Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
File:                     AS30058.roa (raw, json)
Hash identifier:          zsnW+nrlG4zD2eyI6dm5oI7wLm1RACy05xT4VLdzZwk=
Subject key identifier:   F5:9A:A1:23:9C:D7:2D:2B:2E:E3:D8:BD:6F:44:01:66:4B:E5:77:19
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7848B8A11D6538155B460A8A8EF2C2E4CA1127DA
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
Signing time:             Fri 01 May 2026 17:05:47 +0000
ROA not before:           Fri 01 May 2026 17:00:47 +0000
ROA not after:            Fri 30 Apr 2027 17:05:47 +0000
asID:                     30058
IP address blocks:        181.214.124.0/24 maxlen: 24
                          181.215.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:12:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:48:b8:a1:1d:65:38:15:5b:46:0a:8a:8e:f2:c2:e4:ca:11:27:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  1 17:00:47 2026 GMT
            Not After : Apr 30 17:05:47 2027 GMT
        Subject: CN=F59AA1239CD72D2B2EE3D8BD6F4401664BE57719
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4f:2a:8b:3c:15:d7:2a:6c:9d:66:40:17:93:
                    d5:1c:6e:77:4f:fc:33:2f:55:b8:b3:d7:01:6a:a1:
                    f9:8d:6f:86:44:18:11:b2:58:ec:b0:0f:7d:50:f4:
                    ef:c7:c8:5b:12:5c:ef:3a:89:98:7a:6f:09:4f:fc:
                    97:c3:d1:00:5d:25:9b:72:51:f0:84:ab:f4:15:04:
                    72:b1:87:28:a8:fd:e1:f2:0f:ac:63:de:21:8d:f7:
                    53:42:2d:4d:48:8a:c8:32:5f:08:03:51:5a:df:c3:
                    ec:9c:bf:f1:78:f7:da:9f:e1:55:5d:0f:3b:bd:40:
                    eb:c2:25:f9:c6:be:66:d4:3f:26:2b:d9:4c:49:d4:
                    70:1b:8b:5f:d6:6f:b0:f1:58:1e:b9:cc:d5:f4:90:
                    75:63:eb:52:6c:21:ab:61:98:7d:59:2b:69:92:32:
                    ef:9e:67:83:15:8f:90:5d:6c:21:57:7f:cd:75:98:
                    07:bc:f3:f1:78:82:f9:73:85:04:52:ea:04:0d:b0:
                    dd:06:99:1e:af:85:53:9e:70:7f:92:7b:c4:0f:62:
                    2a:37:3e:db:49:44:f0:21:72:56:68:63:29:db:ee:
                    1e:90:ab:e8:29:e6:d0:9e:61:1c:ff:73:14:e6:35:
                    19:41:76:e3:de:aa:6f:24:f1:a8:64:4b:82:3f:cc:
                    8d:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:9A:A1:23:9C:D7:2D:2B:2E:E3:D8:BD:6F:44:01:66:4B:E5:77:19
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.124.0/24
                  181.215.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:70:fd:e6:a5:94:99:e9:46:94:47:cf:2e:61:e7:94:6f:bc:
         fa:73:d8:4f:b7:bd:4e:b6:19:a0:c0:4f:83:4c:54:84:5e:54:
         98:15:a1:54:b6:e2:9d:d6:84:fe:71:af:a2:b8:39:17:0d:d1:
         5d:1b:10:71:38:45:f3:45:9c:b9:e7:4a:2d:63:71:74:dc:0c:
         59:4c:71:dd:d2:3d:90:19:da:6e:17:42:54:a0:83:22:a7:6a:
         bf:d8:d1:65:4a:9f:f6:4a:88:ea:2f:ef:fb:f1:99:d6:6c:fb:
         0c:90:76:fb:fd:75:b7:b4:02:62:3f:44:1b:94:af:00:c0:5e:
         61:e8:1f:6a:cd:e6:bb:90:4b:de:e9:10:9f:5e:f7:22:60:be:
         7a:3c:46:47:05:10:e3:d2:c1:b6:90:09:bd:2b:e8:4b:25:ec:
         f0:ea:93:6c:f2:40:09:f7:2c:d7:00:93:2e:f8:bd:5d:17:da:
         fc:e2:3d:ee:8b:a6:00:58:37:a2:50:bc:5a:f0:cd:17:46:bf:
         17:53:92:80:76:bb:ff:4e:f7:2b:50:a8:c1:6b:6e:9a:a3:4d:
         95:6a:6d:43:6a:2d:26:82:82:58:6e:1a:6a:cb:68:f1:40:78:
         42:49:a8:60:7c:40:2e:dd:62:44:ff:8e:7d:ec:19:39:83:fd:
         de:14:a2:9e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUeEi4oR1lOBVbRgqKjvLC5MoRJ9owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MDExNzAwNDdaFw0yNzA0MzAxNzA1NDdaMDMxMTAvBgNV
BAMTKEY1OUFBMTIzOUNENzJEMkIyRUUzRDhCRDZGNDQwMTY2NEJFNTc3MTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbTyqLPBXXKmydZkAXk9UcbndP
/DMvVbiz1wFqofmNb4ZEGBGyWOywD31Q9O/HyFsSXO86iZh6bwlP/JfD0QBdJZty
UfCEq/QVBHKxhyio/eHyD6xj3iGN91NCLU1IisgyXwgDUVrfw+ycv/F499qf4VVd
Dzu9QOvCJfnGvmbUPyYr2UxJ1HAbi1/Wb7DxWB65zNX0kHVj61JsIathmH1ZK2mS
Mu+eZ4MVj5BdbCFXf811mAe88/F4gvlzhQRS6gQNsN0GmR6vhVOecH+Se8QPYio3
PttJRPAhclZoYynb7h6Qq+gp5tCeYRz/cxTmNRlBduPeqm8k8ahkS4I/zI0pAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU9ZqhI5zXLSsu49i9b0QBZkvldxkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzAwNTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11nwD
BAC1120wDQYJKoZIhvcNAQELBQADggEBAHdw/eallJnpRpRHzy5h55RvvPpz2E+3
vU62GaDAT4NMVIReVJgVoVS24p3WhP5xr6K4ORcN0V0bEHE4RfNFnLnnSi1jcXTc
DFlMcd3SPZAZ2m4XQlSggyKnar/Y0WVKn/ZKiOov7/vxmdZs+wyQdvv9dbe0AmI/
RBuUrwDAXmHoH2rN5ruQS97pEJ9e9yJgvno8RkcFEOPSwbaQCb0r6Esl7PDqk2zy
QAn3LNcAky74vV0X2vziPe6LpgBYN6JQvFrwzRdGvxdTkoB2u/9O9ytQqMFrbpqj
TZVqbUNqLSaCglhuGmrLaPFAeEJJqGB8QC7dYkT/jn3sGTmD/d4Uop4=
-----END CERTIFICATE-----