Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58212.roa
File:                     AS58212.roa (raw, json)
Hash identifier:          lAbVDvenLRTTJ++no+PRiMjNPgK+niq3GzSQaMnj2O4=
Subject key identifier:   4D:27:DC:73:21:C7:90:CD:5C:4E:7C:6E:8E:30:4D:79:C8:B8:8F:9E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7D2DECB54E5606F06861D37020561176FB919B5C
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58212.roa
Signing time:             Mon 01 Apr 2024 00:02:02 +0000
ROA not before:           Sun 31 Mar 2024 23:57:02 +0000
ROA not after:            Mon 31 Mar 2025 00:02:02 +0000
asID:                     58212
IP address blocks:        92.118.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:2d:ec:b5:4e:56:06:f0:68:61:d3:70:20:56:11:76:fb:91:9b:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 31 23:57:02 2024 GMT
            Not After : Mar 31 00:02:02 2025 GMT
        Subject: CN=4D27DC7321C790CD5C4E7C6E8E304D79C8B88F9E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0f:21:01:53:ec:c7:b5:dc:ee:b8:64:0b:59:
                    77:4e:c9:a3:b4:9f:29:e5:f1:07:73:5e:a9:c8:33:
                    71:d7:53:1a:2d:a7:1c:d2:a3:fd:8f:85:bd:ab:28:
                    e4:1c:a2:d6:c3:6a:38:1c:45:30:e2:37:19:9b:42:
                    ee:d1:a8:7f:15:3a:50:3d:f3:47:3a:d1:10:cb:0e:
                    17:93:71:e2:5a:5d:49:c9:e0:bf:5d:8b:69:d9:f9:
                    ee:02:3d:60:31:63:38:2f:af:25:bb:27:d9:3e:98:
                    fc:ce:e1:34:50:41:d0:d2:e2:68:0f:24:ed:86:b1:
                    3c:a2:bf:4c:46:22:3c:da:1e:1a:fa:e9:9e:95:d3:
                    24:b3:0d:b3:75:9d:51:fc:18:d1:7b:fa:ef:a6:4f:
                    dd:1f:c6:81:98:32:2a:04:4e:e1:38:67:9e:8f:25:
                    8a:dd:5e:0d:93:01:79:29:6b:7b:52:3f:5a:c8:5f:
                    15:86:b9:08:96:a7:eb:1b:8b:0d:6c:d2:02:6a:0f:
                    be:0e:95:b0:93:4f:db:12:2d:06:93:1f:87:c6:d3:
                    44:a3:cd:c7:09:7d:d4:5b:60:38:a7:97:98:a0:91:
                    4f:84:00:58:44:d3:55:8e:8a:d8:26:7b:b1:ef:ae:
                    7f:e8:1e:c6:2b:7d:a8:df:b0:b2:d8:11:4f:cf:87:
                    32:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:27:DC:73:21:C7:90:CD:5C:4E:7C:6E:8E:30:4D:79:C8:B8:8F:9E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58212.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:1e:ef:ce:46:24:fd:47:91:1e:e5:37:e0:97:dc:83:cc:2b:
         ce:0e:6e:ab:8e:fa:a8:89:b5:85:85:fb:de:10:90:26:34:9b:
         ed:01:d3:58:04:d4:1c:61:0f:a0:6d:a8:b5:c5:78:02:0b:a5:
         cf:55:ca:17:9e:7a:19:97:d0:4c:61:6b:43:03:e1:7c:7c:02:
         51:e8:26:64:ee:1b:cc:f4:51:48:36:b3:5b:cb:07:01:cf:50:
         a7:b3:c2:4f:b4:9c:e5:10:68:fd:1f:a7:b2:39:b4:00:e0:9d:
         d8:57:1f:84:91:45:31:49:8c:d6:b0:51:2a:73:68:6e:17:6b:
         87:3d:8f:df:ef:a1:f0:f0:da:f3:cc:80:84:fd:e6:b0:b8:39:
         31:bc:41:bd:ef:a8:1c:bf:68:f8:c6:57:33:32:e5:61:11:71:
         c7:ac:44:3f:e0:a1:d7:83:cd:d2:24:5b:9a:4b:ca:b7:47:b4:
         c0:d1:d0:d7:0a:1c:e3:d9:5a:78:48:f8:ba:1f:a8:97:b5:ab:
         be:15:80:3e:9e:13:69:c6:f4:6a:6d:85:2e:9c:fc:16:c8:87:
         e3:4d:e3:b0:ea:73:cd:c5:1c:69:eb:33:9d:ea:0e:01:00:72:
         21:ac:cf:13:b4:90:70:3c:eb:3f:d9:23:a5:e2:7a:e4:ed:dc:
         cb:5f:92:5e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUfS3stU5WBvBoYdNwIFYRdvuRm1wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAzMzEyMzU3MDJaFw0yNTAzMzEwMDAyMDJaMDMxMTAvBgNV
BAMTKDREMjdEQzczMjFDNzkwQ0Q1QzRFN0M2RThFMzA0RDc5QzhCODhGOUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2DyEBU+zHtdzuuGQLWXdOyaO0
nynl8QdzXqnIM3HXUxotpxzSo/2Phb2rKOQcotbDajgcRTDiNxmbQu7RqH8VOlA9
80c60RDLDheTceJaXUnJ4L9di2nZ+e4CPWAxYzgvryW7J9k+mPzO4TRQQdDS4mgP
JO2GsTyiv0xGIjzaHhr66Z6V0ySzDbN1nVH8GNF7+u+mT90fxoGYMioETuE4Z56P
JYrdXg2TAXkpa3tSP1rIXxWGuQiWp+sbiw1s0gJqD74OlbCTT9sSLQaTH4fG00Sj
zccJfdRbYDinl5igkU+EAFhE01WOitgme7Hvrn/oHsYrfajfsLLYEU/PhzIBAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUTSfccyHHkM1cTnxujjBNeci4j54wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTgyMTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABcdqAw
DQYJKoZIhvcNAQELBQADggEBABIe785GJP1HkR7lN+CX3IPMK84ObquO+qiJtYWF
+94QkCY0m+0B01gE1BxhD6BtqLXFeAILpc9VyheeehmX0Exha0MD4Xx8AlHoJmTu
G8z0UUg2s1vLBwHPUKezwk+0nOUQaP0fp7I5tADgndhXH4SRRTFJjNawUSpzaG4X
a4c9j9/vofDw2vPMgIT95rC4OTG8Qb3vqBy/aPjGVzMy5WERccesRD/godeDzdIk
W5pLyrdHtMDR0NcKHOPZWnhI+LofqJe1q74VgD6eE2nG9GpthS6c/BbIh+NN47Dq
c83FHGnrM53qDgEAciGszxO0kHA86z/ZI6XieuTt3Mtfkl4=
-----END CERTIFICATE-----