Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS58643.roa
File:                     AS58643.roa (raw, json)
Hash identifier:          s+eJ3Ov/wGvP6VbF7W+bKANXTIOVqiSNbIhqd2mu2t8=
Subject key identifier:   FF:F3:15:4C:95:41:52:5F:2F:BC:9A:0F:72:7F:FA:83:4C:26:79:22
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       64FE5CF200CB10CABE53FF764AF476443A7E4760
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS58643.roa
Signing time:             Mon 28 Jul 2025 09:03:30 +0000
ROA not before:           Mon 28 Jul 2025 08:58:30 +0000
ROA not after:            Mon 27 Jul 2026 09:03:30 +0000
asID:                     58643
IP address blocks:        82.29.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 08:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:fe:5c:f2:00:cb:10:ca:be:53:ff:76:4a:f4:76:44:3a:7e:47:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 28 08:58:30 2025 GMT
            Not After : Jul 27 09:03:30 2026 GMT
        Subject: CN=FFF3154C9541525F2FBC9A0F727FFA834C267922
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:34:aa:69:0a:e5:b8:02:b5:d8:94:2e:9d:71:
                    18:c2:93:19:13:01:16:11:d9:33:c7:31:53:2b:93:
                    90:b1:e8:9c:5d:7e:48:d1:2a:c2:85:b0:bb:08:bc:
                    34:fc:39:b2:1b:5d:21:10:33:a6:96:28:f6:eb:9a:
                    16:73:36:29:ff:d8:e4:a5:99:82:cd:6e:80:18:44:
                    b3:74:4b:da:29:ba:20:c9:59:bb:f3:9a:e4:13:eb:
                    7a:ce:69:de:ac:5c:90:17:56:87:f6:14:f1:59:c2:
                    50:54:ad:e3:bb:6e:68:03:e1:25:50:24:90:73:41:
                    0f:ca:e4:f1:ac:20:51:7d:f4:55:cf:bc:90:2b:52:
                    60:90:43:97:f5:e3:e4:fb:fa:1a:5d:39:36:c9:0d:
                    f7:e8:c8:fa:7c:39:74:64:df:a1:f7:e7:b0:32:1d:
                    bd:49:87:a7:78:1b:70:a1:67:99:34:42:1d:e8:e4:
                    c6:c1:80:8c:d0:6c:68:57:19:ef:d6:88:84:a7:c5:
                    5d:76:97:08:ca:69:5c:02:63:1e:22:cf:7b:7a:87:
                    8b:0c:a8:bc:5d:1b:97:97:bd:9e:e6:b0:c1:2f:f9:
                    19:d9:f6:c3:ad:fb:9d:42:86:e5:5c:34:8a:58:58:
                    b3:e4:c2:e8:9b:43:30:e1:a8:d1:6d:40:05:6f:fa:
                    23:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:F3:15:4C:95:41:52:5F:2F:BC:9A:0F:72:7F:FA:83:4C:26:79:22
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS58643.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:c5:5f:e9:e7:b0:e8:10:02:eb:fb:11:88:42:6f:20:cb:7c:
         04:3a:03:58:bf:2b:37:47:aa:26:b5:74:43:3b:9b:3b:bf:95:
         7c:3d:87:ca:a5:23:56:fa:65:df:14:10:44:90:30:7a:97:9b:
         18:9b:e1:99:0f:ea:47:0d:e9:0f:46:3c:37:f8:b4:97:e3:f7:
         2a:26:f4:78:4e:a2:c0:b6:02:cf:d3:07:dd:ee:1d:40:c6:fc:
         09:80:a0:53:96:21:09:73:86:2d:cb:0f:11:09:b0:72:8e:b9:
         56:90:5b:92:7b:de:03:9e:a4:70:14:5a:05:6c:a3:53:0b:79:
         cf:11:69:01:0c:04:39:00:8f:41:9e:11:a1:b7:04:2e:5b:ca:
         83:15:af:52:d1:26:36:0e:6b:94:57:24:0e:d9:ab:c3:35:dc:
         c0:de:b4:ca:fd:43:6d:f6:8a:c0:48:c5:9c:f2:64:9c:99:8f:
         06:5a:da:e9:f9:13:11:f8:db:5e:0b:85:dd:90:bf:49:9b:6b:
         55:48:8b:4e:a7:da:ad:b3:3a:04:00:9e:94:f1:a6:06:08:e9:
         dd:b9:1b:8c:57:63:6e:da:40:7e:96:18:3d:b3:64:68:fb:93:
         8c:a7:40:43:79:85:79:7d:90:26:a4:04:5f:33:7a:3c:81:e6:
         12:8f:ed:82
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZP5c8gDLEMq+U/92SvR2RDp+R2AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MjgwODU4MzBaFw0yNjA3MjcwOTAzMzBaMDMxMTAvBgNV
BAMTKEZGRjMxNTRDOTU0MTUyNUYyRkJDOUEwRjcyN0ZGQTgzNEMyNjc5MjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2NKppCuW4ArXYlC6dcRjCkxkT
ARYR2TPHMVMrk5Cx6JxdfkjRKsKFsLsIvDT8ObIbXSEQM6aWKPbrmhZzNin/2OSl
mYLNboAYRLN0S9opuiDJWbvzmuQT63rOad6sXJAXVof2FPFZwlBUreO7bmgD4SVQ
JJBzQQ/K5PGsIFF99FXPvJArUmCQQ5f14+T7+hpdOTbJDffoyPp8OXRk36H357Ay
Hb1Jh6d4G3ChZ5k0Qh3o5MbBgIzQbGhXGe/WiISnxV12lwjKaVwCYx4iz3t6h4sM
qLxdG5eXvZ7msMEv+RnZ9sOt+51ChuVcNIpYWLPkwuibQzDhqNFtQAVv+iPLAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU//MVTJVBUl8vvJoPcn/6g0wmeSIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTg2NDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSHTQw
DQYJKoZIhvcNAQELBQADggEBACXFX+nnsOgQAuv7EYhCbyDLfAQ6A1i/KzdHqia1
dEM7mzu/lXw9h8qlI1b6Zd8UEESQMHqXmxib4ZkP6kcN6Q9GPDf4tJfj9yom9HhO
osC2As/TB93uHUDG/AmAoFOWIQlzhi3LDxEJsHKOuVaQW5J73gOepHAUWgVso1ML
ec8RaQEMBDkAj0GeEaG3BC5byoMVr1LRJjYOa5RXJA7Zq8M13MDetMr9Q232isBI
xZzyZJyZjwZa2un5ExH4214Lhd2Qv0mba1VIi06n2q2zOgQAnpTxpgYI6d25G4xX
Y27aQH6WGD2zZGj7k4ynQEN5hXl9kCakBF8zejyB5hKP7YI=
-----END CERTIFICATE-----