Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
File:                     AS30058.roa (raw, json)
Hash identifier:          Mo2sjzK76+GyDYC4J3kzf6fnJVTMD16yB55/qFN4c28=
Subject key identifier:   F5:3F:5A:EA:80:AF:0E:29:96:6E:60:3D:FC:51:78:D8:B2:F1:77:56
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       56826D9EF724A3278A30CFA2B6753D6EBB41A2F3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
Signing time:             Mon 16 Mar 2026 16:08:27 +0000
ROA not before:           Mon 16 Mar 2026 16:03:27 +0000
ROA not after:            Mon 15 Mar 2027 16:08:27 +0000
asID:                     30058
IP address blocks:        181.214.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:18:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:82:6d:9e:f7:24:a3:27:8a:30:cf:a2:b6:75:3d:6e:bb:41:a2:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 16 16:03:27 2026 GMT
            Not After : Mar 15 16:08:27 2027 GMT
        Subject: CN=F53F5AEA80AF0E29966E603DFC5178D8B2F17756
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:15:36:c9:a0:49:53:26:8a:ad:ba:29:8d:40:
                    3c:4c:8a:22:bf:0a:56:7e:5f:9c:d9:cb:4b:3e:f7:
                    d6:7c:8a:5e:82:e3:c3:18:1e:de:91:fd:90:63:4d:
                    9e:9d:71:5f:46:4c:34:27:84:aa:aa:94:7a:cf:e4:
                    1a:ab:bd:3d:f2:77:b4:98:0e:e3:ef:96:c6:81:51:
                    3c:a6:a9:b1:55:13:c4:f2:0c:be:aa:74:6e:aa:cf:
                    82:1b:a8:20:ca:49:16:6b:d1:8c:87:a0:e8:5b:10:
                    ab:2d:5f:28:76:82:bd:a3:ac:f7:6d:03:8b:71:3e:
                    8e:68:63:10:02:a5:d8:25:35:13:8d:4f:2d:e7:ba:
                    4d:51:02:58:49:9e:c0:01:73:27:20:b9:99:d2:b7:
                    58:25:a6:23:2a:0d:6b:14:9b:e4:80:16:0c:1c:90:
                    ca:f1:ee:0e:33:ed:05:fa:5b:68:ff:18:23:e5:85:
                    ea:2d:b2:a9:30:16:e9:cb:e5:0c:4c:eb:b0:ba:dc:
                    75:b5:e6:35:f9:a0:01:3e:a4:2f:54:d6:f6:21:1f:
                    a0:d7:fc:aa:e2:88:0f:d4:c7:74:d3:d8:09:02:14:
                    56:72:90:00:0c:9c:3d:98:1b:48:ce:d2:42:7b:20:
                    33:7e:70:62:ab:80:81:be:36:7f:6c:b0:e2:6f:79:
                    12:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:3F:5A:EA:80:AF:0E:29:96:6E:60:3D:FC:51:78:D8:B2:F1:77:56
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:1a:d4:81:82:b0:58:b7:bf:d3:95:7a:62:2c:b5:8e:c0:69:
         e3:91:c1:b2:48:7f:20:03:82:64:91:9d:17:f4:ab:d4:3b:17:
         44:31:64:16:2c:c0:c0:4d:51:b1:17:a2:64:4d:7e:10:28:46:
         b8:c4:44:a9:05:22:fa:f3:a9:ea:f5:66:61:c1:1b:65:06:cc:
         24:fe:b6:b7:08:6e:f4:1d:02:d2:2e:c1:45:82:e1:5e:e4:26:
         f7:00:4d:dd:9f:2e:db:88:d8:54:4d:5e:c7:48:76:82:31:a4:
         a2:82:c6:05:f7:98:6f:e5:25:76:2e:4f:9a:28:be:49:17:3e:
         da:99:5f:98:49:48:0b:1a:74:d6:87:24:de:ba:70:cb:f2:fa:
         d1:a5:bc:17:f4:49:36:7c:7b:dc:a7:35:aa:4b:49:9c:05:01:
         61:6c:fb:8d:1d:54:be:3d:4a:e8:bb:b4:b7:63:d2:6e:4c:85:
         1a:f7:e7:23:aa:5b:96:17:34:2c:f4:86:4b:d4:a9:6e:99:01:
         7f:ae:1f:d0:88:88:b6:55:bf:9d:48:d6:97:17:7e:40:1d:1c:
         ba:6f:02:d1:7f:47:43:54:ef:11:3b:ee:b6:b9:f1:46:04:bd:
         f6:81:67:3d:23:73:24:8e:98:cb:a3:f2:3d:89:2a:96:7d:31:
         bf:bf:ca:f4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUVoJtnvckoyeKMM+itnU9brtBovMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMTYxNjAzMjdaFw0yNzAzMTUxNjA4MjdaMDMxMTAvBgNV
BAMTKEY1M0Y1QUVBODBBRjBFMjk5NjZFNjAzREZDNTE3OEQ4QjJGMTc3NTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeFTbJoElTJoqtuimNQDxMiiK/
ClZ+X5zZy0s+99Z8il6C48MYHt6R/ZBjTZ6dcV9GTDQnhKqqlHrP5BqrvT3yd7SY
DuPvlsaBUTymqbFVE8TyDL6qdG6qz4IbqCDKSRZr0YyHoOhbEKstXyh2gr2jrPdt
A4txPo5oYxACpdglNRONTy3nuk1RAlhJnsABcycguZnSt1glpiMqDWsUm+SAFgwc
kMrx7g4z7QX6W2j/GCPlheotsqkwFunL5QxM67C63HW15jX5oAE+pC9U1vYhH6DX
/KriiA/Ux3TT2AkCFFZykAAMnD2YG0jO0kJ7IDN+cGKrgIG+Nn9ssOJveRIHAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU9T9a6oCvDimWbmA9/FF42LLxd1YwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzAwNTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11nww
DQYJKoZIhvcNAQELBQADggEBAIsa1IGCsFi3v9OVemIstY7AaeORwbJIfyADgmSR
nRf0q9Q7F0QxZBYswMBNUbEXomRNfhAoRrjERKkFIvrzqer1ZmHBG2UGzCT+trcI
bvQdAtIuwUWC4V7kJvcATd2fLtuI2FRNXsdIdoIxpKKCxgX3mG/lJXYuT5oovkkX
PtqZX5hJSAsadNaHJN66cMvy+tGlvBf0STZ8e9ynNapLSZwFAWFs+40dVL49Sui7
tLdj0m5MhRr35yOqW5YXNCz0hkvUqW6ZAX+uH9CIiLZVv51I1pcXfkAdHLpvAtF/
R0NU7xE77ra58UYEvfaBZz0jcySOmMuj8j2JKpZ9Mb+/yvQ=
-----END CERTIFICATE-----