Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
File:                     AS30058.roa (raw, json)
Hash identifier:          MMybYVa5E8GLP3roH6xWpzYHAxupiAi0dmZx2yU1LdQ=
Subject key identifier:   4E:09:F5:4C:79:40:A8:48:E6:B2:4E:3B:AD:01:1C:E0:66:E7:93:A6
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       41F04CCB528F32FBAAD6ED11386F6B250764944D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
Signing time:             Tue 05 Aug 2025 00:00:35 +0000
ROA not before:           Mon 04 Aug 2025 23:55:35 +0000
ROA not after:            Tue 04 Aug 2026 00:00:35 +0000
asID:                     30058
IP address blocks:        45.89.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 06:23:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:f0:4c:cb:52:8f:32:fb:aa:d6:ed:11:38:6f:6b:25:07:64:94:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug  4 23:55:35 2025 GMT
            Not After : Aug  4 00:00:35 2026 GMT
        Subject: CN=4E09F54C7940A848E6B24E3BAD011CE066E793A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:2c:7a:54:f6:8e:41:47:40:8a:b3:7c:3d:8d:
                    31:bf:17:f9:fb:02:74:79:b6:c0:17:d6:11:fe:74:
                    a4:ac:ee:0b:e2:56:7c:60:db:7f:aa:be:53:45:4e:
                    5d:44:c5:f5:ea:d1:b0:82:32:fe:91:f7:c1:1f:5d:
                    90:d6:21:1c:4f:69:5a:49:a4:f4:c8:83:69:5f:b7:
                    8c:90:75:8c:5c:59:b2:db:d9:d8:ed:22:61:6a:cb:
                    f0:49:b7:69:fa:7a:18:7a:11:d8:dc:86:bf:24:9c:
                    94:1b:b7:0e:82:99:0a:56:bf:1c:ba:16:1f:df:16:
                    9b:27:80:06:e2:9f:51:92:de:d0:6b:12:cf:a2:9b:
                    de:a6:4f:ac:43:4e:43:5f:1e:95:7a:b7:69:f6:f7:
                    58:a4:0b:a9:50:32:9a:45:e3:24:55:80:26:4e:ed:
                    f9:3d:ef:bb:fd:4a:3b:68:f5:69:45:0f:9c:8c:d0:
                    a0:13:7a:45:c1:e9:57:75:bc:ff:d0:d3:67:71:82:
                    e9:11:be:84:5e:ab:d5:d5:3c:88:53:0a:3e:9a:4f:
                    2f:b7:ca:c6:bc:8f:95:1a:85:2c:44:a0:7e:06:64:
                    bf:9b:ae:16:25:36:7b:27:38:e8:15:35:28:f0:d8:
                    94:61:e6:c5:f6:16:b1:fb:60:e7:02:3e:e4:80:5f:
                    b2:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:09:F5:4C:79:40:A8:48:E6:B2:4E:3B:AD:01:1C:E0:66:E7:93:A6
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:19:b2:22:f0:76:33:de:26:bb:93:c7:47:79:9c:fd:f7:7d:
         a7:b1:a2:47:62:26:c1:b3:8b:b8:d1:8b:ef:62:88:74:c1:d6:
         0a:2c:63:d3:84:45:88:44:5d:76:35:6d:ee:d8:c4:af:44:26:
         56:2d:e2:0b:06:2a:2f:47:11:54:d1:45:0e:b0:56:49:06:25:
         e7:33:e0:07:eb:1e:1e:4e:13:a6:96:a0:85:41:b3:73:0c:5c:
         35:08:05:e1:d1:d1:53:73:01:09:03:6f:3f:d0:22:b3:1a:df:
         a5:62:f6:71:f7:8c:46:8b:af:8f:f0:c7:c1:c4:bd:11:f0:1a:
         db:6f:6d:d5:fb:a9:a3:ba:96:cd:8e:69:6b:4e:4e:f4:9a:09:
         7d:25:f9:82:ef:81:7f:c8:56:aa:05:5e:b4:15:73:ef:e7:40:
         bb:b0:23:f2:87:82:1e:ba:5c:60:14:4e:49:80:41:d5:2e:b5:
         15:36:4e:2b:53:5a:06:fb:96:8d:d9:0c:4b:a1:5a:0a:bb:a0:
         fa:12:51:ed:4a:02:f5:a5:9f:ce:4f:91:31:c9:17:d9:d6:b4:
         fa:28:70:2f:0b:24:fe:c4:fe:a6:0b:df:41:2a:2a:a3:82:8b:
         6d:d7:d3:9f:c5:3b:03:26:dd:f2:16:83:03:65:8d:37:ca:80:
         05:a0:88:1e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUQfBMy1KPMvuq1u0ROG9rJQdklE0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MDQyMzU1MzVaFw0yNjA4MDQwMDAwMzVaMDMxMTAvBgNV
BAMTKDRFMDlGNTRDNzk0MEE4NDhFNkIyNEUzQkFEMDExQ0UwNjZFNzkzQTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1LHpU9o5BR0CKs3w9jTG/F/n7
AnR5tsAX1hH+dKSs7gviVnxg23+qvlNFTl1ExfXq0bCCMv6R98EfXZDWIRxPaVpJ
pPTIg2lft4yQdYxcWbLb2djtImFqy/BJt2n6ehh6Edjchr8knJQbtw6CmQpWvxy6
Fh/fFpsngAbin1GS3tBrEs+im96mT6xDTkNfHpV6t2n291ikC6lQMppF4yRVgCZO
7fk977v9Sjto9WlFD5yM0KATekXB6Vd1vP/Q02dxgukRvoReq9XVPIhTCj6aTy+3
ysa8j5UahSxEoH4GZL+brhYlNnsnOOgVNSjw2JRh5sX2FrH7YOcCPuSAX7IpAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUTgn1THlAqEjmsk47rQEc4Gbnk6YwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzAwNTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtWfkw
DQYJKoZIhvcNAQELBQADggEBACYZsiLwdjPeJruTx0d5nP33faexokdiJsGzi7jR
i+9iiHTB1gosY9OERYhEXXY1be7YxK9EJlYt4gsGKi9HEVTRRQ6wVkkGJecz4Afr
Hh5OE6aWoIVBs3MMXDUIBeHR0VNzAQkDbz/QIrMa36Vi9nH3jEaLr4/wx8HEvRHw
GttvbdX7qaO6ls2OaWtOTvSaCX0l+YLvgX/IVqoFXrQVc+/nQLuwI/KHgh66XGAU
TkmAQdUutRU2TitTWgb7lo3ZDEuhWgq7oPoSUe1KAvWln85PkTHJF9nWtPoocC8L
JP7E/qYL30EqKqOCi23X05/FOwMm3fIWgwNljTfKgAWgiB4=
-----END CERTIFICATE-----