Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS58212.roa
File:                     AS58212.roa (raw, json)
Hash identifier:          IWH7M+qtSung62+K/Px7v7Ff5I5LjsYrOVU2wfVP+IY=
Subject key identifier:   42:C0:B0:D6:61:93:53:CF:22:84:E9:78:3B:EB:70:00:D6:24:1E:52
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       774258C36FC40811943604C2015F67826ECC101D
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS58212.roa
Signing time:             Wed 25 Jun 2025 14:46:28 +0000
ROA not before:           Wed 25 Jun 2025 14:41:28 +0000
ROA not after:            Wed 24 Jun 2026 14:46:28 +0000
asID:                     58212
IP address blocks:        141.11.49.0/24 maxlen: 24
                          141.11.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 10:24:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:42:58:c3:6f:c4:08:11:94:36:04:c2:01:5f:67:82:6e:cc:10:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 25 14:41:28 2025 GMT
            Not After : Jun 24 14:46:28 2026 GMT
        Subject: CN=42C0B0D6619353CF2284E9783BEB7000D6241E52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:52:0a:59:ef:93:0e:a8:3f:95:d6:9b:9d:e2:
                    ce:85:58:a5:e9:1c:1f:9b:81:ee:26:f3:4d:db:12:
                    76:91:01:e8:80:ec:bf:a4:76:22:aa:75:f6:68:7b:
                    27:01:a3:3e:ff:3d:d3:f5:68:f5:3c:1c:5b:49:34:
                    96:40:c7:de:09:76:0d:85:5c:76:e2:c2:e8:e7:dc:
                    37:f6:ae:c6:ef:20:90:c2:cf:bb:20:f0:03:c8:30:
                    83:f1:ee:20:df:10:4f:da:4f:a7:c6:4d:e5:f9:2c:
                    53:e6:b0:28:94:44:b9:6e:45:f3:83:54:6b:87:33:
                    ef:ca:74:53:9d:6a:5c:c7:2b:b5:7d:13:a8:a1:77:
                    70:ac:f1:2b:fc:26:0d:ef:3b:fe:b1:56:db:a9:90:
                    06:7f:0b:7c:f7:b0:3c:73:39:e2:44:10:ca:70:01:
                    c4:53:78:de:2a:ae:21:de:85:ec:21:d1:ce:0d:aa:
                    53:68:17:0c:6b:33:3c:f8:4f:4c:04:ce:33:2a:a7:
                    62:2f:93:a2:ef:d7:2c:6a:b1:60:e5:91:af:b2:2a:
                    8d:cf:06:db:0e:2f:dc:6b:ce:c7:23:4a:a8:94:0c:
                    6a:56:90:3f:d4:9e:d7:cb:32:3d:1a:57:e5:99:56:
                    ea:dd:47:77:d4:49:88:93:2e:6f:02:e7:53:ae:39:
                    f4:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:C0:B0:D6:61:93:53:CF:22:84:E9:78:3B:EB:70:00:D6:24:1E:52
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS58212.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.49.0/24
                  141.11.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:9b:93:79:ea:5a:b5:66:8a:e6:87:0b:2d:dc:1e:07:f2:41:
         74:c7:c8:61:dc:47:16:08:f9:c4:46:ef:7e:7e:d5:a0:0e:b7:
         3c:13:c9:45:a6:df:8e:4c:44:97:a8:a0:d0:ce:07:11:a8:bf:
         8d:57:8d:84:69:61:76:83:4d:45:64:dc:3f:e7:5d:3e:fd:ae:
         82:09:87:88:c9:f3:24:1b:20:62:bc:87:be:2a:de:f6:a5:cb:
         b2:2e:fa:48:6b:20:70:b8:3b:a2:4d:40:fd:89:91:0d:7d:b9:
         99:f6:ca:9d:7d:ad:34:8d:3e:df:ef:23:5d:4d:a0:8a:8f:be:
         bd:c8:7e:be:a1:1e:4e:8f:e1:dd:65:1d:17:64:77:7c:81:6e:
         fd:59:77:ae:5a:8c:65:17:f8:9c:ba:8c:2c:45:76:b1:42:25:
         c7:e7:36:df:1d:2e:47:00:2f:2d:86:5a:d5:21:fa:3b:e2:31:
         3b:b7:77:71:a1:e3:98:18:f9:0f:ef:7a:4b:df:48:e4:5e:cb:
         57:1f:cd:51:50:33:cf:cb:b5:55:78:d8:36:12:ca:e2:fd:c6:
         cd:80:fd:ba:fd:8f:ae:05:20:51:e8:30:0c:13:ce:20:f9:40:
         78:47:b5:a0:4f:5f:c7:4b:3a:63:87:79:06:14:9f:7f:1c:a0:
         57:ed:bb:ff
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUd0JYw2/ECBGUNgTCAV9ngm7MEB0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA2MjUxNDQxMjhaFw0yNjA2MjQxNDQ2MjhaMDMxMTAvBgNV
BAMTKDQyQzBCMEQ2NjE5MzUzQ0YyMjg0RTk3ODNCRUI3MDAwRDYyNDFFNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKUgpZ75MOqD+V1pud4s6FWKXp
HB+bge4m803bEnaRAeiA7L+kdiKqdfZoeycBoz7/PdP1aPU8HFtJNJZAx94Jdg2F
XHbiwujn3Df2rsbvIJDCz7sg8APIMIPx7iDfEE/aT6fGTeX5LFPmsCiURLluRfOD
VGuHM+/KdFOdalzHK7V9E6ihd3Cs8Sv8Jg3vO/6xVtupkAZ/C3z3sDxzOeJEEMpw
AcRTeN4qriHehewh0c4NqlNoFwxrMzz4T0wEzjMqp2Ivk6Lv1yxqsWDlka+yKo3P
BtsOL9xrzscjSqiUDGpWkD/UntfLMj0aV+WZVurdR3fUSYiTLm8C51OuOfSXAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUQsCw1mGTU88ihOl4O+twANYkHlIwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNTgyMTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNCzED
BACNC0QwDQYJKoZIhvcNAQELBQADggEBABybk3nqWrVmiuaHCy3cHgfyQXTHyGHc
RxYI+cRG735+1aAOtzwTyUWm345MRJeooNDOBxGov41XjYRpYXaDTUVk3D/nXT79
roIJh4jJ8yQbIGK8h74q3valy7Iu+khrIHC4O6JNQP2JkQ19uZn2yp19rTSNPt/v
I11NoIqPvr3Ifr6hHk6P4d1lHRdkd3yBbv1Zd65ajGUX+Jy6jCxFdrFCJcfnNt8d
LkcALy2GWtUh+jviMTu3d3Gh45gY+Q/vekvfSORey1cfzVFQM8/LtVV42DYSyuL9
xs2A/br9j64FIFHoMAwTziD5QHhHtaBPX8dLOmOHeQYUn38coFftu/8=
-----END CERTIFICATE-----