Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58061.roa
File:                     AS58061.roa (raw, json)
Hash identifier:          GIsGhsMe1eMe0qq3uLyE/Y8rIyzND+hRlIORmxKlFTE=
Subject key identifier:   22:5A:BE:EA:E2:9F:EB:19:A9:FE:2B:28:20:9B:69:16:0C:5E:EE:AC
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3C4B4226B6D9D9CD76AB424FE1C2F59A844F0ECA
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58061.roa
Signing time:             Thu 19 Feb 2026 00:01:58 +0000
ROA not before:           Wed 18 Feb 2026 23:56:58 +0000
ROA not after:            Thu 18 Feb 2027 00:01:58 +0000
asID:                     58061
IP address blocks:        185.139.3.0/24 maxlen: 24
                          185.158.105.0/24 maxlen: 24
                          191.101.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:4b:42:26:b6:d9:d9:cd:76:ab:42:4f:e1:c2:f5:9a:84:4f:0e:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 18 23:56:58 2026 GMT
            Not After : Feb 18 00:01:58 2027 GMT
        Subject: CN=225ABEEAE29FEB19A9FE2B28209B69160C5EEEAC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:8d:de:26:1b:bd:9a:39:32:c6:64:5c:96:dc:
                    17:ed:77:2e:09:a8:bf:ee:80:cd:db:a2:07:17:1f:
                    54:12:16:16:3f:38:1e:43:e4:bd:ef:96:c1:81:bd:
                    64:65:9a:4f:e7:bc:85:e8:e8:eb:ff:8d:7d:d8:d0:
                    bd:6a:d5:5b:77:ae:0f:dc:0f:cd:9d:d3:3c:b3:22:
                    a8:5a:59:ba:f4:a5:98:00:9a:f8:28:dc:05:39:f0:
                    c0:a1:8d:88:09:28:ea:91:f2:23:99:f6:4d:f7:6e:
                    4a:05:14:4b:cc:c0:0d:b4:68:8a:ff:c5:ed:e9:ed:
                    fc:a0:8b:d7:8f:d4:41:3a:aa:a7:98:b8:d3:56:b6:
                    fe:b2:48:e5:08:91:0e:58:4b:fb:c0:89:9a:45:cc:
                    15:9f:17:cf:dc:bb:53:bd:68:f2:e6:04:8f:3f:b3:
                    e6:0a:a2:a1:8c:8c:d9:61:97:e5:ad:38:3b:c2:10:
                    a2:dc:ce:a9:db:c5:14:54:8b:60:d7:37:27:5f:31:
                    89:b3:55:ff:34:af:47:65:d5:6f:52:67:ca:d5:d9:
                    e7:14:af:02:da:7c:ab:b3:ff:d3:e6:48:a7:fe:6e:
                    a0:b5:c0:08:4c:48:8f:7d:0f:0f:b9:2b:97:da:ab:
                    bf:dc:01:ac:ab:b3:f9:22:9b:7b:93:b9:c5:10:76:
                    63:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:5A:BE:EA:E2:9F:EB:19:A9:FE:2B:28:20:9B:69:16:0C:5E:EE:AC
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58061.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.3.0/24
                  185.158.105.0/24
                  191.101.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:0e:96:66:41:a6:15:e7:b3:b4:30:e5:18:c8:f1:b4:9c:a3:
         b3:03:43:12:50:5c:f7:d8:f2:26:7b:1b:3d:55:37:07:44:58:
         a2:d0:2e:42:06:57:ba:8f:de:fc:9f:75:01:63:e2:0f:0e:ca:
         da:c7:ed:3a:db:6a:01:01:39:e2:ba:ba:df:79:bd:b6:eb:53:
         e0:da:25:15:25:13:ac:b8:c8:0b:19:8e:8f:86:f1:30:ff:02:
         70:38:21:18:47:7f:ac:1d:d2:37:2e:ab:ab:d2:4a:eb:f6:3d:
         4e:57:dd:bf:48:e9:d5:ae:27:a4:bd:1d:b0:ba:2b:0a:27:ae:
         7d:a2:af:75:61:05:b0:a3:af:7c:11:40:2e:e5:ae:fd:a1:33:
         14:f4:da:94:48:b8:41:22:a9:bf:ac:8e:58:32:bb:da:24:79:
         9f:8e:70:82:cc:d5:06:75:0b:34:95:5f:31:76:cc:73:f5:7a:
         47:ac:8b:42:72:11:29:dd:bf:bb:28:83:56:59:8c:ef:36:be:
         de:f1:ff:88:fb:07:07:cc:c5:bd:16:fd:70:e4:ac:b2:31:c5:
         ca:26:a9:1e:a3:e2:b9:12:85:00:41:ff:89:ec:45:50:f7:7d:
         b7:29:76:99:3b:24:62:78:d5:41:06:8f:24:7c:4c:80:2e:ac:
         17:e1:87:26
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUPEtCJrbZ2c12q0JP4cL1moRPDsowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMTgyMzU2NThaFw0yNzAyMTgwMDAxNThaMDMxMTAvBgNV
BAMTKDIyNUFCRUVBRTI5RkVCMTlBOUZFMkIyODIwOUI2OTE2MEM1RUVFQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqjd4mG72aOTLGZFyW3Bftdy4J
qL/ugM3bogcXH1QSFhY/OB5D5L3vlsGBvWRlmk/nvIXo6Ov/jX3Y0L1q1Vt3rg/c
D82d0zyzIqhaWbr0pZgAmvgo3AU58MChjYgJKOqR8iOZ9k33bkoFFEvMwA20aIr/
xe3p7fygi9eP1EE6qqeYuNNWtv6ySOUIkQ5YS/vAiZpFzBWfF8/cu1O9aPLmBI8/
s+YKoqGMjNlhl+WtODvCEKLczqnbxRRUi2DXNydfMYmzVf80r0dl1W9SZ8rV2ecU
rwLafKuz/9PmSKf+bqC1wAhMSI99Dw+5K5faq7/cAayrs/kim3uTucUQdmORAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUIlq+6uKf6xmp/isoIJtpFgxe7qwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTgwNjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAC5iwMD
BAC5nmkDBAC/ZXAwDQYJKoZIhvcNAQELBQADggEBADsOlmZBphXns7Qw5RjI8bSc
o7MDQxJQXPfY8iZ7Gz1VNwdEWKLQLkIGV7qP3vyfdQFj4g8OytrH7TrbagEBOeK6
ut95vbbrU+DaJRUlE6y4yAsZjo+G8TD/AnA4IRhHf6wd0jcuq6vSSuv2PU5X3b9I
6dWuJ6S9HbC6Kwonrn2ir3VhBbCjr3wRQC7lrv2hMxT02pRIuEEiqb+sjlgyu9ok
eZ+OcILM1QZ1CzSVXzF2zHP1ekesi0JyESndv7sog1ZZjO82vt7x/4j7BwfMxb0W
/XDkrLIxxcomqR6j4rkShQBB/4nsRVD3fbcpdpk7JGJ41UEGjyR8TIAurBfhhyY=
-----END CERTIFICATE-----