Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS58212.roa
File:                     AS58212.roa (raw, json)
Hash identifier:          84pl09LKOdHHCubWomx6ZtyCC0OBLMAgtWWATWbwnzU=
Subject key identifier:   F4:D2:82:B8:E4:F4:04:C0:CA:4B:FE:69:BA:DF:E1:15:B3:66:F8:A4
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7FEB9B790C0AE13B5F7D077537A99C9BAF8D3388
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS58212.roa
Signing time:             Tue 27 May 2025 00:00:06 +0000
ROA not before:           Mon 26 May 2025 23:55:06 +0000
ROA not after:            Tue 26 May 2026 00:00:06 +0000
asID:                     58212
IP address blocks:        146.103.22.0/24 maxlen: 24
                          146.103.48.0/24 maxlen: 24
                          147.79.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:eb:9b:79:0c:0a:e1:3b:5f:7d:07:75:37:a9:9c:9b:af:8d:33:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 26 23:55:06 2025 GMT
            Not After : May 26 00:00:06 2026 GMT
        Subject: CN=F4D282B8E4F404C0CA4BFE69BADFE115B366F8A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2e:d6:12:9e:14:10:a5:d5:38:06:44:11:dc:
                    2e:53:8f:ca:74:ea:15:87:3d:8b:1d:6e:7a:49:40:
                    9b:5b:28:27:66:24:42:de:1a:bc:c3:4a:fd:93:08:
                    7d:00:03:1e:0e:68:ae:5d:6e:4a:00:63:25:72:8c:
                    e8:af:69:24:6a:c4:ab:53:df:8f:34:38:ac:bd:0c:
                    0d:f7:9d:bd:81:0d:44:ee:93:f5:bc:fe:4f:27:42:
                    2c:4e:c9:a1:34:3e:1e:b2:97:8b:eb:c2:fc:44:38:
                    e2:79:b5:87:7e:89:cc:17:c4:83:02:49:5b:8e:dd:
                    af:67:d3:c5:34:2e:81:03:47:67:d7:e8:81:43:f3:
                    07:64:22:d3:63:1e:89:1a:62:c2:db:9c:51:55:8b:
                    3e:79:2f:b3:9a:81:50:f1:ff:cf:48:35:de:00:7b:
                    c3:a2:e2:31:09:c8:57:0a:2c:f1:ee:c4:28:c6:cf:
                    c5:cc:17:a7:b5:cb:f5:89:79:03:ef:8c:9e:f6:9c:
                    89:92:fc:bf:6c:99:85:5b:22:3d:4c:25:4d:50:10:
                    ac:63:01:cc:db:7b:c0:fa:8e:18:95:0b:84:b2:11:
                    c6:fb:9f:25:3a:1c:5b:2b:a6:e1:83:11:e0:e7:aa:
                    38:ba:fd:5b:c0:a6:a9:39:f5:e9:67:1b:4d:cc:89:
                    09:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:D2:82:B8:E4:F4:04:C0:CA:4B:FE:69:BA:DF:E1:15:B3:66:F8:A4
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS58212.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.22.0/24
                  146.103.48.0/24
                  147.79.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:d5:9e:aa:15:ce:68:53:51:60:33:40:15:8c:79:6e:f7:9b:
         2e:21:9c:f1:b6:de:64:4e:af:a0:3e:e7:ff:be:13:b5:e5:a7:
         98:1a:c1:b3:23:73:ab:31:a9:41:a8:f5:6c:f9:6d:a0:3a:f4:
         e9:7e:28:4c:14:a2:76:c3:a6:53:08:9e:16:87:5e:09:d6:bd:
         40:ed:8b:20:20:41:a6:06:78:d9:ed:ff:24:73:56:e3:af:87:
         27:6f:fe:81:ac:cc:78:31:c5:ef:dd:c9:64:41:cd:a7:90:12:
         ed:b7:ba:b9:16:c2:5b:ce:25:2b:48:ad:db:ae:da:f3:3a:ae:
         e1:8d:06:67:41:b8:d5:ac:cc:19:bd:8c:d1:5b:2b:c3:9e:09:
         cc:be:d9:30:5c:f6:02:9d:5c:a7:a3:39:48:40:c7:a6:b6:2a:
         3f:20:0f:83:3f:07:d9:7b:88:8b:4d:46:d2:66:25:92:48:a1:
         4b:91:0b:21:a4:e0:35:4c:36:9f:fc:11:12:85:e4:be:99:c3:
         20:4e:d7:c7:92:9d:b7:97:b9:4d:9f:17:ef:f7:b2:23:4b:79:
         72:76:14:eb:d0:bc:7c:df:7f:66:13:7f:b0:86:53:9b:98:14:
         2f:74:d8:4c:88:77:d9:54:3b:90:90:c0:f3:f6:7b:cc:77:6c:
         cb:38:68:69
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUf+ubeQwK4TtffQd1N6mcm6+NM4gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MjYyMzU1MDZaFw0yNjA1MjYwMDAwMDZaMDMxMTAvBgNV
BAMTKEY0RDI4MkI4RTRGNDA0QzBDQTRCRkU2OUJBREZFMTE1QjM2NkY4QTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvLtYSnhQQpdU4BkQR3C5Tj8p0
6hWHPYsdbnpJQJtbKCdmJELeGrzDSv2TCH0AAx4OaK5dbkoAYyVyjOivaSRqxKtT
3480OKy9DA33nb2BDUTuk/W8/k8nQixOyaE0Ph6yl4vrwvxEOOJ5tYd+icwXxIMC
SVuO3a9n08U0LoEDR2fX6IFD8wdkItNjHokaYsLbnFFViz55L7OagVDx/89INd4A
e8Oi4jEJyFcKLPHuxCjGz8XMF6e1y/WJeQPvjJ72nImS/L9smYVbIj1MJU1QEKxj
Aczbe8D6jhiVC4SyEcb7nyU6HFsrpuGDEeDnqji6/VvApqk59elnG03MiQlHAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU9NKCuOT0BMDKS/5put/hFbNm+KQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTgyMTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACSZxYD
BACSZzADBACTTx4wDQYJKoZIhvcNAQELBQADggEBAE7VnqoVzmhTUWAzQBWMeW73
my4hnPG23mROr6A+5/++E7Xlp5gawbMjc6sxqUGo9Wz5baA69Ol+KEwUonbDplMI
nhaHXgnWvUDtiyAgQaYGeNnt/yRzVuOvhydv/oGszHgxxe/dyWRBzaeQEu23urkW
wlvOJStIrduu2vM6ruGNBmdBuNWszBm9jNFbK8OeCcy+2TBc9gKdXKejOUhAx6a2
Kj8gD4M/B9l7iItNRtJmJZJIoUuRCyGk4DVMNp/8ERKF5L6ZwyBO18eSnbeXuU2f
F+/3siNLeXJ2FOvQvHzff2YTf7CGU5uYFC902EyId9lUO5CQwPP2e8x3bMs4aGk=
-----END CERTIFICATE-----