Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS30058.roa
File:                     AS30058.roa (raw, json)
Hash identifier:          WRphOhmJVv1Xqd3sTw4IUBHBKQr2eBK9Staj+N8kico=
Subject key identifier:   5A:9D:64:23:BA:3B:EB:BB:8F:5E:12:8D:07:34:3B:4A:E7:A4:5C:58
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       74D8FF3C7AEDA39EB3EFDE719C2CE4FE825882B7
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS30058.roa
Signing time:             Thu 02 Oct 2025 18:24:01 +0000
ROA not before:           Thu 02 Oct 2025 18:19:01 +0000
ROA not after:            Thu 01 Oct 2026 18:24:01 +0000
asID:                     30058
IP address blocks:        82.21.1.0/24 maxlen: 24
                          82.26.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:d8:ff:3c:7a:ed:a3:9e:b3:ef:de:71:9c:2c:e4:fe:82:58:82:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct  2 18:19:01 2025 GMT
            Not After : Oct  1 18:24:01 2026 GMT
        Subject: CN=5A9D6423BA3BEBBB8F5E128D07343B4AE7A45C58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:0e:d8:ed:38:21:f0:56:38:32:73:ef:2a:1a:
                    ac:03:15:43:10:97:12:33:c3:77:cc:78:c6:3a:6a:
                    98:25:42:27:32:0a:59:39:ea:e7:83:04:80:55:39:
                    3b:69:d6:c2:9e:17:61:04:d9:43:15:20:8e:95:c8:
                    f4:fa:ab:47:d3:2d:6b:f6:37:1c:95:24:c9:41:ed:
                    16:69:b5:3d:aa:17:67:2d:8d:bf:0e:6f:57:3e:ec:
                    74:63:ad:77:4f:a3:60:9d:64:31:38:22:3b:ee:c2:
                    1f:b7:33:fa:08:6e:92:ad:e9:7e:df:1e:67:31:2c:
                    d5:56:44:25:15:c1:e1:9c:1f:92:ee:76:93:96:d7:
                    5a:b0:c2:0f:4e:56:e1:cb:a2:e4:b9:2a:33:e2:fc:
                    af:08:32:5f:19:44:55:ca:df:c5:f0:42:13:5f:b0:
                    3f:ab:ba:09:01:d9:f7:16:26:87:3d:31:e7:b9:2d:
                    df:ff:ec:01:1c:01:8f:9f:00:51:53:2b:cd:20:33:
                    8e:cd:80:a2:45:ab:c9:e3:e8:8a:84:50:3c:51:4a:
                    79:bd:11:32:6b:27:54:08:c1:8a:c8:bd:85:9f:48:
                    44:57:34:7b:d5:d4:43:c9:86:43:d7:48:ef:0e:99:
                    f4:67:ee:cd:e2:9b:f9:19:bd:25:86:7a:b1:98:12:
                    60:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:9D:64:23:BA:3B:EB:BB:8F:5E:12:8D:07:34:3B:4A:E7:A4:5C:58
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS30058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.1.0/24
                  82.26.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:5a:2f:bb:a5:0f:21:8f:d8:a0:1d:9c:63:67:89:07:13:2c:
         0d:42:b0:a1:74:cf:ac:32:c0:df:92:17:55:f8:c5:fa:59:3b:
         27:c1:52:70:e5:ea:b6:59:04:51:fa:e6:bd:16:ed:dd:36:f7:
         aa:6c:a1:13:a3:97:c2:60:f7:94:9e:5d:1a:6d:3f:66:cf:92:
         90:0e:e7:f3:85:95:c0:46:46:6e:87:50:cc:b9:1d:d0:49:ea:
         f0:0b:56:c5:fe:02:1d:2f:66:8e:bc:ec:3a:52:fc:25:9c:9e:
         3f:68:c2:df:39:32:a6:29:52:31:12:ef:c0:73:43:02:cd:a1:
         a3:31:2e:2f:a6:f6:01:e4:ea:ca:f0:89:31:7b:8e:5d:f7:43:
         d7:f6:86:ae:5a:f2:65:55:90:ce:b1:02:df:63:dc:7c:b9:1a:
         9d:ac:39:e3:70:e1:80:b2:f1:12:62:ee:09:0e:6f:20:97:bd:
         26:59:88:93:98:0d:1e:f2:0c:4d:65:3c:65:1e:c4:0f:e2:cd:
         f8:c3:6c:bf:ed:8f:14:30:ad:c7:b4:1e:bb:fc:a8:5c:69:03:
         78:f4:8c:43:4f:4e:d2:5c:a6:a5:c5:e3:bd:67:26:73:8e:d7:
         f5:4c:77:d4:02:9c:87:17:8b:0b:58:a7:b3:2d:26:59:77:1e:
         2d:9e:db:bd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUdNj/PHrto56z795xnCzk/oJYgrcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMDIxODE5MDFaFw0yNjEwMDExODI0MDFaMDMxMTAvBgNV
BAMTKDVBOUQ2NDIzQkEzQkVCQkI4RjVFMTI4RDA3MzQzQjRBRTdBNDVDNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlDtjtOCHwVjgyc+8qGqwDFUMQ
lxIzw3fMeMY6apglQicyClk56ueDBIBVOTtp1sKeF2EE2UMVII6VyPT6q0fTLWv2
NxyVJMlB7RZptT2qF2ctjb8Ob1c+7HRjrXdPo2CdZDE4Ijvuwh+3M/oIbpKt6X7f
HmcxLNVWRCUVweGcH5LudpOW11qwwg9OVuHLouS5KjPi/K8IMl8ZRFXK38XwQhNf
sD+rugkB2fcWJoc9Mee5Ld//7AEcAY+fAFFTK80gM47NgKJFq8nj6IqEUDxRSnm9
ETJrJ1QIwYrIvYWfSERXNHvV1EPJhkPXSO8OmfRn7s3im/kZvSWGerGYEmDjAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUWp1kI7o767uPXhKNBzQ7SuekXFgwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzAwNTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABSFQED
BABSGqkwDQYJKoZIhvcNAQELBQADggEBABdaL7ulDyGP2KAdnGNniQcTLA1CsKF0
z6wywN+SF1X4xfpZOyfBUnDl6rZZBFH65r0W7d0296psoROjl8Jg95SeXRptP2bP
kpAO5/OFlcBGRm6HUMy5HdBJ6vALVsX+Ah0vZo687DpS/CWcnj9owt85MqYpUjES
78BzQwLNoaMxLi+m9gHk6srwiTF7jl33Q9f2hq5a8mVVkM6xAt9j3Hy5Gp2sOeNw
4YCy8RJi7gkObyCXvSZZiJOYDR7yDE1lPGUexA/izfjDbL/tjxQwrce0Hrv8qFxp
A3j0jENPTtJcpqXF471nJnOO1/VMd9QCnIcXiwtYp7MtJll3Hi2e270=
-----END CERTIFICATE-----