Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS60581.roa
File:                     AS60581.roa (raw, json)
Hash identifier:          EzDZ1axuUlzzsKL5Yx2BrR1Y4VU4OJzdOPA6UgR7dtY=
Subject key identifier:   CA:7D:F1:84:97:6D:D6:73:1C:32:EE:99:09:92:5D:DB:F6:C5:1F:3D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5856AD758BCFC85FE9724090F71759DEEFDD3C88
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS60581.roa
Signing time:             Wed 11 Jun 2025 07:25:54 +0000
ROA not before:           Wed 11 Jun 2025 07:20:54 +0000
ROA not after:            Wed 10 Jun 2026 07:25:54 +0000
asID:                     60581
IP address blocks:        2a06:2b87::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 03:55:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:56:ad:75:8b:cf:c8:5f:e9:72:40:90:f7:17:59:de:ef:dd:3c:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 11 07:20:54 2025 GMT
            Not After : Jun 10 07:25:54 2026 GMT
        Subject: CN=CA7DF184976DD6731C32EE9909925DDBF6C51F3D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4c:ab:2e:c3:59:94:2c:9d:38:61:09:18:a3:
                    e6:c7:67:cc:54:80:b8:48:f5:cc:f3:8e:55:a1:00:
                    ea:70:6f:16:7c:7c:d7:cd:77:48:a8:26:a1:17:7c:
                    50:64:83:45:7e:95:21:18:e2:3c:bb:8b:d1:0c:e1:
                    11:16:39:ea:42:30:ac:d1:ed:68:af:8d:e8:a4:0c:
                    c0:7d:d6:6b:23:65:b5:b6:9e:0f:d5:40:9e:08:fb:
                    39:38:5e:46:8f:e1:fa:c9:5b:b7:d5:ae:81:73:ea:
                    a1:6f:73:84:63:e6:69:4a:0c:5b:05:2f:ef:e3:1e:
                    da:20:b5:c5:a8:b1:3f:64:96:68:b3:c2:f5:5f:91:
                    14:f3:8c:2d:96:d4:c5:8e:b9:19:1f:40:99:64:3f:
                    8c:b9:11:bf:67:89:07:ff:02:6f:05:1e:7c:30:0a:
                    44:7f:8c:01:65:17:ea:cb:7e:ea:48:b2:09:6b:44:
                    b9:04:ce:0d:e1:6c:70:a3:6c:ad:14:2b:75:d8:ff:
                    44:cd:b9:b8:0a:1a:46:35:e6:72:e6:34:53:0e:cb:
                    06:97:5a:7f:47:c7:9c:e3:9f:77:3b:5c:29:76:32:
                    2d:8f:a9:fd:01:db:dd:12:e2:87:c3:4c:47:d6:3f:
                    91:53:31:0c:8d:33:34:b6:ed:db:0f:64:4a:c5:da:
                    f3:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:7D:F1:84:97:6D:D6:73:1C:32:EE:99:09:92:5D:DB:F6:C5:1F:3D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS60581.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:2b87::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:99:64:7a:2a:88:6e:7e:f7:1a:d7:a3:fd:a5:19:e0:41:92:
         9b:f8:0e:16:07:6c:9f:3a:22:6a:fe:a2:af:78:95:70:d7:c7:
         f9:90:61:a6:7a:b8:32:ea:c7:c2:c5:dc:10:e9:69:6f:e9:b9:
         73:c5:e7:fd:5e:61:db:86:18:c9:84:21:00:db:f1:98:d3:80:
         24:3c:1e:0e:cd:d2:a1:6d:1b:b3:db:0f:ee:3d:23:07:ad:cf:
         40:cc:1f:5e:43:1b:f2:0b:5f:96:66:51:e2:c8:2a:c8:e1:1a:
         d5:f4:97:3d:ce:5d:52:13:a8:bf:34:0b:c6:13:0e:78:16:f6:
         77:a5:fb:f6:f3:f9:44:1f:83:23:6f:00:53:81:05:d2:f2:47:
         9a:59:df:9e:f9:69:96:a8:b0:12:bc:15:98:52:22:1d:90:49:
         68:67:52:37:ef:a3:6e:2f:88:dc:23:5c:c3:20:fa:21:77:f9:
         4f:20:19:27:5f:c8:b0:b7:3a:19:b6:80:5f:24:50:29:04:b7:
         01:38:27:df:99:c6:a3:0d:e7:6e:f6:5d:03:e9:33:fe:6a:f6:
         7d:9e:17:12:56:21:0d:23:da:d9:9d:67:89:7c:3b:7e:22:c9:
         f6:17:20:c8:2c:a2:0b:19:44:95:81:ff:60:15:c6:cb:2d:e0:
         8e:ac:ee:a9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWFatdYvPyF/pckCQ9xdZ3u/dPIgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTEwNzIwNTRaFw0yNjA2MTAwNzI1NTRaMDMxMTAvBgNV
BAMTKENBN0RGMTg0OTc2REQ2NzMxQzMyRUU5OTA5OTI1RERCRjZDNTFGM0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5TKsuw1mULJ04YQkYo+bHZ8xU
gLhI9czzjlWhAOpwbxZ8fNfNd0ioJqEXfFBkg0V+lSEY4jy7i9EM4REWOepCMKzR
7WivjeikDMB91msjZbW2ng/VQJ4I+zk4XkaP4frJW7fVroFz6qFvc4Rj5mlKDFsF
L+/jHtogtcWosT9klmizwvVfkRTzjC2W1MWOuRkfQJlkP4y5Eb9niQf/Am8FHnww
CkR/jAFlF+rLfupIsglrRLkEzg3hbHCjbK0UK3XY/0TNubgKGkY15nLmNFMOywaX
Wn9Hx5zjn3c7XCl2Mi2Pqf0B290S4ofDTEfWP5FTMQyNMzS27dsPZErF2vNPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyn3xhJdt1nMcMu6ZCZJd2/bFHz0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjA1ODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqBiuH
MA0GCSqGSIb3DQEBCwUAA4IBAQATmWR6Kohufvca16P9pRngQZKb+A4WB2yfOiJq
/qKveJVw18f5kGGmergy6sfCxdwQ6Wlv6blzxef9XmHbhhjJhCEA2/GY04AkPB4O
zdKhbRuz2w/uPSMHrc9AzB9eQxvyC1+WZlHiyCrI4RrV9Jc9zl1SE6i/NAvGEw54
FvZ3pfv28/lEH4MjbwBTgQXS8keaWd+e+WmWqLASvBWYUiIdkEloZ1I376NuL4jc
I1zDIPohd/lPIBknX8iwtzoZtoBfJFApBLcBOCffmcajDedu9l0D6TP+avZ9nhcS
ViENI9rZnWeJfDt+Isn2FyDILKILGUSVgf9gFcbLLeCOrO6p
-----END CERTIFICATE-----