Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS58212.roa
File:                     AS58212.roa (raw, json)
Hash identifier:          quZGIBoWUdz91szN6TjDWqS9l0qa3mkd84Ilza8SUAk=
Subject key identifier:   4A:79:79:BD:06:8C:3B:D0:6A:B1:5A:CE:5F:A3:C3:0D:87:55:38:9A
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6CA3EB7DB81C12EE0F2F6392FA05A954F00635FA
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS58212.roa
Signing time:             Fri 29 Aug 2025 21:39:10 +0000
ROA not before:           Fri 29 Aug 2025 21:34:10 +0000
ROA not after:            Fri 28 Aug 2026 21:39:10 +0000
asID:                     58212
IP address blocks:        82.24.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Sep 2025 19:30:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:a3:eb:7d:b8:1c:12:ee:0f:2f:63:92:fa:05:a9:54:f0:06:35:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug 29 21:34:10 2025 GMT
            Not After : Aug 28 21:39:10 2026 GMT
        Subject: CN=4A7979BD068C3BD06AB15ACE5FA3C30D8755389A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:98:c3:be:46:aa:4d:20:89:7f:5c:4f:45:6a:
                    e1:2e:07:56:fc:b9:9b:16:61:30:86:25:25:b2:e3:
                    28:13:64:27:b9:3c:6a:59:60:5e:75:8d:65:23:ca:
                    65:e2:f5:41:ba:c0:fd:68:5c:15:ad:4c:4d:81:4e:
                    71:b6:d2:d7:c4:1d:4e:14:49:d1:43:31:b3:0f:0a:
                    5b:71:aa:78:7c:4f:47:e6:1e:06:d9:e0:62:65:d2:
                    bb:80:47:21:99:4a:d6:67:08:53:5e:ed:c0:be:18:
                    e5:84:c7:65:d4:fa:6c:06:0c:77:08:72:76:87:1d:
                    bc:6e:cd:81:01:7a:5a:a0:2b:1c:33:fe:7e:b5:f1:
                    dc:61:9b:8d:c5:1c:3b:97:8b:3a:1a:74:ee:af:c7:
                    db:76:f6:13:41:ff:10:57:78:f9:95:18:94:24:7a:
                    7c:8c:10:02:61:24:69:fa:ff:42:5b:9f:d6:07:52:
                    dd:8c:09:a1:7c:8c:b5:a8:7e:d9:71:47:55:92:e4:
                    93:5b:2b:47:f8:8c:aa:9b:0f:1a:2e:7c:75:9e:f8:
                    46:95:1c:04:02:0b:85:36:26:57:ce:f9:ee:21:84:
                    52:04:1b:ba:60:f5:b6:1d:61:5c:8f:38:45:f4:de:
                    b3:b9:c6:87:e6:6c:ce:60:56:7f:8c:e3:e3:60:d1:
                    56:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:79:79:BD:06:8C:3B:D0:6A:B1:5A:CE:5F:A3:C3:0D:87:55:38:9A
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS58212.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:65:26:60:b3:8e:29:4c:7f:e9:14:12:2b:67:e2:b9:64:86:
         34:21:32:50:93:01:b8:6a:99:df:73:dc:33:6b:3d:eb:a8:85:
         07:75:5e:17:0d:c1:bb:35:ab:4c:75:b2:18:1a:d9:1b:8a:59:
         fb:e8:e6:96:e9:59:2f:e0:d2:16:32:40:a2:ab:1a:a0:fd:75:
         92:76:01:70:56:fe:52:e6:e2:5c:2f:dd:8c:7f:62:c8:cd:b5:
         7b:1c:04:5a:8b:ed:fe:46:71:82:42:4a:0b:10:9c:54:0b:31:
         74:77:05:2b:7b:72:04:43:66:cd:2f:e6:44:00:c5:ac:03:69:
         ef:6f:25:2c:00:ee:4c:5a:42:12:9f:c8:6a:3b:fe:aa:87:df:
         1a:17:68:ad:3a:5a:64:56:f2:aa:19:b5:c9:bf:9b:41:67:95:
         c9:89:6a:17:26:b8:7d:23:dc:39:17:9c:ae:56:13:72:b2:30:
         17:6b:cc:c9:90:dd:95:88:c3:e6:12:a3:f6:87:3d:c7:a2:d3:
         34:d9:93:e0:0c:af:68:6f:b0:90:e1:45:d2:a3:c1:95:79:78:
         33:74:23:83:65:59:59:4c:37:f6:3e:9a:f6:76:2d:1d:1c:35:
         26:df:3e:78:67:9b:d6:ff:4b:a0:22:25:5f:6f:d3:85:30:27:
         e8:15:64:1c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUbKPrfbgcEu4PL2OS+gWpVPAGNfowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MjkyMTM0MTBaFw0yNjA4MjgyMTM5MTBaMDMxMTAvBgNV
BAMTKDRBNzk3OUJEMDY4QzNCRDA2QUIxNUFDRTVGQTNDMzBEODc1NTM4OUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1mMO+RqpNIIl/XE9FauEuB1b8
uZsWYTCGJSWy4ygTZCe5PGpZYF51jWUjymXi9UG6wP1oXBWtTE2BTnG20tfEHU4U
SdFDMbMPCltxqnh8T0fmHgbZ4GJl0ruARyGZStZnCFNe7cC+GOWEx2XU+mwGDHcI
cnaHHbxuzYEBelqgKxwz/n618dxhm43FHDuXizoadO6vx9t29hNB/xBXePmVGJQk
enyMEAJhJGn6/0Jbn9YHUt2MCaF8jLWoftlxR1WS5JNbK0f4jKqbDxoufHWe+EaV
HAQCC4U2JlfO+e4hhFIEG7pg9bYdYVyPOEX03rO5xofmbM5gVn+M4+Ng0VbvAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUSnl5vQaMO9BqsVrOX6PDDYdVOJowHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTgyMTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSGGow
DQYJKoZIhvcNAQELBQADggEBAAJlJmCzjilMf+kUEitn4rlkhjQhMlCTAbhqmd9z
3DNrPeuohQd1XhcNwbs1q0x1shga2RuKWfvo5pbpWS/g0hYyQKKrGqD9dZJ2AXBW
/lLm4lwv3Yx/YsjNtXscBFqL7f5GcYJCSgsQnFQLMXR3BSt7cgRDZs0v5kQAxawD
ae9vJSwA7kxaQhKfyGo7/qqH3xoXaK06WmRW8qoZtcm/m0FnlcmJahcmuH0j3DkX
nK5WE3KyMBdrzMmQ3ZWIw+YSo/aHPcei0zTZk+AMr2hvsJDhRdKjwZV5eDN0I4Nl
WVlMN/Y+mvZ2LR0cNSbfPnhnm9b/S6AiJV9v04UwJ+gVZBw=
-----END CERTIFICATE-----