Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS58212.roa
File:                     AS58212.roa (raw, json)
Hash identifier:          qqYiHRfmhIAXcFjMxEEHC5LR4harhE8j/xcImk4fX4M=
Subject key identifier:   6C:32:68:5C:4F:01:2F:44:59:3E:CE:07:C9:71:B6:E5:7F:CC:C3:C6
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1B1F1094EC90D8617C37BC37FBB8BF12B29A4FB7
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS58212.roa
Signing time:             Mon 16 Jun 2025 20:30:43 +0000
ROA not before:           Mon 16 Jun 2025 20:25:43 +0000
ROA not after:            Mon 15 Jun 2026 20:30:43 +0000
asID:                     58212
IP address blocks:        143.20.108.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:1f:10:94:ec:90:d8:61:7c:37:bc:37:fb:b8:bf:12:b2:9a:4f:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 16 20:25:43 2025 GMT
            Not After : Jun 15 20:30:43 2026 GMT
        Subject: CN=6C32685C4F012F44593ECE07C971B6E57FCCC3C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8b:57:a0:1e:35:cf:cc:37:6f:39:5e:23:26:
                    e9:86:9e:15:0b:6a:ad:4e:c5:ac:50:cd:dd:45:66:
                    98:f1:20:9e:9b:80:a8:40:71:0b:74:cf:3a:9e:30:
                    73:ae:47:ff:f2:ed:3f:6a:59:a7:8a:63:c3:56:0d:
                    0d:4b:e1:de:e1:bd:ee:d2:d2:22:e8:35:93:7f:f8:
                    4a:53:8b:04:f8:49:84:f4:e0:69:c5:8a:12:58:e7:
                    45:00:f7:89:a5:38:93:4c:21:9e:59:08:7b:82:5c:
                    05:f2:61:96:4a:06:10:2a:fc:4f:17:4d:3d:39:0a:
                    ab:8f:a4:0d:c8:e3:0e:20:8e:9a:77:13:39:5e:14:
                    93:ab:ab:d5:5a:8c:61:4f:ed:1e:3b:36:18:41:c1:
                    85:18:7e:5e:03:71:cb:94:44:fb:92:dc:47:53:28:
                    61:fd:29:06:cd:37:d7:a9:2b:05:1b:c5:66:d9:de:
                    b0:63:c4:d0:bd:7c:51:3f:d0:18:2f:69:ff:f2:d4:
                    4d:aa:f0:34:40:9c:a8:4a:4e:80:08:08:8e:29:f2:
                    b9:22:61:4d:1f:60:5c:73:d4:9a:f6:dd:3b:0c:e4:
                    b0:01:be:c0:ec:a9:5d:ba:5e:1f:93:13:aa:17:6c:
                    50:99:b5:5d:7e:60:f4:d3:74:68:62:a3:d1:0a:03:
                    bc:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:32:68:5C:4F:01:2F:44:59:3E:CE:07:C9:71:B6:E5:7F:CC:C3:C6
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS58212.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:ab:ae:a5:05:16:12:5c:f9:4d:9f:93:36:14:16:10:99:79:
         cb:f7:2a:af:c8:2b:ea:e3:7f:9f:36:91:55:20:5a:61:7b:97:
         97:7b:d4:c4:78:9d:df:26:94:e9:fe:04:c6:2f:56:30:40:b4:
         ab:be:99:58:88:4b:fc:f3:f9:07:50:73:a6:bf:aa:fe:bc:4a:
         43:26:82:94:a6:04:6f:cd:7b:81:c1:87:03:bc:b8:14:dc:d6:
         a2:53:05:bc:5a:af:b9:05:98:32:56:5b:dc:60:8c:68:00:00:
         fc:0d:73:c0:75:ad:98:f4:9b:68:b1:24:bd:df:eb:be:0c:a0:
         56:be:77:63:35:b7:42:0a:56:4b:a9:65:e6:43:7b:af:ce:89:
         3d:ce:08:24:e0:0e:f9:fb:95:5c:df:fd:f5:e4:2e:39:02:2b:
         69:34:20:b7:7f:fe:e7:eb:3c:b2:58:f6:aa:30:26:8e:4a:58:
         86:f7:c1:3a:5a:09:da:8a:2f:6e:b7:83:a2:20:2a:3b:d3:b2:
         f8:d9:ce:10:aa:0c:4c:51:d1:05:10:f1:ef:64:18:46:40:c3:
         d1:c3:a5:e6:d1:15:a1:d0:2f:71:c0:a0:fd:8f:f2:73:8f:9b:
         21:0b:b1:50:e4:36:2a:8c:97:a9:2f:4f:a9:7b:4c:b2:47:f0:
         2b:47:f9:5d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUGx8QlOyQ2GF8N7w3+7i/ErKaT7cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTYyMDI1NDNaFw0yNjA2MTUyMDMwNDNaMDMxMTAvBgNV
BAMTKDZDMzI2ODVDNEYwMTJGNDQ1OTNFQ0UwN0M5NzFCNkU1N0ZDQ0MzQzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5i1egHjXPzDdvOV4jJumGnhUL
aq1OxaxQzd1FZpjxIJ6bgKhAcQt0zzqeMHOuR//y7T9qWaeKY8NWDQ1L4d7hve7S
0iLoNZN/+EpTiwT4SYT04GnFihJY50UA94mlOJNMIZ5ZCHuCXAXyYZZKBhAq/E8X
TT05CquPpA3I4w4gjpp3EzleFJOrq9VajGFP7R47NhhBwYUYfl4DccuURPuS3EdT
KGH9KQbNN9epKwUbxWbZ3rBjxNC9fFE/0Bgvaf/y1E2q8DRAnKhKToAICI4p8rki
YU0fYFxz1Jr23TsM5LABvsDsqV26Xh+TE6oXbFCZtV1+YPTTdGhio9EKA7wVAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUbDJoXE8BL0RZPs4HyXG25X/Mw8YwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNTgyMTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKPFGww
DQYJKoZIhvcNAQELBQADggEBAA2rrqUFFhJc+U2fkzYUFhCZecv3Kq/IK+rjf582
kVUgWmF7l5d71MR4nd8mlOn+BMYvVjBAtKu+mViIS/zz+QdQc6a/qv68SkMmgpSm
BG/Ne4HBhwO8uBTc1qJTBbxar7kFmDJWW9xgjGgAAPwNc8B1rZj0m2ixJL3f674M
oFa+d2M1t0IKVkupZeZDe6/OiT3OCCTgDvn7lVzf/fXkLjkCK2k0ILd//ufrPLJY
9qowJo5KWIb3wTpaCdqKL263g6IgKjvTsvjZzhCqDExR0QUQ8e9kGEZAw9HDpebR
FaHQL3HAoP2P8nOPmyELsVDkNiqMl6kvT6l7TLJH8CtH+V0=
-----END CERTIFICATE-----