Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
File:                     AS30058.roa (raw, json)
Hash identifier:          WWA59mBQMIOo6hIYNumXPwpsDepoqCtaU6VyybJRzSQ=
Subject key identifier:   85:E9:F0:3B:36:98:47:0F:E1:62:B6:CE:E4:5E:16:9B:C8:7C:4B:E7
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2FA67EE46493872768ACC66FF2FBA95298272E50
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
Signing time:             Thu 26 Mar 2026 14:31:57 +0000
ROA not before:           Thu 26 Mar 2026 14:26:57 +0000
ROA not after:            Thu 25 Mar 2027 14:31:57 +0000
asID:                     30058
IP address blocks:        181.214.124.0/24 maxlen: 24
                          181.215.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:a6:7e:e4:64:93:87:27:68:ac:c6:6f:f2:fb:a9:52:98:27:2e:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 26 14:26:57 2026 GMT
            Not After : Mar 25 14:31:57 2027 GMT
        Subject: CN=85E9F03B3698470FE162B6CEE45E169BC87C4BE7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:6e:3b:00:e0:bc:f0:26:be:a5:f8:fd:d5:b8:
                    30:11:b2:b3:e7:b4:06:b7:ac:b2:7e:42:76:e3:35:
                    39:e4:d5:fa:43:28:32:b7:05:17:db:eb:1c:55:3f:
                    1c:c0:9f:fd:84:be:c0:09:cc:29:d8:16:60:f7:4d:
                    b2:14:de:f5:be:e0:e1:90:4b:27:aa:e7:1a:1c:7a:
                    26:94:19:d6:0b:65:22:72:ba:e8:66:63:ef:9a:f4:
                    f0:c1:17:4f:28:a5:20:ad:84:56:8a:43:5e:d6:c2:
                    f5:26:f3:52:e2:75:ed:9d:e0:aa:93:cf:0a:ff:58:
                    5e:6c:b8:c1:b3:0f:f1:3b:7e:69:8a:f2:7e:31:df:
                    ab:cd:b3:3c:71:2d:f1:8e:1f:9b:5a:c1:61:c9:56:
                    e6:5d:81:8b:33:85:66:08:b4:0b:92:67:a5:8b:6c:
                    69:a6:92:0c:51:d8:ee:f5:c6:2c:82:50:5a:14:c8:
                    79:05:58:9a:25:b4:1e:ea:bd:e4:fb:02:6e:05:67:
                    52:f0:d9:86:1c:7b:3c:f7:16:cf:76:41:8c:0b:25:
                    b9:4f:80:52:4b:64:c1:71:02:f6:9a:fe:1e:6d:b6:
                    a9:cc:eb:a7:13:66:a6:1a:e4:47:24:6e:a4:8c:db:
                    c8:26:f2:94:67:5a:45:07:4b:4a:eb:ca:03:20:29:
                    1d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:E9:F0:3B:36:98:47:0F:E1:62:B6:CE:E4:5E:16:9B:C8:7C:4B:E7
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.124.0/24
                  181.215.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:1b:d3:eb:db:4f:cb:4a:26:b2:62:cc:79:5d:42:9f:33:b6:
         d3:4d:f7:e7:7d:aa:3e:eb:b6:03:f5:e6:34:eb:30:9c:8f:17:
         3f:8d:9b:b2:08:0a:3a:18:09:d6:f0:64:e6:46:5d:b8:84:08:
         7b:1c:c1:f7:7e:13:6a:2d:1a:b7:b3:a0:b9:46:73:3c:19:62:
         99:84:c4:8e:16:c3:01:e4:27:c8:69:81:85:62:ac:9f:a8:f9:
         3b:77:90:db:10:cd:59:a6:4b:84:bb:cb:fd:d9:cb:7a:77:24:
         f9:9b:42:e1:a5:db:89:9e:e3:b5:f3:21:21:2a:0b:00:19:e5:
         36:9e:cf:ea:30:ba:89:12:b6:3a:fd:ca:65:a2:e5:2e:aa:9f:
         6d:8a:66:8b:b7:6f:e4:a0:fa:60:6a:2c:09:5a:0f:ff:21:8e:
         c0:bc:c3:45:15:05:42:5c:9b:4b:1f:81:9a:fd:4e:21:36:10:
         b9:db:cb:77:07:11:ee:f0:5e:e1:b7:46:d7:d5:c7:73:f9:72:
         68:19:32:cb:87:b6:7b:57:c4:d9:7e:5a:aa:49:c5:2d:58:32:
         4d:cd:5a:95:5a:43:0c:c7:18:70:1d:2d:1b:92:67:d2:c8:d9:
         ca:17:8e:3f:72:a4:22:77:3c:39:63:d4:20:f9:29:52:10:1f:
         e9:65:f3:87
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUL6Z+5GSThydorMZv8vupUpgnLlAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMjYxNDI2NTdaFw0yNzAzMjUxNDMxNTdaMDMxMTAvBgNV
BAMTKDg1RTlGMDNCMzY5ODQ3MEZFMTYyQjZDRUU0NUUxNjlCQzg3QzRCRTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLbjsA4LzwJr6l+P3VuDARsrPn
tAa3rLJ+QnbjNTnk1fpDKDK3BRfb6xxVPxzAn/2EvsAJzCnYFmD3TbIU3vW+4OGQ
Syeq5xoceiaUGdYLZSJyuuhmY++a9PDBF08opSCthFaKQ17WwvUm81Lide2d4KqT
zwr/WF5suMGzD/E7fmmK8n4x36vNszxxLfGOH5tawWHJVuZdgYszhWYItAuSZ6WL
bGmmkgxR2O71xiyCUFoUyHkFWJoltB7qveT7Am4FZ1Lw2YYcezz3Fs92QYwLJblP
gFJLZMFxAvaa/h5ttqnM66cTZqYa5EckbqSM28gm8pRnWkUHS0rrygMgKR3nAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUhenwOzaYRw/hYrbO5F4Wm8h8S+cwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzAwNTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11nwD
BAC112wwDQYJKoZIhvcNAQELBQADggEBAB0b0+vbT8tKJrJizHldQp8zttNN9+d9
qj7rtgP15jTrMJyPFz+Nm7IICjoYCdbwZOZGXbiECHscwfd+E2otGrezoLlGczwZ
YpmExI4WwwHkJ8hpgYVirJ+o+Tt3kNsQzVmmS4S7y/3Zy3p3JPmbQuGl24me47Xz
ISEqCwAZ5Taez+owuokStjr9ymWi5S6qn22KZou3b+Sg+mBqLAlaD/8hjsC8w0UV
BUJcm0sfgZr9TiE2ELnby3cHEe7wXuG3RtfVx3P5cmgZMsuHtntXxNl+WqpJxS1Y
Mk3NWpVaQwzHGHAdLRuSZ9LI2coXjj9ypCJ3PDlj1CD5KVIQH+ll84c=
-----END CERTIFICATE-----