Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS60458.roa
File:                     AS60458.roa (raw, json)
Hash identifier:          ZvMmUUmGMnEmtPtmMT/EXYKbcZF1auOYkhfW9tDZz9Q=
Subject key identifier:   FF:4B:46:64:21:83:3E:26:69:97:F5:E2:2C:3E:38:96:55:5E:1E:9F
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       770D7970001882183E571B24D0751CA695DEC9F0
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS60458.roa
Signing time:             Mon 02 Mar 2026 11:46:39 +0000
ROA not before:           Mon 02 Mar 2026 11:41:39 +0000
ROA not after:            Mon 01 Mar 2027 11:46:39 +0000
asID:                     60458
IP address blocks:        194.60.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 04:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:0d:79:70:00:18:82:18:3e:57:1b:24:d0:75:1c:a6:95:de:c9:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar  2 11:41:39 2026 GMT
            Not After : Mar  1 11:46:39 2027 GMT
        Subject: CN=FF4B466421833E266997F5E22C3E3896555E1E9F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b7:a3:16:ce:95:a7:ca:42:4a:8b:6b:df:42:
                    4b:2b:c4:f8:69:d2:17:e7:4f:85:28:8c:c7:36:b3:
                    46:f3:76:84:c8:50:da:ba:e9:d2:e6:6f:c0:8a:55:
                    7a:2e:4a:45:83:4c:90:ea:fd:2c:eb:0a:b5:bd:38:
                    23:04:f0:7d:09:0f:e6:c4:34:2d:df:af:a6:46:24:
                    66:14:a5:f6:68:1a:23:fc:a7:2d:9e:9d:f8:e4:2a:
                    ec:de:d9:1f:78:58:bf:cf:11:71:ac:40:48:c8:70:
                    2e:a5:ea:67:eb:74:e5:77:96:f8:10:f3:fc:06:dd:
                    65:f4:06:5e:f9:ec:e7:d5:05:7e:73:1b:90:65:5e:
                    ce:d9:48:f1:78:34:ab:90:ff:09:bf:93:ce:d0:50:
                    9f:dd:8f:b3:e8:ab:01:4a:eb:25:1f:98:37:b4:36:
                    b7:56:d5:57:51:af:d9:e7:b0:6c:1d:90:30:a3:d2:
                    b5:0f:6b:26:14:73:45:26:90:5a:18:3c:d7:f1:1a:
                    56:c6:88:64:8c:d7:2d:e2:ee:26:b9:28:1a:14:b4:
                    01:c0:d1:49:5f:51:bd:ef:84:c6:97:a6:3f:9b:89:
                    d1:62:1e:0e:2c:86:34:85:1a:66:74:32:13:cc:47:
                    e8:6d:24:c9:1c:fc:3b:44:1f:5d:ce:b2:7e:6c:0b:
                    ce:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:4B:46:64:21:83:3E:26:69:97:F5:E2:2C:3E:38:96:55:5E:1E:9F
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS60458.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:76:5f:4f:54:4d:ca:4b:c0:f2:23:84:72:ef:df:1d:ef:1c:
         28:4a:c9:b6:83:de:1b:2c:22:d2:53:44:95:97:d8:31:bc:c8:
         b0:74:67:22:60:19:f8:a9:27:08:31:68:3a:73:96:4b:e1:bb:
         52:4c:f1:59:9f:ea:4b:49:79:a7:e3:47:db:14:90:41:69:ee:
         e7:c1:04:22:f5:be:16:53:5f:b3:92:ce:75:95:91:3a:38:e7:
         db:d7:0a:07:d6:a6:2e:99:3e:2f:81:75:aa:ce:a5:44:b4:29:
         ac:60:99:49:2e:6f:28:cb:bb:f7:2a:70:ab:16:8f:0f:67:ff:
         29:d7:14:79:43:3e:85:a4:42:c0:3d:af:cc:b4:54:ed:19:38:
         d7:89:5b:ed:fd:6c:bc:62:4c:0b:ea:eb:45:6a:b5:51:24:65:
         47:64:68:e5:80:8c:54:d9:fb:14:57:19:d8:b1:cb:7e:35:e8:
         71:f7:be:70:1c:3b:7f:b2:0f:3b:31:59:e8:db:e9:75:4e:ff:
         b9:14:2f:55:e1:6c:c5:87:ad:70:1b:00:68:8a:20:a6:e2:0a:
         85:e9:22:de:78:db:19:17:ac:80:e7:fb:dd:9e:62:39:ae:79:
         5b:25:60:9a:0c:5f:0f:8f:4d:5b:4e:bd:03:2f:44:4d:cc:c3:
         1c:e5:b4:3a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdw15cAAYghg+Vxsk0HUcppXeyfAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMDIxMTQxMzlaFw0yNzAzMDExMTQ2MzlaMDMxMTAvBgNV
BAMTKEZGNEI0NjY0MjE4MzNFMjY2OTk3RjVFMjJDM0UzODk2NTU1RTFFOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgt6MWzpWnykJKi2vfQksrxPhp
0hfnT4UojMc2s0bzdoTIUNq66dLmb8CKVXouSkWDTJDq/SzrCrW9OCME8H0JD+bE
NC3fr6ZGJGYUpfZoGiP8py2enfjkKuze2R94WL/PEXGsQEjIcC6l6mfrdOV3lvgQ
8/wG3WX0Bl757OfVBX5zG5BlXs7ZSPF4NKuQ/wm/k87QUJ/dj7PoqwFK6yUfmDe0
NrdW1VdRr9nnsGwdkDCj0rUPayYUc0UmkFoYPNfxGlbGiGSM1y3i7ia5KBoUtAHA
0UlfUb3vhMaXpj+bidFiHg4shjSFGmZ0MhPMR+htJMkc/DtEH13Osn5sC86/AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU/0tGZCGDPiZpl/XiLD44llVeHp8wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNjA0NTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCPFgw
DQYJKoZIhvcNAQELBQADggEBAKB2X09UTcpLwPIjhHLv3x3vHChKybaD3hssItJT
RJWX2DG8yLB0ZyJgGfipJwgxaDpzlkvhu1JM8Vmf6ktJeafjR9sUkEFp7ufBBCL1
vhZTX7OSznWVkTo459vXCgfWpi6ZPi+BdarOpUS0KaxgmUkubyjLu/cqcKsWjw9n
/ynXFHlDPoWkQsA9r8y0VO0ZONeJW+39bLxiTAvq60VqtVEkZUdkaOWAjFTZ+xRX
Gdixy3416HH3vnAcO3+yDzsxWejb6XVO/7kUL1XhbMWHrXAbAGiKIKbiCoXpIt54
2xkXrIDn+92eYjmueVslYJoMXw+PTVtOvQMvRE3MwxzltDo=
-----END CERTIFICATE-----