Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS58232.roa
File:                     AS58232.roa (raw, json)
Hash identifier:          FVs3VhkprI0Dx6cbYcnSWjdy9TWSmJN0ihKdviN30cA=
Subject key identifier:   07:CC:AC:95:D7:67:3F:D6:01:C4:5A:BA:B3:80:75:CA:48:15:16:76
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       5CAFA487F6C60FF4187A6A950279B9FCDC6853A4
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS58232.roa
Signing time:             Sat 13 Jun 2026 15:09:30 +0000
ROA not before:           Sat 13 Jun 2026 15:04:30 +0000
ROA not after:            Sat 12 Jun 2027 15:09:30 +0000
asID:                     58232
IP address blocks:        95.135.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Jun 2026 02:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:af:a4:87:f6:c6:0f:f4:18:7a:6a:95:02:79:b9:fc:dc:68:53:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 13 15:04:30 2026 GMT
            Not After : Jun 12 15:09:30 2027 GMT
        Subject: CN=07CCAC95D7673FD601C45ABAB38075CA48151676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:bb:89:08:9e:58:1b:16:c9:84:24:a5:dc:c0:
                    f7:39:e8:67:21:b6:bc:27:4a:af:82:e3:8b:40:2e:
                    ca:8d:92:72:3c:86:f7:67:3b:62:cb:9a:59:5a:b9:
                    18:5e:9a:36:92:e0:03:8e:79:04:a5:48:c6:c5:b6:
                    35:c0:86:85:e3:3c:0f:23:35:50:98:13:00:23:e9:
                    a5:89:5b:d6:fb:5d:fb:fe:16:c6:3a:d4:dd:5a:f9:
                    3f:4f:f9:c7:cd:4e:6c:b6:09:c8:c1:f6:84:3d:bd:
                    dd:5f:94:39:48:b2:e4:7e:73:66:53:c4:00:e9:85:
                    96:62:61:71:c7:eb:15:c6:e9:0b:a3:5f:51:ef:b4:
                    96:e2:ef:58:05:bf:a3:6f:9a:4b:a8:ff:0c:bd:40:
                    1c:9e:92:78:a0:c5:8f:4a:d4:80:71:5f:f8:0f:c4:
                    a9:85:0c:84:bf:12:f6:67:0c:f0:37:07:99:f1:92:
                    23:7d:ec:9e:30:67:f2:80:5a:c9:2d:62:ba:74:fe:
                    c0:27:ac:a6:95:84:fc:06:d0:14:71:ec:59:f5:f4:
                    3a:02:de:cf:7e:08:55:fb:e2:80:46:cf:a8:53:b6:
                    dd:ee:f9:33:28:d0:f4:57:a8:49:58:10:23:89:90:
                    b4:09:b3:d7:c2:fe:b7:8d:fb:ef:ea:a6:1b:87:1c:
                    56:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:CC:AC:95:D7:67:3F:D6:01:C4:5A:BA:B3:80:75:CA:48:15:16:76
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS58232.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:9c:71:03:9f:11:16:69:9b:b8:79:11:6d:4a:57:07:78:ce:
         35:38:c7:d4:b8:cd:bf:e0:bc:e1:fc:2a:51:b1:9a:dc:ee:2b:
         4f:42:79:4c:2c:73:b6:ac:d2:31:1d:7b:fe:e3:d5:76:5d:0b:
         40:b6:93:46:30:d5:b5:b5:4e:64:77:d4:da:ce:ea:70:b5:71:
         cb:8b:c1:be:bb:e4:d5:56:f7:a6:60:c2:e2:99:cc:dc:74:47:
         ba:1d:c8:2d:33:29:3b:74:ab:b7:38:da:78:d4:54:73:11:81:
         c0:30:32:f9:a5:96:bd:ad:9d:75:91:0d:34:f0:30:2f:b0:08:
         1b:03:ac:f6:3b:54:69:38:52:d4:f4:cf:8a:2b:9d:26:b4:d3:
         59:b9:f8:a3:ea:5f:79:91:c4:84:1f:15:b4:8a:4c:92:7a:37:
         0f:4b:0b:39:fe:bf:5d:74:a2:2a:77:8f:d6:f9:5a:0c:97:c0:
         05:16:94:bc:ca:ae:d6:95:cc:92:08:00:39:7d:86:06:55:40:
         bb:76:62:64:7b:13:2f:43:45:43:22:97:b3:f2:94:90:79:ea:
         9f:85:37:f0:cb:14:1a:f4:84:46:d0:1e:50:cd:17:3c:f6:dd:
         f5:11:6d:50:68:66:68:8a:7a:1b:16:57:a5:52:33:49:d6:71:
         c5:b8:bf:29
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUXK+kh/bGD/QYemqVAnm5/NxoU6QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MTMxNTA0MzBaFw0yNzA2MTIxNTA5MzBaMDMxMTAvBgNV
BAMTKDA3Q0NBQzk1RDc2NzNGRDYwMUM0NUFCQUIzODA3NUNBNDgxNTE2NzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwu4kInlgbFsmEJKXcwPc56Gch
trwnSq+C44tALsqNknI8hvdnO2LLmllauRhemjaS4AOOeQSlSMbFtjXAhoXjPA8j
NVCYEwAj6aWJW9b7Xfv+FsY61N1a+T9P+cfNTmy2CcjB9oQ9vd1flDlIsuR+c2ZT
xADphZZiYXHH6xXG6QujX1HvtJbi71gFv6Nvmkuo/wy9QByeknigxY9K1IBxX/gP
xKmFDIS/EvZnDPA3B5nxkiN97J4wZ/KAWsktYrp0/sAnrKaVhPwG0BRx7Fn19DoC
3s9+CFX74oBGz6hTtt3u+TMo0PRXqElYECOJkLQJs9fC/reN++/qphuHHFa/AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUB8yslddnP9YBxFq6s4B1ykgVFnYwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNTgyMzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABfh30w
DQYJKoZIhvcNAQELBQADggEBAGCccQOfERZpm7h5EW1KVwd4zjU4x9S4zb/gvOH8
KlGxmtzuK09CeUwsc7as0jEde/7j1XZdC0C2k0Yw1bW1TmR31NrO6nC1ccuLwb67
5NVW96ZgwuKZzNx0R7odyC0zKTt0q7c42njUVHMRgcAwMvmllr2tnXWRDTTwMC+w
CBsDrPY7VGk4UtT0z4ornSa001m5+KPqX3mRxIQfFbSKTJJ6Nw9LCzn+v110oip3
j9b5WgyXwAUWlLzKrtaVzJIIADl9hgZVQLt2YmR7Ey9DRUMil7PylJB56p+FN/DL
FBr0hEbQHlDNFzz23fURbVBoZmiKehsWV6VSM0nWccW4vyk=
-----END CERTIFICATE-----