Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS58061.roa
File:                     AS58061.roa (raw, json)
Hash identifier:          zqq1qFuuDT2WzPmPIo5qj8WmUan4MWQnemTZSX4MEq8=
Subject key identifier:   F5:5B:E0:13:9A:20:0F:92:F2:4B:F8:FA:8F:F3:B2:38:BF:44:B4:72
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       53D437C3F115B098DE679EBF4F23256331B581DD
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS58061.roa
Signing time:             Mon 16 Mar 2026 00:00:41 +0000
ROA not before:           Sun 15 Mar 2026 23:55:41 +0000
ROA not after:            Mon 15 Mar 2027 00:00:41 +0000
asID:                     58061
IP address blocks:        91.124.35.0/24 maxlen: 24
                          91.124.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:d4:37:c3:f1:15:b0:98:de:67:9e:bf:4f:23:25:63:31:b5:81:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar 15 23:55:41 2026 GMT
            Not After : Mar 15 00:00:41 2027 GMT
        Subject: CN=F55BE0139A200F92F24BF8FA8FF3B238BF44B472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:dd:47:98:6c:30:d2:fa:06:54:77:26:6f:4c:
                    12:e5:dc:54:0f:98:ca:eb:07:ef:50:68:03:92:d0:
                    e1:7c:04:2b:90:46:ff:72:75:24:fd:c5:e7:a8:04:
                    6a:90:86:13:01:b3:8f:fc:7b:ac:92:89:47:35:65:
                    56:83:1a:1d:d9:ed:03:19:75:42:91:23:31:c5:11:
                    f5:21:08:24:12:9b:4a:2f:b3:eb:1c:58:77:1e:59:
                    90:14:59:ab:0b:34:13:29:e7:94:d9:0b:3b:be:53:
                    09:26:f4:a4:a6:e4:ce:06:75:38:0d:ca:d2:d1:e9:
                    f1:67:58:77:00:68:1b:44:31:06:94:45:76:14:3b:
                    e5:e9:eb:1c:89:3c:ee:b5:2e:31:e6:01:50:a9:aa:
                    29:7b:39:e3:60:d9:78:a4:67:4d:b8:32:a0:5a:81:
                    79:d9:59:f8:d9:b9:15:cd:00:26:b1:59:86:bb:85:
                    93:94:57:31:f8:6a:6a:ef:2b:ae:f0:ab:27:21:85:
                    03:cb:0d:0a:08:59:4c:4a:a5:e8:7f:f3:27:32:b9:
                    3e:15:f7:7c:86:ad:70:6c:2d:c1:ce:a3:ee:a7:d9:
                    dc:ef:86:3b:f5:e6:0d:3f:d2:bb:cd:67:55:48:1b:
                    11:bb:d9:2f:5b:c6:3d:9d:ba:25:f4:9a:54:58:1c:
                    a6:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:5B:E0:13:9A:20:0F:92:F2:4B:F8:FA:8F:F3:B2:38:BF:44:B4:72
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS58061.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.35.0/24
                  91.124.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:f3:a5:74:d0:af:35:0b:dd:dc:22:8a:4d:8d:61:4f:fd:51:
         58:5a:3a:e3:85:5b:67:8c:63:51:94:3c:c1:ee:1e:b8:3f:56:
         fc:62:6b:9a:51:1e:2c:0f:b7:d4:e9:f4:02:40:04:3d:12:0f:
         12:ba:15:44:db:65:6e:0f:52:94:cc:f8:55:a3:15:36:86:1a:
         64:58:e4:e7:dd:ce:83:ca:f1:63:2b:58:6c:6f:af:58:b4:e2:
         92:ef:9a:80:3f:60:38:78:30:2f:31:8e:14:cb:22:68:b3:be:
         44:cf:0a:45:17:34:91:30:f9:c4:a4:8d:28:0b:fb:87:56:fd:
         fc:b5:09:d8:cc:2c:1f:22:85:cb:95:b1:68:e4:d1:38:de:3e:
         a4:a9:32:0d:0e:3b:eb:a1:8e:49:a1:bb:c0:dc:ed:17:2b:d4:
         16:90:2e:8d:a5:74:c6:56:3b:da:cc:44:ef:0b:8a:b6:7f:e6:
         0d:11:b0:ee:0f:73:0e:50:b6:f2:c6:47:27:80:a6:91:35:31:
         92:21:df:10:41:9b:38:4c:5c:4e:cf:3d:22:a2:5c:b7:9a:fc:
         21:11:6d:bc:b9:05:91:21:26:2f:bf:11:1d:2c:ab:71:1f:97:
         7d:65:da:9b:d1:37:cb:a7:b5:3f:f7:02:4a:70:1f:59:6f:fa:
         94:3f:97:88
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUU9Q3w/EVsJjeZ56/TyMlYzG1gd0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAzMTUyMzU1NDFaFw0yNzAzMTUwMDAwNDFaMDMxMTAvBgNV
BAMTKEY1NUJFMDEzOUEyMDBGOTJGMjRCRjhGQThGRjNCMjM4QkY0NEI0NzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC93UeYbDDS+gZUdyZvTBLl3FQP
mMrrB+9QaAOS0OF8BCuQRv9ydST9xeeoBGqQhhMBs4/8e6ySiUc1ZVaDGh3Z7QMZ
dUKRIzHFEfUhCCQSm0ovs+scWHceWZAUWasLNBMp55TZCzu+Uwkm9KSm5M4GdTgN
ytLR6fFnWHcAaBtEMQaURXYUO+Xp6xyJPO61LjHmAVCpqil7OeNg2XikZ024MqBa
gXnZWfjZuRXNACaxWYa7hZOUVzH4amrvK67wqychhQPLDQoIWUxKpeh/8ycyuT4V
93yGrXBsLcHOo+6n2dzvhjv15g0/0rvNZ1VIGxG72S9bxj2duiX0mlRYHKYXAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU9VvgE5ogD5LyS/j6j/OyOL9EtHIwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNTgwNjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABbfCMD
BABbfDEwDQYJKoZIhvcNAQELBQADggEBAJ/zpXTQrzUL3dwiik2NYU/9UVhaOuOF
W2eMY1GUPMHuHrg/Vvxia5pRHiwPt9Tp9AJABD0SDxK6FUTbZW4PUpTM+FWjFTaG
GmRY5OfdzoPK8WMrWGxvr1i04pLvmoA/YDh4MC8xjhTLImizvkTPCkUXNJEw+cSk
jSgL+4dW/fy1CdjMLB8ihcuVsWjk0TjePqSpMg0OO+uhjkmhu8Dc7Rcr1BaQLo2l
dMZWO9rMRO8LirZ/5g0RsO4Pcw5QtvLGRyeAppE1MZIh3xBBmzhMXE7PPSKiXLea
/CERbby5BZEhJi+/ER0sq3Efl31l2pvRN8untT/3AkpwH1lv+pQ/l4g=
-----END CERTIFICATE-----