Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS36530.roa
File:                     AS36530.roa (raw, json)
Hash identifier:          h7vnTq1VA9FesjZBzil6ivIHOUghOjhvHhkWkjiSyws=
Subject key identifier:   36:37:A5:08:63:8E:DA:18:77:0F:4F:0E:C1:3A:82:95:3E:06:CC:50
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7326E8FBFE773233441F7A9579A2B2B273EB74A3
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS36530.roa
Signing time:             Wed 18 Jun 2025 19:10:38 +0000
ROA not before:           Wed 18 Jun 2025 19:05:38 +0000
ROA not after:            Wed 17 Jun 2026 19:10:38 +0000
asID:                     36530
IP address blocks:        141.11.108.0/24 maxlen: 24
                          141.11.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 10:24:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:26:e8:fb:fe:77:32:33:44:1f:7a:95:79:a2:b2:b2:73:eb:74:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 18 19:05:38 2025 GMT
            Not After : Jun 17 19:10:38 2026 GMT
        Subject: CN=3637A508638EDA18770F4F0EC13A82953E06CC50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:fd:42:69:4e:f7:57:f7:67:3f:a8:ae:46:e0:
                    21:a3:72:ad:7f:c5:cd:69:8c:87:bf:50:a7:ec:15:
                    ca:8e:fd:70:82:8d:3c:17:49:62:69:b2:10:6c:6f:
                    bc:ce:57:87:2f:2e:17:2a:5c:0e:d7:c4:b7:e8:cc:
                    8e:c3:22:c8:44:e5:13:69:07:aa:f4:5d:f0:a2:94:
                    45:9d:ef:46:bd:b7:10:c1:73:75:53:7b:52:b9:da:
                    7c:a5:6f:96:b9:01:ee:5d:e0:44:d2:ac:dc:2b:67:
                    07:c0:fc:ca:41:1c:60:5e:32:27:17:75:48:06:cf:
                    e4:98:77:30:78:05:4f:61:01:e2:da:c5:7f:79:b8:
                    aa:61:c0:a3:a8:89:ab:25:dd:c7:c8:29:35:e8:1e:
                    f2:2e:64:2d:41:80:68:57:d5:04:ab:1e:25:df:7f:
                    90:47:d9:8f:49:cc:cc:3c:41:6b:85:32:07:a3:81:
                    f6:be:2f:6a:e9:bb:0a:61:f4:aa:39:5a:7a:88:21:
                    25:a2:c3:41:17:a3:ff:69:ba:a3:a7:d0:62:a6:60:
                    c1:c7:9f:ce:82:cc:d9:a3:d9:6b:76:ce:b9:13:d8:
                    47:c2:46:66:3f:70:09:a8:36:32:23:ec:18:5f:85:
                    38:5b:83:5a:94:de:d0:3a:1e:ed:7c:ba:2e:3e:71:
                    d0:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:37:A5:08:63:8E:DA:18:77:0F:4F:0E:C1:3A:82:95:3E:06:CC:50
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS36530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.108.0/24
                  141.11.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:e2:db:e7:05:1d:2f:4f:c2:a5:ea:05:54:77:e8:5d:20:b5:
         1f:63:d8:c3:23:6f:b7:85:a7:cb:d6:15:92:9b:9f:c0:88:97:
         15:f8:70:dd:b6:d9:73:91:1d:b6:22:95:b3:4e:24:be:7f:6b:
         c6:51:d0:bd:2a:34:59:f6:e6:13:de:f9:ed:6e:10:16:03:22:
         d9:29:bb:cc:03:74:94:ea:59:9f:ae:86:d9:82:91:35:ad:40:
         6f:8f:10:bf:f7:81:6d:73:77:9e:7d:98:10:1b:2a:2d:21:6c:
         1c:3b:73:61:27:10:a4:a7:d3:34:dc:be:4f:0d:99:6b:35:db:
         18:7b:f6:47:d1:e5:c1:06:db:61:69:bf:ff:96:49:cf:ff:5d:
         cf:36:cd:71:e3:d0:7f:ea:46:16:57:a1:a8:2a:a8:5b:1f:63:
         03:39:1e:63:98:05:e8:9b:01:ce:71:24:3b:b8:30:5d:be:2f:
         f3:e8:69:43:8b:ee:37:5a:37:a0:48:db:e7:84:ae:09:eb:3a:
         58:b6:a9:10:e7:bc:4f:f4:b7:e8:82:a4:7b:f2:02:c8:60:74:
         5c:fd:eb:38:d1:d6:27:0e:9a:13:0c:bf:b0:d6:56:c3:36:a6:
         9f:10:a3:c2:38:73:eb:06:c7:e9:65:51:77:51:64:d8:a0:00:
         bf:ba:ef:39
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUcybo+/53MjNEH3qVeaKysnPrdKMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA2MTgxOTA1MzhaFw0yNjA2MTcxOTEwMzhaMDMxMTAvBgNV
BAMTKDM2MzdBNTA4NjM4RURBMTg3NzBGNEYwRUMxM0E4Mjk1M0UwNkNDNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1/UJpTvdX92c/qK5G4CGjcq1/
xc1pjIe/UKfsFcqO/XCCjTwXSWJpshBsb7zOV4cvLhcqXA7XxLfozI7DIshE5RNp
B6r0XfCilEWd70a9txDBc3VTe1K52nylb5a5Ae5d4ETSrNwrZwfA/MpBHGBeMicX
dUgGz+SYdzB4BU9hAeLaxX95uKphwKOoiasl3cfIKTXoHvIuZC1BgGhX1QSrHiXf
f5BH2Y9JzMw8QWuFMgejgfa+L2rpuwph9Ko5WnqIISWiw0EXo/9puqOn0GKmYMHH
n86CzNmj2Wt2zrkT2EfCRmY/cAmoNjIj7BhfhThbg1qU3tA6Hu18ui4+cdBDAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUNjelCGOO2hh3D08OwTqClT4GzFAwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzY1MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNC2wD
BACNC/AwDQYJKoZIhvcNAQELBQADggEBAEri2+cFHS9PwqXqBVR36F0gtR9j2MMj
b7eFp8vWFZKbn8CIlxX4cN222XORHbYilbNOJL5/a8ZR0L0qNFn25hPe+e1uEBYD
Itkpu8wDdJTqWZ+uhtmCkTWtQG+PEL/3gW1zd559mBAbKi0hbBw7c2EnEKSn0zTc
vk8NmWs12xh79kfR5cEG22Fpv/+WSc//Xc82zXHj0H/qRhZXoagqqFsfYwM5HmOY
BeibAc5xJDu4MF2+L/PoaUOL7jdaN6BI2+eErgnrOli2qRDnvE/0t+iCpHvyAshg
dFz96zjR1icOmhMMv7DWVsM2pp8Qo8I4c+sGx+llUXdRZNigAL+67zk=
-----END CERTIFICATE-----