Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS30058.roa
File:                     AS30058.roa (raw, json)
Hash identifier:          wGNhGr01x+Sa5KWw4r5NbPKGAx/Xffu7E/Iaj6i6CHk=
Subject key identifier:   C0:B2:3F:D8:D3:89:E4:F5:E2:7F:43:1B:D4:ED:EF:AE:52:E1:9E:98
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6B161DA03ECF86015480D5B8787CA02051648A9B
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS30058.roa
Signing time:             Thu 11 Sep 2025 00:07:49 +0000
ROA not before:           Thu 11 Sep 2025 00:02:49 +0000
ROA not after:            Thu 10 Sep 2026 00:07:49 +0000
asID:                     30058
IP address blocks:        155.117.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:16:1d:a0:3e:cf:86:01:54:80:d5:b8:78:7c:a0:20:51:64:8a:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Sep 11 00:02:49 2025 GMT
            Not After : Sep 10 00:07:49 2026 GMT
        Subject: CN=C0B23FD8D389E4F5E27F431BD4EDEFAE52E19E98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:37:b0:76:85:e6:07:2c:d6:eb:d0:a1:84:5a:
                    96:45:f7:b5:9e:f6:3f:c0:8c:c3:8c:ea:69:12:2c:
                    6a:1d:66:2e:4e:f3:4e:4e:cc:c7:ec:c2:c9:5c:aa:
                    a6:93:88:81:b7:fb:74:56:ad:86:49:7f:0d:2f:3a:
                    ce:17:aa:af:19:4a:aa:1b:cb:c8:fa:7f:9f:8b:d9:
                    35:39:4c:bd:2a:03:a5:d2:d7:e3:a3:eb:99:ef:94:
                    36:cc:a7:c0:35:1e:ed:a7:b1:74:71:03:b6:1b:df:
                    5f:e9:a9:66:7f:c0:69:62:28:ff:23:ef:bf:3f:90:
                    6b:c6:f9:8d:09:a9:96:0c:e6:01:82:10:b4:fa:10:
                    14:cc:0c:f3:be:5b:aa:5f:ea:df:e4:aa:32:df:47:
                    5a:52:48:98:7f:aa:be:5b:0f:03:2d:79:c5:8c:4d:
                    88:e9:9a:d0:13:a6:e0:92:14:72:47:d8:74:a0:fd:
                    24:3f:95:ae:40:b2:ca:f9:0c:52:ca:73:9c:45:79:
                    ce:99:f4:d0:6b:98:cc:1f:fe:7a:57:dc:80:2d:8e:
                    e2:99:a2:ae:d3:26:97:1d:f8:fc:a5:14:73:89:3d:
                    c3:65:f1:73:a4:61:4a:b4:9d:06:65:2c:f0:76:8a:
                    c4:b3:e0:b3:52:27:ac:05:2b:87:32:8d:89:94:ea:
                    db:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:B2:3F:D8:D3:89:E4:F5:E2:7F:43:1B:D4:ED:EF:AE:52:E1:9E:98
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS30058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:18:56:50:17:54:32:7b:04:2e:51:bb:87:e4:05:73:f4:9e:
         4c:1f:f7:9c:67:e1:d4:e1:ec:57:26:e0:ad:be:bb:a5:b6:f2:
         9c:eb:73:55:cd:86:5b:d7:4c:9e:5e:3e:76:49:fb:ad:1d:ed:
         c5:a2:c1:6b:9e:45:7d:a4:21:c7:5a:3d:81:c5:6a:42:e5:3a:
         ca:38:9a:51:be:2b:bc:bb:43:c0:c0:21:e6:09:c7:e4:9f:64:
         92:9d:25:9a:8a:77:60:c5:73:0f:e4:cb:6f:8e:5b:b2:13:32:
         e3:85:68:8b:3a:63:0c:d2:f0:34:3f:70:3c:46:66:b2:10:2d:
         ff:ed:22:5c:d6:dd:10:13:d9:b8:7d:eb:d5:13:2e:da:27:62:
         e5:92:b9:a5:52:c3:7a:ee:ce:1f:f1:c0:ab:b1:ea:d9:00:9f:
         82:ca:61:cc:0a:a1:39:b5:f8:58:76:4e:b1:6c:86:ee:28:1a:
         e1:30:f8:03:23:8e:13:3f:30:48:6f:97:66:5b:45:64:f7:42:
         38:66:19:9c:1a:21:2a:98:2f:fb:f2:ff:3e:48:34:af:3f:80:
         32:d4:85:01:06:24:a6:79:8f:dd:f2:3d:e0:07:7f:a9:fa:81:
         d9:f3:fd:ea:de:8d:b3:99:24:04:d9:75:25:7e:74:0e:a7:db:
         fb:b0:f2:1c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUaxYdoD7PhgFUgNW4eHygIFFkipswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MTEwMDAyNDlaFw0yNjA5MTAwMDA3NDlaMDMxMTAvBgNV
BAMTKEMwQjIzRkQ4RDM4OUU0RjVFMjdGNDMxQkQ0RURFRkFFNTJFMTlFOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChN7B2heYHLNbr0KGEWpZF97We
9j/AjMOM6mkSLGodZi5O805OzMfswslcqqaTiIG3+3RWrYZJfw0vOs4Xqq8ZSqob
y8j6f5+L2TU5TL0qA6XS1+Oj65nvlDbMp8A1Hu2nsXRxA7Yb31/pqWZ/wGliKP8j
778/kGvG+Y0JqZYM5gGCELT6EBTMDPO+W6pf6t/kqjLfR1pSSJh/qr5bDwMtecWM
TYjpmtATpuCSFHJH2HSg/SQ/la5Assr5DFLKc5xFec6Z9NBrmMwf/npX3IAtjuKZ
oq7TJpcd+PylFHOJPcNl8XOkYUq0nQZlLPB2isSz4LNSJ6wFK4cyjYmU6ttRAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUwLI/2NOJ5PXif0Mb1O3vrlLhnpgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzAwNTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACbdZcw
DQYJKoZIhvcNAQELBQADggEBACUYVlAXVDJ7BC5Ru4fkBXP0nkwf95xn4dTh7Fcm
4K2+u6W28pzrc1XNhlvXTJ5ePnZJ+60d7cWiwWueRX2kIcdaPYHFakLlOso4mlG+
K7y7Q8DAIeYJx+SfZJKdJZqKd2DFcw/ky2+OW7ITMuOFaIs6YwzS8DQ/cDxGZrIQ
Lf/tIlzW3RAT2bh969UTLtonYuWSuaVSw3ruzh/xwKux6tkAn4LKYcwKoTm1+Fh2
TrFshu4oGuEw+AMjjhM/MEhvl2ZbRWT3QjhmGZwaISqYL/vy/z5INK8/gDLUhQEG
JKZ5j93yPeAHf6n6gdnz/erejbOZJATZdSV+dA6n2/uw8hw=
-----END CERTIFICATE-----