Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
File:                     AS30058.roa (raw, json)
Hash identifier:          xIoe8OGehqhRHgKyMF5NMoKv61P66DOfr2vBPViuQ+k=
Subject key identifier:   F8:85:88:C1:5E:23:6E:D7:0A:D5:3E:E3:7B:10:0E:A6:BD:6A:E1:01
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       60781AEC8A32C7603DB804BC49450B99B54A4150
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
Signing time:             Fri 27 Mar 2026 10:29:28 +0000
ROA not before:           Fri 27 Mar 2026 10:24:28 +0000
ROA not after:            Fri 26 Mar 2027 10:29:28 +0000
asID:                     30058
IP address blocks:        181.214.124.0/24 maxlen: 24
                          181.215.108.0/24 maxlen: 24
                          181.215.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 15:58:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:78:1a:ec:8a:32:c7:60:3d:b8:04:bc:49:45:0b:99:b5:4a:41:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 27 10:24:28 2026 GMT
            Not After : Mar 26 10:29:28 2027 GMT
        Subject: CN=F88588C15E236ED70AD53EE37B100EA6BD6AE101
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:21:6c:38:d5:0e:78:ac:b2:fe:cd:60:30:31:
                    37:3a:c0:a8:97:a5:22:46:e0:62:c4:3e:ff:f6:04:
                    4f:3a:49:dc:62:42:8a:3b:82:a2:38:87:5b:bf:00:
                    9f:7a:5d:0d:44:d0:f9:08:e2:7f:63:a0:74:29:9e:
                    f3:b4:c4:92:e7:cf:3f:3b:6c:32:cd:af:f4:75:9c:
                    c7:ac:7a:0b:03:12:da:fc:f8:ab:3b:d9:fe:2e:15:
                    94:38:bf:45:8c:c6:7a:8c:98:76:23:76:a6:ce:c7:
                    58:66:f0:de:0b:b2:aa:d4:0e:13:9a:c2:46:57:7f:
                    7f:99:af:fc:a7:cc:7f:16:bf:eb:65:1c:c2:0e:4f:
                    24:5e:78:59:29:05:3b:a7:a4:4a:2f:41:85:37:d8:
                    ee:1d:a9:af:98:5e:92:20:b0:0a:d7:d0:41:c6:0d:
                    40:1c:95:6d:7a:0a:73:cf:b1:80:5a:4f:05:98:98:
                    9b:82:90:49:20:f6:2a:38:47:cf:f1:62:00:c0:5a:
                    32:6d:2b:b8:12:26:78:80:70:fc:b9:86:1a:70:b4:
                    37:6e:72:43:c9:55:ec:e8:c7:ed:a1:94:f9:a6:e6:
                    71:2c:da:c8:a5:4a:7b:d4:22:bb:68:ab:24:ff:08:
                    a1:52:bf:41:67:78:95:e2:01:30:9c:64:59:ff:6d:
                    d8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:85:88:C1:5E:23:6E:D7:0A:D5:3E:E3:7B:10:0E:A6:BD:6A:E1:01
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.124.0/24
                  181.215.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:ee:96:a9:50:c0:43:6f:69:7d:d5:32:51:f0:e1:eb:79:25:
         e8:83:8c:d9:34:ee:cd:4a:09:7e:f2:4b:4a:81:5f:a2:01:25:
         32:ef:80:4d:8d:d7:fe:4b:2f:38:78:13:d3:13:0a:56:c8:79:
         d8:34:6a:68:28:b7:36:59:87:a1:90:3e:35:36:3b:a0:12:c8:
         c7:c2:92:55:0d:0c:96:da:ef:8c:55:57:85:62:05:ec:84:ca:
         73:30:ca:97:2a:9b:83:94:ae:65:4f:d5:65:0c:f5:90:1c:62:
         e8:f2:da:06:54:9d:27:6c:93:8e:ee:e6:df:e0:89:31:a9:63:
         ee:aa:8d:5d:1f:84:0e:4d:fa:b0:1c:72:04:e6:7f:af:a1:92:
         2a:00:49:1b:26:77:de:92:a2:f2:7c:a9:fb:77:f0:ec:37:f8:
         ca:fa:99:17:86:e4:66:8c:2d:c3:b3:14:00:0e:e2:b4:f3:86:
         27:d5:9c:b9:03:52:95:35:4b:ff:74:4e:8d:57:6a:0b:be:f6:
         81:7c:23:b7:2b:ed:7d:78:bc:50:3d:65:6e:6b:69:c1:3b:59:
         60:88:3f:e0:7d:ab:65:37:a2:97:00:56:a7:f1:96:43:33:48:
         c7:c1:5f:06:04:00:36:ba:e4:fe:29:be:be:42:d7:ab:c0:0e:
         a5:3b:54:70
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUYHga7Ioyx2A9uAS8SUULmbVKQVAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMjcxMDI0MjhaFw0yNzAzMjYxMDI5MjhaMDMxMTAvBgNV
BAMTKEY4ODU4OEMxNUUyMzZFRDcwQUQ1M0VFMzdCMTAwRUE2QkQ2QUUxMDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGIWw41Q54rLL+zWAwMTc6wKiX
pSJG4GLEPv/2BE86SdxiQoo7gqI4h1u/AJ96XQ1E0PkI4n9joHQpnvO0xJLnzz87
bDLNr/R1nMesegsDEtr8+Ks72f4uFZQ4v0WMxnqMmHYjdqbOx1hm8N4LsqrUDhOa
wkZXf3+Zr/ynzH8Wv+tlHMIOTyReeFkpBTunpEovQYU32O4dqa+YXpIgsArX0EHG
DUAclW16CnPPsYBaTwWYmJuCkEkg9io4R8/xYgDAWjJtK7gSJniAcPy5hhpwtDdu
ckPJVezox+2hlPmm5nEs2silSnvUIrtoqyT/CKFSv0FneJXiATCcZFn/bdihAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU+IWIwV4jbtcK1T7jexAOpr1q4QEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzAwNTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11nwD
BAG112wwDQYJKoZIhvcNAQELBQADggEBAI/ulqlQwENvaX3VMlHw4et5JeiDjNk0
7s1KCX7yS0qBX6IBJTLvgE2N1/5LLzh4E9MTClbIedg0amgotzZZh6GQPjU2O6AS
yMfCklUNDJba74xVV4ViBeyEynMwypcqm4OUrmVP1WUM9ZAcYujy2gZUnSdsk47u
5t/giTGpY+6qjV0fhA5N+rAccgTmf6+hkioASRsmd96SovJ8qft38Ow3+Mr6mReG
5GaMLcOzFAAO4rTzhifVnLkDUpU1S/90To1Xagu+9oF8I7cr7X14vFA9ZW5racE7
WWCIP+B9q2U3opcAVqfxlkMzSMfBXwYEADa65P4pvr5C16vADqU7VHA=
-----END CERTIFICATE-----