Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
File:                     AS30058.roa (raw, json)
Hash identifier:          4A6BpFpNO/UfeCe2IJIrG2v/5K2ZR+p7gOxiZTGkHho=
Subject key identifier:   21:5C:C4:BC:79:99:5F:39:C8:28:BA:3A:6D:DE:3A:31:67:13:4F:E3
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       76B3FBDC1717320D5D3BE0A8E8B82958EF6A0E24
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
Signing time:             Fri 12 Jun 2026 00:04:19 +0000
ROA not before:           Thu 11 Jun 2026 23:59:19 +0000
ROA not after:            Fri 11 Jun 2027 00:04:19 +0000
asID:                     30058
IP address blocks:        181.214.124.0/24 maxlen: 24
                          181.214.182.0/24 maxlen: 24
                          181.215.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 14:27:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:b3:fb:dc:17:17:32:0d:5d:3b:e0:a8:e8:b8:29:58:ef:6a:0e:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 11 23:59:19 2026 GMT
            Not After : Jun 11 00:04:19 2027 GMT
        Subject: CN=215CC4BC79995F39C828BA3A6DDE3A3167134FE3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:28:88:47:08:89:f7:3c:b2:c2:b1:43:c9:e5:
                    10:b4:88:c5:93:61:dd:e7:a5:27:ea:0b:d6:b3:15:
                    07:83:35:34:3f:66:e6:0f:09:b2:e6:2a:12:b2:01:
                    90:3d:7d:fe:c5:c4:04:61:ce:33:94:0f:ef:f6:38:
                    44:87:04:ae:c1:1f:f0:5a:a0:1f:27:11:fb:98:1d:
                    8d:b2:9b:d4:c1:a6:64:9e:57:ba:98:09:c4:f3:84:
                    af:14:22:c2:04:86:b9:4a:78:58:8f:83:fd:dd:d2:
                    22:a8:db:87:e3:2c:99:0e:91:b2:db:33:f2:85:f4:
                    cb:fb:a1:b6:da:c5:94:36:93:ee:3b:6e:3e:db:97:
                    b8:54:4c:b1:a1:9c:46:24:a3:cf:d4:88:8a:fb:fb:
                    c2:a9:e6:da:de:e4:48:88:89:2b:06:a6:32:6f:1d:
                    9a:58:f7:c8:f5:d4:87:b3:89:90:6b:f5:10:59:95:
                    04:2c:03:00:df:4e:e8:0f:0e:a1:27:c5:26:94:20:
                    5d:29:b7:56:e7:f2:1a:e3:a5:47:0b:9f:29:91:4d:
                    d5:e5:32:0d:9f:14:b5:ac:2f:1c:31:30:0a:e4:82:
                    ae:8e:fa:08:13:77:78:db:e8:7f:ca:ba:84:c4:41:
                    b7:23:50:26:79:87:4a:f3:a7:f6:06:6b:73:c4:05:
                    17:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:5C:C4:BC:79:99:5F:39:C8:28:BA:3A:6D:DE:3A:31:67:13:4F:E3
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.124.0/24
                  181.214.182.0/24
                  181.215.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:a3:8d:ad:d4:23:04:1e:7b:93:cc:85:df:f7:a6:b2:da:0b:
         78:ac:85:7b:ba:cd:78:cc:ad:67:09:0e:4c:6b:32:b9:26:a6:
         d4:54:73:70:3c:f7:8d:8a:d5:7e:38:57:70:e7:b4:55:48:25:
         21:17:f4:06:1f:ad:5e:b1:96:c5:8e:a0:54:f4:a4:a8:64:2a:
         52:b0:3c:76:ee:f9:fd:69:51:16:73:62:51:da:14:3c:c2:72:
         d2:42:84:6f:18:68:8b:06:f2:25:17:91:71:58:a1:6b:ed:f5:
         77:32:ec:f9:67:07:eb:10:16:06:76:47:b2:5a:4d:54:69:74:
         1a:5b:78:12:c3:56:33:b8:67:15:ae:2d:5e:5e:83:5b:52:08:
         64:4f:7f:8c:ec:aa:31:c2:7c:f9:60:74:0f:ba:6f:23:99:b6:
         28:6b:bc:92:e0:3d:4c:cd:ed:4a:0a:7d:d0:b3:8b:04:8e:e8:
         d0:02:eb:3c:26:bf:29:87:2f:75:d2:6e:ac:51:9f:49:86:4d:
         54:61:a4:7c:1a:a7:3d:9f:17:d9:e4:06:1a:b3:11:c3:73:20:
         0f:70:04:59:43:02:fe:a2:2f:3d:56:df:a8:40:a0:44:b2:3f:
         dd:7d:c8:4e:54:0f:df:c4:ac:b2:8f:bf:12:8a:24:3a:65:17:
         88:8a:ce:a3
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUdrP73BcXMg1dO+Co6LgpWO9qDiQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MTEyMzU5MTlaFw0yNzA2MTEwMDA0MTlaMDMxMTAvBgNV
BAMTKDIxNUNDNEJDNzk5OTVGMzlDODI4QkEzQTZEREUzQTMxNjcxMzRGRTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPKIhHCIn3PLLCsUPJ5RC0iMWT
Yd3npSfqC9azFQeDNTQ/ZuYPCbLmKhKyAZA9ff7FxARhzjOUD+/2OESHBK7BH/Ba
oB8nEfuYHY2ym9TBpmSeV7qYCcTzhK8UIsIEhrlKeFiPg/3d0iKo24fjLJkOkbLb
M/KF9Mv7obbaxZQ2k+47bj7bl7hUTLGhnEYko8/UiIr7+8Kp5tre5EiIiSsGpjJv
HZpY98j11IeziZBr9RBZlQQsAwDfTugPDqEnxSaUIF0pt1bn8hrjpUcLnymRTdXl
Mg2fFLWsLxwxMArkgq6O+ggTd3jb6H/KuoTEQbcjUCZ5h0rzp/YGa3PEBRfVAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUIVzEvHmZXznIKLo6bd46MWcTT+MwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzAwNTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAC11nwD
BAC11rYDBAC1120wDQYJKoZIhvcNAQELBQADggEBAC+jja3UIwQee5PMhd/3prLa
C3ishXu6zXjMrWcJDkxrMrkmptRUc3A8942K1X44V3DntFVIJSEX9AYfrV6xlsWO
oFT0pKhkKlKwPHbu+f1pURZzYlHaFDzCctJChG8YaIsG8iUXkXFYoWvt9Xcy7Pln
B+sQFgZ2R7JaTVRpdBpbeBLDVjO4ZxWuLV5eg1tSCGRPf4zsqjHCfPlgdA+6byOZ
tihrvJLgPUzN7UoKfdCziwSO6NAC6zwmvymHL3XSbqxRn0mGTVRhpHwapz2fF9nk
BhqzEcNzIA9wBFlDAv6iLz1W36hAoESyP919yE5UD9/ErLKPvxKKJDplF4iKzqM=
-----END CERTIFICATE-----