Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36530.roa
File:                     AS36530.roa (raw, json)
Hash identifier:          4aZTZk5/xkYsghzH9zk/42s+tT6iXcxOF4nLmqQgIOg=
Subject key identifier:   E3:54:7B:87:B1:D0:5B:CF:42:5A:FD:AC:ED:8D:55:0F:F7:03:E5:7B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4E9866DC53417EED04EFEF73B2570BEEE6FBD5C7
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36530.roa
Signing time:             Sat 14 Feb 2026 08:56:49 +0000
ROA not before:           Sat 14 Feb 2026 08:51:49 +0000
ROA not after:            Sat 13 Feb 2027 08:56:49 +0000
asID:                     36530
IP address blocks:        181.41.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:98:66:dc:53:41:7e:ed:04:ef:ef:73:b2:57:0b:ee:e6:fb:d5:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 14 08:51:49 2026 GMT
            Not After : Feb 13 08:56:49 2027 GMT
        Subject: CN=E3547B87B1D05BCF425AFDACED8D550FF703E57B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:58:50:e4:1c:95:46:48:0a:17:12:9d:4d:fd:
                    13:0e:67:2f:64:94:1d:c9:60:33:69:ff:c3:27:f1:
                    f3:41:c4:e5:50:da:93:27:b0:32:61:05:a7:07:db:
                    0a:7c:7d:9f:e1:7a:78:4f:cb:fc:bc:a8:2b:04:96:
                    e4:eb:9d:16:86:a8:88:e9:ca:61:e4:e7:39:0b:83:
                    e5:6d:56:df:a9:5f:69:13:8c:e1:be:58:38:09:ba:
                    38:be:17:e7:4e:3b:15:3a:df:03:ac:1a:f3:9e:7d:
                    d5:e2:c7:3e:85:7b:88:1c:70:4f:41:e3:43:73:29:
                    20:e5:42:cc:e6:ba:33:cf:1f:2f:e6:7b:80:e5:b9:
                    f2:cc:60:bd:f4:9b:71:9b:a5:b8:af:8a:84:bb:62:
                    65:fd:83:cd:78:f8:c4:7e:ef:63:fa:2a:3a:f1:f3:
                    02:1a:5e:12:5d:80:a7:1b:2e:40:71:82:a2:03:cc:
                    8d:3f:a4:28:aa:e7:f5:92:bc:56:7c:ea:8f:b3:fd:
                    83:ab:7c:f6:44:82:25:15:cc:c9:7e:cd:06:f8:ff:
                    10:2f:08:8a:b6:54:e0:a4:ef:20:52:7b:c5:c6:97:
                    dd:c5:f6:e5:4d:73:80:3c:d5:b3:45:73:2b:68:2c:
                    fb:13:c6:2e:94:fc:59:72:52:f0:71:5c:b9:c2:6b:
                    58:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:54:7B:87:B1:D0:5B:CF:42:5A:FD:AC:ED:8D:55:0F:F7:03:E5:7B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:a6:04:75:f5:c6:3a:b1:83:a7:ff:bb:99:e5:12:e9:1a:18:
         85:5d:93:c0:15:86:45:3f:28:85:81:d1:11:52:d8:bf:a8:28:
         e4:29:c1:46:6e:fa:1c:56:c1:aa:73:c2:42:97:a2:c2:e4:cf:
         85:bc:bf:03:5d:2a:87:ae:ef:03:79:8f:13:99:9a:04:35:41:
         de:9f:2b:47:50:cc:41:1c:3d:3b:4d:e5:b9:28:fd:08:f8:2d:
         43:b6:1d:90:ce:bb:94:48:23:22:0c:0a:59:d5:04:f0:f3:22:
         da:e3:09:9a:eb:bb:21:9c:76:1e:cf:ac:87:ef:cd:2c:b9:01:
         6c:35:27:a2:c3:6e:19:3d:2c:32:35:99:2b:d5:57:b4:13:17:
         15:ce:54:e7:a4:5f:75:d1:8f:d2:ba:a9:25:57:6e:81:cf:9d:
         64:ee:45:dd:cf:2c:78:a5:5d:26:cd:dc:9d:2f:aa:36:4d:80:
         61:2e:06:b5:3d:cc:14:6e:b8:b2:0b:2d:9b:88:58:e3:fa:13:
         14:7e:db:66:4c:a9:34:12:d3:5a:30:6d:27:97:d5:de:8b:49:
         ad:79:4d:61:a8:83:43:7f:7f:24:7d:39:32:e8:00:84:01:c0:
         37:28:2f:e3:bc:8d:a9:fe:b1:86:bf:20:e2:17:f0:09:42:d3:
         08:24:25:f3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUTphm3FNBfu0E7+9zslcL7ub71ccwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMTQwODUxNDlaFw0yNzAyMTMwODU2NDlaMDMxMTAvBgNV
BAMTKEUzNTQ3Qjg3QjFEMDVCQ0Y0MjVBRkRBQ0VEOEQ1NTBGRjcwM0U1N0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1WFDkHJVGSAoXEp1N/RMOZy9k
lB3JYDNp/8Mn8fNBxOVQ2pMnsDJhBacH2wp8fZ/henhPy/y8qCsEluTrnRaGqIjp
ymHk5zkLg+VtVt+pX2kTjOG+WDgJuji+F+dOOxU63wOsGvOefdXixz6Fe4gccE9B
40NzKSDlQszmujPPHy/me4DlufLMYL30m3GbpbivioS7YmX9g814+MR+72P6Kjrx
8wIaXhJdgKcbLkBxgqIDzI0/pCiq5/WSvFZ86o+z/YOrfPZEgiUVzMl+zQb4/xAv
CIq2VOCk7yBSe8XGl93F9uVNc4A81bNFcytoLPsTxi6U/FlyUvBxXLnCa1gLAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU41R7h7HQW89CWv2s7Y1VD/cD5XswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzY1MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC1Kdkw
DQYJKoZIhvcNAQELBQADggEBACymBHX1xjqxg6f/u5nlEukaGIVdk8AVhkU/KIWB
0RFS2L+oKOQpwUZu+hxWwapzwkKXosLkz4W8vwNdKoeu7wN5jxOZmgQ1Qd6fK0dQ
zEEcPTtN5bko/Qj4LUO2HZDOu5RIIyIMClnVBPDzItrjCZrruyGcdh7PrIfvzSy5
AWw1J6LDbhk9LDI1mSvVV7QTFxXOVOekX3XRj9K6qSVXboHPnWTuRd3PLHilXSbN
3J0vqjZNgGEuBrU9zBRuuLILLZuIWOP6ExR+22ZMqTQS01owbSeX1d6LSa15TWGo
g0N/fyR9OTLoAIQBwDcoL+O8jan+sYa/IOIX8AlC0wgkJfM=
-----END CERTIFICATE-----