Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS30058.roa
File:                     AS30058.roa (raw, json)
Hash identifier:          2oAblGFTQzdhK4Ftyf9qwOHXzPvqnGB+HPWgNAFKEwc=
Subject key identifier:   6C:0F:72:20:E7:2B:DE:3D:92:0D:E8:A9:BA:EB:04:64:53:22:C7:DA
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       01CD66C34940E950116E81F4AD2BC50C1803C2B5
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS30058.roa
Signing time:             Tue 29 Jul 2025 11:19:46 +0000
ROA not before:           Tue 29 Jul 2025 11:14:46 +0000
ROA not after:            Tue 28 Jul 2026 11:19:46 +0000
asID:                     30058
IP address blocks:        82.22.125.0/24 maxlen: 24
                          82.26.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 01:11:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:cd:66:c3:49:40:e9:50:11:6e:81:f4:ad:2b:c5:0c:18:03:c2:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 29 11:14:46 2025 GMT
            Not After : Jul 28 11:19:46 2026 GMT
        Subject: CN=6C0F7220E72BDE3D920DE8A9BAEB04645322C7DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:28:07:44:3b:d2:b7:f7:e6:3f:bc:b0:31:d6:
                    88:b7:d3:c1:e0:a6:e5:26:88:04:6e:15:09:7b:96:
                    8d:ae:fc:74:29:8a:7f:87:bf:db:db:f5:53:9c:33:
                    26:70:b0:99:08:7c:be:eb:81:5c:72:0c:64:72:bc:
                    c2:bd:f7:30:b2:d4:67:f6:cb:20:b7:75:4a:bb:02:
                    2a:16:be:f4:94:d0:2f:2d:31:be:27:4e:bb:b0:d0:
                    fc:e3:44:8d:be:56:1f:f3:7b:09:41:d7:b7:e3:7c:
                    9a:f3:32:f9:dc:52:4b:a9:59:70:3b:20:fe:66:0b:
                    56:d4:b8:d6:d1:70:05:51:1b:17:a9:42:1f:ee:cf:
                    fb:16:15:e9:0b:39:e1:c6:20:31:dd:fd:b1:9d:d4:
                    91:ca:a0:cc:f9:f1:57:5d:c8:2f:74:b6:67:b3:ce:
                    7d:71:2a:44:47:7e:fd:bf:90:28:c2:bc:89:fe:f5:
                    c2:73:9a:fb:2e:ca:da:8e:5c:db:d6:53:52:17:85:
                    2f:76:a3:02:0e:e6:7d:17:69:02:78:5b:d2:f1:3c:
                    cf:2d:be:1b:8e:a3:14:69:75:ee:e5:cb:1b:08:de:
                    41:8c:28:11:16:80:27:49:8b:38:74:3a:44:2f:13:
                    61:1f:6c:d8:21:b4:30:76:9c:1b:16:a6:74:f4:48:
                    ea:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:0F:72:20:E7:2B:DE:3D:92:0D:E8:A9:BA:EB:04:64:53:22:C7:DA
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS30058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.125.0/24
                  82.26.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:a1:d2:c3:70:f2:4c:0f:e1:32:1c:bf:6f:a0:d3:f1:bd:82:
         32:60:cf:ea:51:0e:67:fc:9e:ed:43:df:4b:d2:94:60:86:22:
         d7:5f:e6:5d:07:c9:76:a9:47:62:81:9b:90:08:0a:2c:ab:18:
         0c:90:c5:2a:1c:62:2e:8f:55:ef:b6:19:8b:4a:52:4a:ff:86:
         33:6c:0d:ae:14:36:a5:9e:85:46:21:2c:92:43:b5:ca:bf:68:
         86:37:77:6c:9e:3f:46:2f:68:8a:6f:1a:67:6f:87:cf:41:29:
         23:46:11:03:78:0c:6c:cb:d8:f9:13:c5:f8:76:d1:e1:09:d5:
         43:7b:fd:80:99:20:1e:f0:08:2c:e7:1c:25:c7:c3:8f:40:7e:
         e0:f8:b2:84:10:32:d0:85:3e:e6:4f:d2:b8:74:f2:76:54:55:
         4c:c8:e3:42:7b:b2:75:bc:46:c5:a2:6a:c6:6f:ca:fb:a3:bb:
         97:9f:06:8c:3e:c0:ff:04:d1:b5:36:f3:7e:75:a6:9d:78:4e:
         ee:f1:e4:9f:e6:d5:11:08:cd:2e:46:13:35:9f:b7:44:f2:98:
         4b:ed:8a:cc:b0:35:5c:1e:5a:8f:05:d7:d6:55:32:8a:5a:51:
         57:2e:e0:63:8b:d3:0b:10:dd:8d:f3:cf:8a:88:4d:62:02:57:
         e1:e7:aa:16
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUAc1mw0lA6VARboH0rSvFDBgDwrUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MjkxMTE0NDZaFw0yNjA3MjgxMTE5NDZaMDMxMTAvBgNV
BAMTKDZDMEY3MjIwRTcyQkRFM0Q5MjBERThBOUJBRUIwNDY0NTMyMkM3REEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCKAdEO9K39+Y/vLAx1oi308Hg
puUmiARuFQl7lo2u/HQpin+Hv9vb9VOcMyZwsJkIfL7rgVxyDGRyvMK99zCy1Gf2
yyC3dUq7AioWvvSU0C8tMb4nTruw0PzjRI2+Vh/zewlB17fjfJrzMvncUkupWXA7
IP5mC1bUuNbRcAVRGxepQh/uz/sWFekLOeHGIDHd/bGd1JHKoMz58VddyC90tmez
zn1xKkRHfv2/kCjCvIn+9cJzmvsuytqOXNvWU1IXhS92owIO5n0XaQJ4W9LxPM8t
vhuOoxRpde7lyxsI3kGMKBEWgCdJizh0OkQvE2EfbNghtDB2nBsWpnT0SOphAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUbA9yIOcr3j2SDeipuusEZFMix9owHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzAwNTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABSFn0D
BABSGqkwDQYJKoZIhvcNAQELBQADggEBAFCh0sNw8kwP4TIcv2+g0/G9gjJgz+pR
Dmf8nu1D30vSlGCGItdf5l0HyXapR2KBm5AICiyrGAyQxSocYi6PVe+2GYtKUkr/
hjNsDa4UNqWehUYhLJJDtcq/aIY3d2yeP0YvaIpvGmdvh89BKSNGEQN4DGzL2PkT
xfh20eEJ1UN7/YCZIB7wCCznHCXHw49AfuD4soQQMtCFPuZP0rh08nZUVUzI40J7
snW8RsWiasZvyvuju5efBow+wP8E0bU28351pp14Tu7x5J/m1REIzS5GEzWft0Ty
mEvtisywNVweWo8F19ZVMopaUVcu4GOL0wsQ3Y3zz4qITWICV+HnqhY=
-----END CERTIFICATE-----