Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS36530.roa
File:                     AS36530.roa (raw, json)
Hash identifier:          TquZiDA0v4JmQvevDRcCkpG9K0fozeeRPZqFRvYQ/pA=
Subject key identifier:   85:24:86:A1:81:65:89:D4:F5:7F:DB:D1:2B:6B:88:26:16:78:88:DE
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       59C0617C11189A7E4AB9B22BB22C0B8E91B3B3D1
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS36530.roa
Signing time:             Sat 20 Sep 2025 13:36:25 +0000
ROA not before:           Sat 20 Sep 2025 13:31:25 +0000
ROA not after:            Sat 19 Sep 2026 13:36:25 +0000
asID:                     36530
IP address blocks:        141.11.108.0/24 maxlen: 24
                          141.11.140.0/24 maxlen: 24
                          141.11.141.0/24 maxlen: 24
                          141.11.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:c0:61:7c:11:18:9a:7e:4a:b9:b2:2b:b2:2c:0b:8e:91:b3:b3:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep 20 13:31:25 2025 GMT
            Not After : Sep 19 13:36:25 2026 GMT
        Subject: CN=852486A1816589D4F57FDBD12B6B8826167888DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ab:21:5d:ce:9f:b8:b2:6c:48:99:f9:79:95:
                    c5:10:76:6c:4b:53:89:c0:ac:be:0b:24:5f:c9:fd:
                    e5:21:b0:e6:1e:d6:92:27:b6:90:3f:81:85:34:09:
                    48:67:e1:6e:a2:3e:ef:dc:47:d0:11:b5:3f:3f:34:
                    c9:2f:7a:d6:fa:d4:6a:c7:f5:8d:41:73:ee:d9:58:
                    3e:e0:e4:00:78:6c:47:ad:5b:bd:5b:1f:29:98:b1:
                    4e:ea:6c:e1:44:cd:f0:61:e8:c2:3a:5b:16:20:1b:
                    58:cb:f4:50:93:96:2f:36:f3:f9:b9:4c:4b:f7:f7:
                    1c:ca:f8:86:fe:10:e3:97:4c:f0:e3:f4:b6:d5:d8:
                    74:a1:32:97:69:94:89:b2:b8:a1:8e:0d:d5:4a:fe:
                    c1:79:79:ea:80:ba:47:bb:49:a6:ab:00:16:08:98:
                    9a:30:8d:e9:24:9c:cd:c6:9f:06:b9:a0:c5:2c:d3:
                    ea:ad:6b:63:aa:34:ca:ad:60:e6:e8:f2:4e:9e:b0:
                    b0:da:4f:a0:1b:ed:f2:b7:d1:57:50:29:e9:cf:17:
                    79:35:a3:cf:e7:bb:84:2c:07:5f:30:da:34:6e:e0:
                    e1:7e:a8:9c:82:78:5e:dc:cf:b8:f5:58:80:44:e7:
                    6b:4a:ae:01:84:4f:83:fc:3c:ef:a4:e3:e8:f4:4d:
                    07:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:24:86:A1:81:65:89:D4:F5:7F:DB:D1:2B:6B:88:26:16:78:88:DE
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS36530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.108.0/24
                  141.11.140.0/23
                  141.11.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:fa:62:fd:b7:03:50:0e:98:4c:f4:29:43:dc:06:9a:32:d5:
         e7:42:1f:88:f0:85:9c:f1:af:7d:22:da:b7:c2:5a:5d:7f:50:
         54:73:af:b1:ee:55:41:84:fa:76:2f:dd:80:a0:10:00:9c:9e:
         a3:1c:e2:ac:c0:df:af:a6:cc:ec:67:11:9a:2f:ba:f3:df:42:
         cd:cc:26:6a:b0:e5:48:ce:a3:8e:0d:04:f3:b1:b3:63:79:7d:
         36:92:48:f9:dd:25:87:1e:93:48:c0:bb:65:51:a2:41:e7:aa:
         b8:81:02:09:fe:7f:ff:ae:81:79:da:b5:49:de:20:d3:b4:52:
         90:65:9a:02:e2:3b:f8:b6:ea:81:11:01:b8:eb:45:53:26:78:
         c4:d9:b5:47:ca:b2:8d:1e:bb:4a:75:9a:b3:f1:a8:f3:dc:e0:
         d8:1c:1f:93:4f:00:96:78:de:c0:c7:8f:4e:a5:8b:d1:7d:98:
         a5:35:55:a0:15:cf:b0:54:26:22:02:59:8f:77:21:c3:58:4b:
         04:68:0a:a4:53:93:97:b3:89:2d:fd:eb:60:dc:d5:75:be:fb:
         dd:6a:56:cb:ff:20:c6:ae:67:bc:fe:c1:87:bd:89:ec:9c:df:
         64:43:21:0b:dc:5a:fe:fe:c2:0c:75:ff:dd:83:f0:a5:70:ff:
         59:e4:bc:28
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUWcBhfBEYmn5KubIrsiwLjpGzs9EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA5MjAxMzMxMjVaFw0yNjA5MTkxMzM2MjVaMDMxMTAvBgNV
BAMTKDg1MjQ4NkExODE2NTg5RDRGNTdGREJEMTJCNkI4ODI2MTY3ODg4REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdqyFdzp+4smxImfl5lcUQdmxL
U4nArL4LJF/J/eUhsOYe1pIntpA/gYU0CUhn4W6iPu/cR9ARtT8/NMkvetb61GrH
9Y1Bc+7ZWD7g5AB4bEetW71bHymYsU7qbOFEzfBh6MI6WxYgG1jL9FCTli828/m5
TEv39xzK+Ib+EOOXTPDj9LbV2HShMpdplImyuKGODdVK/sF5eeqAuke7SaarABYI
mJowjekknM3Gnwa5oMUs0+qta2OqNMqtYObo8k6esLDaT6Ab7fK30VdQKenPF3k1
o8/nu4QsB18w2jRu4OF+qJyCeF7cz7j1WIBE52tKrgGET4P8PO+k4+j0TQe5AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUhSSGoYFlidT1f9vRK2uIJhZ4iN4wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzY1MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACNC2wD
BAGNC4wDBACNC/AwDQYJKoZIhvcNAQELBQADggEBAGT6Yv23A1AOmEz0KUPcBpoy
1edCH4jwhZzxr30i2rfCWl1/UFRzr7HuVUGE+nYv3YCgEACcnqMc4qzA36+mzOxn
EZovuvPfQs3MJmqw5UjOo44NBPOxs2N5fTaSSPndJYcek0jAu2VRokHnqriBAgn+
f/+ugXnatUneINO0UpBlmgLiO/i26oERAbjrRVMmeMTZtUfKso0eu0p1mrPxqPPc
4NgcH5NPAJZ43sDHj06li9F9mKU1VaAVz7BUJiICWY93IcNYSwRoCqRTk5eziS39
62Dc1XW++91qVsv/IMauZ7z+wYe9ieyc32RDIQvcWv7+wgx1/92D8KVw/1nkvCg=
-----END CERTIFICATE-----