDMxMTAvBgNV
BAMTKDNCMTNGNTg5NzNDNzI4MzFGRDZFMzUzQkI1REZDODkyOTQwREIyMEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtGXufNePFeBT8wTRmn+1ZNTbC
FgdUuSg+gzNLpkknQqXKy8QJS1gjZQW+I+/fmvX3kGa36uoxOx1u0X+L5IE6rQUk
dncvYYpZagw6Z8E8sBWAGwwtCGNyIP0i9HawPo35WbtB0a/Obsbah9mQRzQfxRv2
o/2xzas5qvmE/dpMyWU+9jPGrsMX2GrDabEm9yxMJXEeH1crimNP7/7qPvsur5DS
s8vkl7qc8/dLqLCdu3GoObo+NYatQLaln9dgtkt6jXTS91zrG6ELogvoEk4M1stQ
JLX9Q5S0JrJjD1w5NsmMxbgWDFqYvMDdzez4cJ2ewzbSGqJnY+sO1qiQW0frAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUOxP1iXPHKDH9bjU7td/IkpQNsg4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTgyMTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtXSww
DQYJKoZIhvcNAQELBQADggEBACm7or+Y/ed6FZuz6GM6W7wMmTHndjHmCOAoLZ53
pzS/nOQhFhi1bdYGfQau0/szZK2n+ahaxIxQ0e6FrEk+t0KuChntY6smZOaRYTHt
yFi7NbbsTfV0qedlkGbwf9UsS7sLL42hV3xxZZwHOOVdqCBL9SBVLCWvBls4ezNU
5SD07be8u2drbyXPovFKNC4a1XAmYMlXmlgl50uD0C1VN/Wm//Ae2jmNa35KVDHI
Bq+uGQGfijpzPPHVv9NrMjBkc76vtrNXoQed94lLK5M++jGdf9Uo9nNV1TalBEcG
Is1VzhfoOukZdS1ld3dmwbDT7SskIRFuCOAEQPC3eAz9LKk=
-----END CERTIFICATE-----