Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS30058.roa
File:                     AS30058.roa (raw, json)
Hash identifier:          HqY6X6lTBUWnXISQJmWfl26RYcopZUpfQdfG7rkyyRc=
Subject key identifier:   59:DD:38:50:04:3E:E5:D6:BF:19:B8:19:EF:0C:67:BF:16:B9:39:D4
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7C93C32A25F975E70432E01CBF98AE417AD23643
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS30058.roa
Signing time:             Thu 16 Apr 2026 00:15:48 +0000
ROA not before:           Thu 16 Apr 2026 00:10:48 +0000
ROA not after:            Thu 15 Apr 2027 00:15:48 +0000
asID:                     30058
IP address blocks:        96.62.243.0/24 maxlen: 24
                          150.241.199.0/24 maxlen: 24
                          155.117.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:93:c3:2a:25:f9:75:e7:04:32:e0:1c:bf:98:ae:41:7a:d2:36:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 16 00:10:48 2026 GMT
            Not After : Apr 15 00:15:48 2027 GMT
        Subject: CN=59DD3850043EE5D6BF19B819EF0C67BF16B939D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:48:62:c2:c3:0c:73:6a:64:59:d4:10:4d:7f:
                    68:19:d0:34:c4:c8:92:b4:5e:e1:5d:49:cd:a0:9e:
                    2b:aa:5b:08:4e:1a:7c:c3:0f:dc:b5:fa:74:c4:61:
                    cc:0b:cc:48:f6:62:f3:cf:23:e8:a1:ce:2d:c1:40:
                    e3:75:19:f7:ae:11:d5:4b:fe:ff:0f:71:0b:ae:f8:
                    67:48:07:2b:8e:0a:32:a0:1b:da:32:35:56:02:2d:
                    64:70:52:6f:f2:4b:4d:5c:29:b0:7e:74:a4:ec:35:
                    a6:2a:74:d8:5f:c3:c8:80:6c:a3:01:e2:44:44:c7:
                    65:74:6c:8c:5d:fd:98:43:bc:00:37:0b:d7:6f:cc:
                    0c:ca:e0:00:dd:36:d1:01:b8:bc:c4:3a:3b:7f:56:
                    9f:b8:d6:6a:e4:55:bd:b3:74:48:d2:c2:0f:7e:12:
                    84:6a:2d:54:71:33:45:dd:50:a7:42:b1:dc:2b:69:
                    4d:06:26:3e:c8:75:72:55:e0:bd:15:ea:de:58:dc:
                    9f:db:21:26:1b:b3:17:51:d7:3f:f1:7f:64:13:36:
                    73:3d:da:0b:cf:7b:47:64:ba:5c:ab:7f:9c:a5:ea:
                    22:f6:c5:51:f2:b2:51:0b:7b:f3:2b:d5:db:27:06:
                    5a:4c:c2:76:26:8c:da:7e:f9:97:13:60:83:15:46:
                    8f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:DD:38:50:04:3E:E5:D6:BF:19:B8:19:EF:0C:67:BF:16:B9:39:D4
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS30058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.243.0/24
                  150.241.199.0/24
                  155.117.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:0f:fe:ce:b6:e2:41:e7:e8:0f:a6:58:35:85:2c:f8:64:ef:
         d0:d2:05:28:da:67:39:dc:3b:33:06:a4:b0:7e:9f:97:93:55:
         40:16:3e:c9:28:f5:00:e6:fd:57:15:98:52:a4:6f:13:53:83:
         ac:d6:a5:28:32:ff:a1:ce:eb:95:42:39:f8:9d:8f:c1:ae:20:
         22:d1:a7:01:98:38:2c:a5:e7:c0:6b:ce:4d:31:21:63:7e:5a:
         56:9d:72:44:d2:2d:9e:66:fa:4b:42:34:28:49:ec:ff:87:f4:
         1b:92:0c:a6:1b:54:7e:47:78:4e:6b:44:05:5d:a9:e2:12:49:
         14:43:d1:40:6a:13:4e:98:1b:d9:e1:9a:7a:46:8e:c6:52:8e:
         97:3e:80:04:4b:ef:48:8b:03:0a:0a:66:bb:f3:62:10:86:63:
         f8:91:c4:ad:c6:3c:e1:13:32:69:be:2f:c4:52:56:e8:0c:ec:
         27:c2:16:4d:2e:29:74:92:c2:8d:44:26:e8:c2:01:30:9d:81:
         9e:ec:67:f1:54:89:c0:f3:64:d0:90:78:1a:2c:0c:3b:81:02:
         b0:49:ed:46:56:81:9d:5b:36:fc:19:cb:69:66:83:87:c9:0e:
         30:3d:df:9c:85:1b:3a:65:8b:40:3d:f7:e1:65:1f:e5:04:eb:
         30:91:d5:b7
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUfJPDKiX5decEMuAcv5iuQXrSNkMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MTYwMDEwNDhaFw0yNzA0MTUwMDE1NDhaMDMxMTAvBgNV
BAMTKDU5REQzODUwMDQzRUU1RDZCRjE5QjgxOUVGMEM2N0JGMTZCOTM5RDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3SGLCwwxzamRZ1BBNf2gZ0DTE
yJK0XuFdSc2gniuqWwhOGnzDD9y1+nTEYcwLzEj2YvPPI+ihzi3BQON1GfeuEdVL
/v8PcQuu+GdIByuOCjKgG9oyNVYCLWRwUm/yS01cKbB+dKTsNaYqdNhfw8iAbKMB
4kREx2V0bIxd/ZhDvAA3C9dvzAzK4ADdNtEBuLzEOjt/Vp+41mrkVb2zdEjSwg9+
EoRqLVRxM0XdUKdCsdwraU0GJj7IdXJV4L0V6t5Y3J/bISYbsxdR1z/xf2QTNnM9
2gvPe0dkulyrf5yl6iL2xVHyslELe/Mr1dsnBlpMwnYmjNp++ZcTYIMVRo/dAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUWd04UAQ+5da/GbgZ7wxnvxa5OdQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzAwNTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABgPvMD
BACW8ccDBACbdZMwDQYJKoZIhvcNAQELBQADggEBAEMP/s624kHn6A+mWDWFLPhk
79DSBSjaZzncOzMGpLB+n5eTVUAWPsko9QDm/VcVmFKkbxNTg6zWpSgy/6HO65VC
Ofidj8GuICLRpwGYOCyl58Brzk0xIWN+WladckTSLZ5m+ktCNChJ7P+H9BuSDKYb
VH5HeE5rRAVdqeISSRRD0UBqE06YG9nhmnpGjsZSjpc+gARL70iLAwoKZrvzYhCG
Y/iRxK3GPOETMmm+L8RSVugM7CfCFk0uKXSSwo1EJujCATCdgZ7sZ/FUicDzZNCQ
eBosDDuBArBJ7UZWgZ1bNvwZy2lmg4fJDjA935yFGzpli0A99+FlH+UE6zCR1bc=
-----END CERTIFICATE-----