Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS58212.roa
File:                     AS58212.roa (raw, json)
Hash identifier:          PbDmRytHiYUWo9yqVwS1T3gssEzJKfGK9DbUhPkVkoQ=
Subject key identifier:   F3:BE:70:C5:97:76:95:AE:F7:E6:05:66:FE:22:3A:06:F2:9A:62:44
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       37F7BD4166ED799538D44D26E9914E91448496C0
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS58212.roa
Signing time:             Wed 25 Sep 2024 22:11:25 +0000
ROA not before:           Wed 25 Sep 2024 22:06:25 +0000
ROA not after:            Wed 24 Sep 2025 22:11:25 +0000
asID:                     58212
IP address blocks:        141.11.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:f7:bd:41:66:ed:79:95:38:d4:4d:26:e9:91:4e:91:44:84:96:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep 25 22:06:25 2024 GMT
            Not After : Sep 24 22:11:25 2025 GMT
        Subject: CN=F3BE70C5977695AEF7E60566FE223A06F29A6244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:56:e9:32:38:8c:46:74:cc:36:cf:73:ae:ef:
                    8a:1d:24:37:77:da:5d:44:31:bb:b0:fb:f7:2f:80:
                    41:f7:d9:e2:50:85:eb:a7:bd:9c:cd:b5:b0:65:1b:
                    22:6d:54:c9:13:e1:ce:35:27:a5:3d:9a:41:67:f3:
                    16:23:7d:91:16:48:d4:ea:7e:a0:2b:d6:f0:f5:51:
                    d0:57:ff:da:87:52:f5:06:11:e7:6c:4b:ae:3d:12:
                    22:87:6f:29:d1:80:64:9a:21:8c:14:bc:74:3c:34:
                    43:f9:5a:b8:d6:ee:13:9d:8d:c8:ed:31:89:fe:55:
                    69:67:e4:61:15:16:4c:f4:3e:3e:52:96:b7:76:74:
                    ba:78:d3:51:ce:6e:2a:e4:42:3d:a0:24:26:4f:61:
                    4d:8b:a6:f2:35:75:7e:23:d6:37:7c:81:8d:47:1d:
                    dc:43:38:60:9a:14:f1:bc:93:fa:d8:4a:9e:36:65:
                    e6:d8:64:06:ae:2e:69:0f:cc:99:be:cf:d5:da:34:
                    b6:11:38:b1:4b:64:a5:e0:d4:a5:9c:6d:6f:2c:39:
                    7b:11:1b:39:2f:32:a9:98:47:db:a0:3f:41:34:92:
                    30:b1:fc:7d:3f:b8:bc:fa:ec:e9:02:eb:06:9e:dc:
                    42:e4:50:3d:4d:54:4b:b3:6b:7f:8f:83:96:fa:33:
                    e2:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:BE:70:C5:97:76:95:AE:F7:E6:05:66:FE:22:3A:06:F2:9A:62:44
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS58212.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:4b:9f:0d:0e:f6:13:04:7e:ab:0b:d9:e1:52:bd:98:96:bc:
         d4:96:f0:67:29:eb:89:f5:1a:97:2f:ca:3c:0d:18:7d:ce:7c:
         14:cc:06:f5:2c:99:88:9d:69:a7:a3:2a:77:9e:aa:30:41:1d:
         29:bf:62:e3:b9:e4:10:20:b8:52:b9:2e:e3:ed:5b:d7:80:7b:
         91:4e:c6:25:11:c6:f8:87:18:f1:2b:da:d3:28:3b:c3:ed:84:
         9a:92:c8:99:7b:4c:1e:f0:ec:f9:61:c5:8d:0f:c4:f1:c3:7c:
         a2:00:4d:2e:64:f6:2a:bf:93:a3:40:85:04:29:e9:3e:9e:c0:
         b7:f1:8e:6d:bd:3f:dc:3f:5f:c2:4a:48:36:9e:90:5c:42:7d:
         db:97:45:e4:0e:23:81:40:1a:7e:a2:d5:ca:cf:ec:ea:ca:79:
         99:0e:0d:84:73:6a:8e:e7:22:ae:05:cd:48:2d:21:31:26:d9:
         e9:c2:74:bf:ce:a6:ef:d8:09:dd:43:06:9f:b8:52:de:c0:df:
         9c:cd:e3:ae:7b:d0:af:f5:33:6b:b0:28:87:52:aa:ab:b8:64:
         ca:21:c4:4c:3e:a4:df:37:cc:77:76:8b:b5:91:9b:a6:81:ec:
         3b:5e:b2:7e:e5:d6:ca:ec:05:38:fb:e5:9e:70:02:d1:b7:d0:
         fd:b4:4e:cc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUN/e9QWbteZU41E0m6ZFOkUSElsAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA5MjUyMjA2MjVaFw0yNTA5MjQyMjExMjVaMDMxMTAvBgNV
BAMTKEYzQkU3MEM1OTc3Njk1QUVGN0U2MDU2NkZFMjIzQTA2RjI5QTYyNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLVukyOIxGdMw2z3Ou74odJDd3
2l1EMbuw+/cvgEH32eJQheunvZzNtbBlGyJtVMkT4c41J6U9mkFn8xYjfZEWSNTq
fqAr1vD1UdBX/9qHUvUGEedsS649EiKHbynRgGSaIYwUvHQ8NEP5WrjW7hOdjcjt
MYn+VWln5GEVFkz0Pj5Slrd2dLp401HObirkQj2gJCZPYU2LpvI1dX4j1jd8gY1H
HdxDOGCaFPG8k/rYSp42ZebYZAauLmkPzJm+z9XaNLYROLFLZKXg1KWcbW8sOXsR
GzkvMqmYR9ugP0E0kjCx/H0/uLz67OkC6wae3ELkUD1NVEuza3+Pg5b6M+JTAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU875wxZd2la735gVm/iI6BvKaYkQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNTgyMTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCzEw
DQYJKoZIhvcNAQELBQADggEBAGRLnw0O9hMEfqsL2eFSvZiWvNSW8Gcp64n1Gpcv
yjwNGH3OfBTMBvUsmYidaaejKneeqjBBHSm/YuO55BAguFK5LuPtW9eAe5FOxiUR
xviHGPEr2tMoO8PthJqSyJl7TB7w7PlhxY0PxPHDfKIATS5k9iq/k6NAhQQp6T6e
wLfxjm29P9w/X8JKSDaekFxCfduXReQOI4FAGn6i1crP7OrKeZkODYRzao7nIq4F
zUgtITEm2enCdL/Opu/YCd1DBp+4Ut7A35zN46570K/1M2uwKIdSqqu4ZMohxEw+
pN83zHd2i7WRm6aB7Dtesn7l1srsBTj75Z5wAtG30P20Tsw=
-----END CERTIFICATE-----