Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS58202.roa
File:                     AS58202.roa (raw, json)
Hash identifier:          EEz9WaHgk0ZLJYnhJZ1TzhNQqLvLPTkv8B2B50jrS8A=
Subject key identifier:   9A:94:7E:96:4A:2D:01:CE:99:0B:3A:54:DD:8D:92:0C:DB:A9:3F:76
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       67F4A4E84CD05399B384388B003F15372D3803F1
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS58202.roa
Signing time:             Tue 04 Feb 2025 00:17:07 +0000
ROA not before:           Tue 04 Feb 2025 00:12:07 +0000
ROA not after:            Tue 03 Feb 2026 00:17:07 +0000
asID:                     58202
IP address blocks:        2a14:7580::/48 maxlen: 48
                          2a14:7580:1::/48 maxlen: 48
                          2a14:7580:2::/48 maxlen: 48
                          2a14:7580:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:04:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:f4:a4:e8:4c:d0:53:99:b3:84:38:8b:00:3f:15:37:2d:38:03:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb  4 00:12:07 2025 GMT
            Not After : Feb  3 00:17:07 2026 GMT
        Subject: CN=9A947E964A2D01CE990B3A54DD8D920CDBA93F76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c9:a4:19:a3:95:07:b2:df:32:68:28:31:04:
                    16:29:d2:33:65:cd:a9:c5:9e:43:6b:b2:16:cf:e6:
                    4c:d4:f9:67:e4:44:56:54:0d:66:1a:3d:46:2a:42:
                    01:65:a9:c8:fa:18:a2:1e:58:b0:cf:ae:fb:00:6c:
                    d9:6c:4d:de:d1:13:05:fd:2d:82:32:02:a4:db:10:
                    79:cc:ae:a4:c7:53:27:c3:28:29:45:5f:36:42:a1:
                    77:9f:99:b4:16:f1:d6:ce:0b:25:1f:74:76:1e:9b:
                    aa:d4:74:6b:a3:b2:5d:e1:7b:bf:a9:bf:4d:88:b5:
                    1d:c0:62:72:8b:f9:df:e7:3d:60:d1:12:89:90:7c:
                    76:18:5f:79:38:06:d5:20:c3:57:8f:ae:96:d9:4f:
                    bd:ba:9a:b8:b0:14:3f:28:55:54:c9:cf:8f:7d:58:
                    0a:34:25:72:83:33:09:45:1f:fb:b0:d9:04:7c:0f:
                    c5:5d:3b:d6:d7:c6:39:90:da:d8:d5:6f:e8:02:ec:
                    4b:38:15:ee:dc:9a:36:fc:70:a4:7a:a2:4a:eb:10:
                    f5:a7:2d:d7:cc:5a:0d:bd:68:01:87:6d:09:55:b2:
                    94:7b:1e:80:e1:a3:ef:43:78:01:9d:bd:b8:f4:91:
                    5f:b0:3f:8c:54:dc:f6:39:85:68:53:87:69:f2:2d:
                    77:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:94:7E:96:4A:2D:01:CE:99:0B:3A:54:DD:8D:92:0C:DB:A9:3F:76
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS58202.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580::/46

    Signature Algorithm: sha256WithRSAEncryption
         74:28:34:58:7e:31:1c:81:2a:12:20:01:10:97:b1:db:45:8e:
         74:fa:1b:18:86:16:ae:40:e5:33:75:2c:4e:7c:09:4e:34:78:
         a4:f9:06:b2:a8:4a:27:2c:a4:7e:ce:e0:e3:39:3d:5f:13:2e:
         b2:f0:b7:a0:25:3c:27:ab:9e:8d:df:ba:c2:4e:8b:a4:74:90:
         34:0b:c4:c0:6e:be:e4:a7:26:d4:d7:d6:1a:e2:6c:d4:19:37:
         10:dc:93:88:51:39:0b:c8:69:00:bc:4a:06:3f:d4:9d:a1:e2:
         37:67:8d:ea:f7:24:f3:13:83:0b:1e:9b:51:f7:e1:48:92:04:
         18:7b:cd:ad:5f:3c:33:b3:ab:28:59:b9:c0:76:51:aa:80:96:
         cb:ea:6c:67:84:22:6d:1f:a3:78:4f:88:41:7b:4c:15:06:b0:
         c4:44:e0:d7:05:f3:0b:3d:cd:92:ce:d0:39:75:cc:72:1d:f2:
         de:64:b3:6e:cc:c2:4c:3c:43:2f:27:1c:ca:99:24:6d:0a:8d:
         a3:a9:cc:37:2d:7d:58:46:92:bb:a3:44:16:57:80:16:3e:53:
         6e:18:86:7a:a6:53:57:f1:5d:c0:38:96:f1:95:14:86:f0:04:
         f7:90:c0:11:c7:ae:80:5f:a5:e4:19:4b:b6:be:30:a8:dd:3c:
         00:01:78:11
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUZ/Sk6EzQU5mzhDiLAD8VNy04A/EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTAyMDQwMDEyMDdaFw0yNjAyMDMwMDE3MDdaMDMxMTAvBgNV
BAMTKDlBOTQ3RTk2NEEyRDAxQ0U5OTBCM0E1NEREOEQ5MjBDREJBOTNGNzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIyaQZo5UHst8yaCgxBBYp0jNl
zanFnkNrshbP5kzU+WfkRFZUDWYaPUYqQgFlqcj6GKIeWLDPrvsAbNlsTd7REwX9
LYIyAqTbEHnMrqTHUyfDKClFXzZCoXefmbQW8dbOCyUfdHYem6rUdGujsl3he7+p
v02ItR3AYnKL+d/nPWDREomQfHYYX3k4BtUgw1ePrpbZT726mriwFD8oVVTJz499
WAo0JXKDMwlFH/uw2QR8D8VdO9bXxjmQ2tjVb+gC7Es4Fe7cmjb8cKR6okrrEPWn
LdfMWg29aAGHbQlVspR7HoDho+9DeAGdvbj0kV+wP4xU3PY5hWhTh2nyLXeVAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUmpR+lkotAc6ZCzpU3Y2SDNupP3YwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTNTgyMDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwIqFHWA
AAAwDQYJKoZIhvcNAQELBQADggEBAHQoNFh+MRyBKhIgARCXsdtFjnT6GxiGFq5A
5TN1LE58CU40eKT5BrKoSicspH7O4OM5PV8TLrLwt6AlPCerno3fusJOi6R0kDQL
xMBuvuSnJtTX1hribNQZNxDck4hROQvIaQC8SgY/1J2h4jdnjer3JPMTgwsem1H3
4UiSBBh7za1fPDOzqyhZucB2UaqAlsvqbGeEIm0fo3hPiEF7TBUGsMRE4NcF8ws9
zZLO0Dl1zHId8t5ks27Mwkw8Qy8nHMqZJG0KjaOpzDctfVhGkrujRBZXgBY+U24Y
hnqmU1fxXcA4lvGVFIbwBPeQwBHHroBfpeQZS7a+MKjdPAABeBE=
-----END CERTIFICATE-----