Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
File:                     AS30058.roa (raw, json)
Hash identifier:          OefUjF5oG+JSsbzhAiIDiQeJhT6yexhGzfXTVRowZp8=
Subject key identifier:   98:7A:C9:81:FD:67:12:8A:93:00:70:31:66:48:1E:C6:3F:2C:F0:CD
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       64DA6721EF628CBD350923342B2FE3D1B709936D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
Signing time:             Sat 26 Jul 2025 00:00:05 +0000
ROA not before:           Fri 25 Jul 2025 23:55:05 +0000
ROA not after:            Sat 25 Jul 2026 00:00:05 +0000
asID:                     30058
IP address blocks:        45.89.249.0/24 maxlen: 24
                          181.215.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:da:67:21:ef:62:8c:bd:35:09:23:34:2b:2f:e3:d1:b7:09:93:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 25 23:55:05 2025 GMT
            Not After : Jul 25 00:00:05 2026 GMT
        Subject: CN=987AC981FD67128A9300703166481EC63F2CF0CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d7:58:1c:71:11:45:6c:a4:9a:76:14:74:14:
                    76:36:2f:ef:c8:0a:81:81:10:08:26:29:39:f2:e8:
                    a8:3b:08:d8:58:3d:79:81:38:f1:3a:8d:ee:70:10:
                    b2:64:70:74:6a:31:7a:2d:be:48:d4:ba:8c:86:f4:
                    bf:2c:9a:b2:7c:0e:18:85:30:c5:5e:e4:45:f3:8a:
                    fc:0b:d7:07:a7:1a:92:dd:85:2c:b6:09:42:88:43:
                    af:1b:42:30:a2:49:8d:29:43:55:a2:0a:ca:60:b8:
                    9c:14:88:af:6e:fd:e8:0c:35:f2:10:ca:69:ed:e9:
                    a9:63:da:82:1e:40:31:2d:4d:6d:33:10:3e:22:b9:
                    69:47:d5:ee:1d:2d:1c:6e:fb:8d:dd:13:49:3e:a9:
                    d2:74:cf:cf:8d:2a:c1:6e:e2:2e:f7:d9:30:08:f4:
                    c5:ce:1f:5c:79:1e:df:df:45:30:38:01:66:90:db:
                    da:ba:74:77:c6:03:a8:9d:26:de:6b:b5:69:89:86:
                    3a:d0:fd:99:ee:0d:8b:2a:17:13:f1:c5:e2:53:f4:
                    d9:13:11:a9:65:2d:a1:81:0a:01:4c:40:c6:04:d3:
                    8c:4b:26:b0:28:fe:0f:31:a1:d3:a6:7b:02:41:99:
                    e6:23:e9:8b:48:86:5c:d8:33:27:74:fa:2c:a1:f2:
                    8c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:7A:C9:81:FD:67:12:8A:93:00:70:31:66:48:1E:C6:3F:2C:F0:CD
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.249.0/24
                  181.215.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:7b:a4:4b:08:05:5a:a0:f8:6f:7b:2c:79:37:37:d7:c8:4b:
         f7:a4:1f:65:3b:27:2f:ae:83:40:ac:2e:98:71:e3:5d:9b:52:
         89:5b:ea:02:92:0a:67:6f:30:c8:31:fa:7a:51:f8:80:6c:0f:
         84:53:b6:93:45:d7:06:ec:43:98:05:5a:10:4b:b5:b8:e8:4f:
         e5:1f:9e:08:37:e6:a6:c1:85:18:1a:cf:e9:1f:0d:c6:a6:43:
         cb:08:ed:ce:70:70:8c:b1:a0:0c:0a:ed:bc:86:b1:ca:3c:2a:
         61:34:4c:e2:81:ab:f1:52:c0:c0:72:e5:1a:a1:47:59:3a:60:
         f5:8d:cc:23:48:bb:cd:cb:c7:c8:fb:3d:a2:9e:f2:6f:87:1a:
         64:9a:3b:54:9c:c5:d6:a4:ac:cf:b6:da:42:61:b1:b3:25:3b:
         ab:60:bd:28:09:72:21:6f:22:68:2a:e6:5d:b3:49:c1:e8:79:
         49:9b:85:f3:4c:37:cb:e1:f3:39:b5:0f:73:40:cc:67:e6:44:
         cb:84:3f:eb:f9:4d:19:b5:1f:07:56:0e:e3:4f:cd:83:2e:8e:
         32:c6:61:c9:c5:76:0c:da:1f:c3:46:e0:e9:ae:56:1d:81:b1:
         96:b9:da:ae:e2:bb:d7:9a:86:7f:23:ba:6f:c7:ec:a2:79:9c:
         07:48:d9:a1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUZNpnIe9ijL01CSM0Ky/j0bcJk20wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MjUyMzU1MDVaFw0yNjA3MjUwMDAwMDVaMDMxMTAvBgNV
BAMTKDk4N0FDOTgxRkQ2NzEyOEE5MzAwNzAzMTY2NDgxRUM2M0YyQ0YwQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe11gccRFFbKSadhR0FHY2L+/I
CoGBEAgmKTny6Kg7CNhYPXmBOPE6je5wELJkcHRqMXotvkjUuoyG9L8smrJ8DhiF
MMVe5EXzivwL1wenGpLdhSy2CUKIQ68bQjCiSY0pQ1WiCspguJwUiK9u/egMNfIQ
ymnt6alj2oIeQDEtTW0zED4iuWlH1e4dLRxu+43dE0k+qdJ0z8+NKsFu4i732TAI
9MXOH1x5Ht/fRTA4AWaQ29q6dHfGA6idJt5rtWmJhjrQ/ZnuDYsqFxPxxeJT9NkT
EallLaGBCgFMQMYE04xLJrAo/g8xodOmewJBmeYj6YtIhlzYMyd0+iyh8oxpAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUmHrJgf1nEoqTAHAxZkgexj8s8M0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzAwNTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtWfkD
BAC111gwDQYJKoZIhvcNAQELBQADggEBAKR7pEsIBVqg+G97LHk3N9fIS/ekH2U7
Jy+ug0CsLphx412bUolb6gKSCmdvMMgx+npR+IBsD4RTtpNF1wbsQ5gFWhBLtbjo
T+Ufngg35qbBhRgaz+kfDcamQ8sI7c5wcIyxoAwK7byGsco8KmE0TOKBq/FSwMBy
5RqhR1k6YPWNzCNIu83Lx8j7PaKe8m+HGmSaO1ScxdakrM+22kJhsbMlO6tgvSgJ
ciFvImgq5l2zScHoeUmbhfNMN8vh8zm1D3NAzGfmRMuEP+v5TRm1HwdWDuNPzYMu
jjLGYcnFdgzaH8NG4OmuVh2BsZa52q7iu9eahn8jum/H7KJ5nAdI2aE=
-----END CERTIFICATE-----