Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS36530.roa
File:                     AS36530.roa (raw, json)
Hash identifier:          0PRzYmhcVDFCcBpXMGkPobDwSuWEpZqQaxh6T1vWtyU=
Subject key identifier:   F7:CE:4D:A8:01:AD:3B:0D:56:24:69:9C:5E:76:BD:1E:13:29:03:00
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0F97D233818F2B6AACA3E0764EE6FA9B2E30CC53
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS36530.roa
Signing time:             Sun 27 Jul 2025 09:29:33 +0000
ROA not before:           Sun 27 Jul 2025 09:24:33 +0000
ROA not after:            Sun 26 Jul 2026 09:29:33 +0000
asID:                     36530
IP address blocks:        141.11.108.0/24 maxlen: 24
                          141.11.140.0/24 maxlen: 24
                          141.11.141.0/24 maxlen: 24
                          141.11.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 01:12:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:97:d2:33:81:8f:2b:6a:ac:a3:e0:76:4e:e6:fa:9b:2e:30:cc:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jul 27 09:24:33 2025 GMT
            Not After : Jul 26 09:29:33 2026 GMT
        Subject: CN=F7CE4DA801AD3B0D5624699C5E76BD1E13290300
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4f:a7:c1:95:f8:d1:08:36:7d:84:55:af:15:
                    0f:b0:13:50:5e:06:67:1a:4c:53:b7:3d:ea:33:d0:
                    50:d9:37:f2:f4:6e:49:8f:b1:44:c7:4f:dc:5a:de:
                    3c:79:e1:07:31:7f:b5:05:a3:4c:38:a8:50:1f:9f:
                    44:b0:dc:fa:7a:fe:c7:b8:5d:2a:0d:06:3c:f0:66:
                    5a:c4:23:b6:71:7a:3a:72:1e:fd:27:8b:62:4e:2e:
                    9c:8c:ef:2c:59:da:c2:30:e8:93:e5:73:b8:97:5b:
                    71:6e:76:c1:c2:ed:6e:fc:0b:23:b7:af:84:7e:44:
                    ef:0f:f6:b0:cb:d7:6c:6e:d0:80:1c:68:71:30:b9:
                    1e:76:b7:47:6b:86:c8:2f:56:90:05:15:e1:2e:36:
                    72:33:f5:2f:b9:ce:ea:ba:14:83:e3:4a:05:d3:ae:
                    28:12:e4:b4:8e:36:a6:f6:dd:56:ad:10:5e:0b:e8:
                    58:b0:c5:d1:b6:b3:58:a1:8d:8a:47:55:24:bf:9b:
                    bb:21:4c:69:0e:69:38:18:5f:f7:3b:bd:b1:14:5b:
                    a8:0f:bd:19:0b:49:27:fa:e5:bf:3b:04:38:63:e9:
                    0d:d3:90:8a:6c:66:ab:2c:81:e1:c6:b1:a3:1f:cf:
                    7f:0b:e5:f8:a0:ff:d6:a8:80:82:b2:01:1b:e7:35:
                    64:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:CE:4D:A8:01:AD:3B:0D:56:24:69:9C:5E:76:BD:1E:13:29:03:00
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS36530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.108.0/24
                  141.11.140.0/23
                  141.11.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:27:27:9b:f9:1a:1d:29:77:f4:7a:29:a2:4e:c9:b3:0e:e4:
         de:5b:cb:b2:66:d8:34:50:e0:07:df:60:22:6a:93:fd:59:96:
         98:47:23:a3:0d:e3:f3:80:ab:78:b9:65:52:a5:95:ac:e5:10:
         8a:62:6a:71:6d:3a:78:11:ee:f3:cb:56:d9:10:69:af:95:d3:
         d2:22:fe:52:b8:c8:0e:7c:49:eb:bd:6b:a8:a8:a1:60:17:b8:
         6a:c2:6c:4b:dd:0f:41:da:63:57:ab:01:6b:f9:6a:a4:f4:eb:
         c3:5d:c8:8b:b2:c2:eb:bf:12:15:d1:58:ba:bd:fb:e4:8e:3f:
         23:21:c9:c4:91:e9:92:24:6a:52:19:12:90:df:7d:3d:36:50:
         63:f0:44:ad:cf:bf:2f:0f:61:13:6d:f6:1f:1c:f1:2f:6b:e6:
         12:f1:c1:7c:35:f6:8a:99:ae:8e:9b:1c:d0:5f:3d:c9:26:cb:
         e1:b5:1b:97:a0:fa:84:c5:4d:a4:46:f5:36:6b:ef:f3:71:25:
         59:e0:af:c3:0e:6c:40:eb:21:74:ec:f7:f5:a8:3d:5d:84:e9:
         c0:eb:7f:b2:89:54:97:ef:70:de:6e:5f:88:a5:af:c6:77:f4:
         19:9a:96:a2:98:e2:df:f7:5b:8d:0d:0a:d9:c8:ae:fb:61:f2:
         e0:2e:1e:5b
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUD5fSM4GPK2qso+B2Tub6my4wzFMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA3MjcwOTI0MzNaFw0yNjA3MjYwOTI5MzNaMDMxMTAvBgNV
BAMTKEY3Q0U0REE4MDFBRDNCMEQ1NjI0Njk5QzVFNzZCRDFFMTMyOTAzMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmT6fBlfjRCDZ9hFWvFQ+wE1Be
BmcaTFO3Peoz0FDZN/L0bkmPsUTHT9xa3jx54Qcxf7UFo0w4qFAfn0Sw3Pp6/se4
XSoNBjzwZlrEI7ZxejpyHv0ni2JOLpyM7yxZ2sIw6JPlc7iXW3FudsHC7W78CyO3
r4R+RO8P9rDL12xu0IAcaHEwuR52t0drhsgvVpAFFeEuNnIz9S+5zuq6FIPjSgXT
rigS5LSONqb23VatEF4L6FiwxdG2s1ihjYpHVSS/m7shTGkOaTgYX/c7vbEUW6gP
vRkLSSf65b87BDhj6Q3TkIpsZqssgeHGsaMfz38L5fig/9aogIKyARvnNWQVAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU985NqAGtOw1WJGmcXna9HhMpAwAwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzY1MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACNC2wD
BAGNC4wDBACNC/AwDQYJKoZIhvcNAQELBQADggEBAMInJ5v5Gh0pd/R6KaJOybMO
5N5by7Jm2DRQ4AffYCJqk/1ZlphHI6MN4/OAq3i5ZVKllazlEIpianFtOngR7vPL
VtkQaa+V09Ii/lK4yA58Seu9a6iooWAXuGrCbEvdD0HaY1erAWv5aqT068NdyIuy
wuu/EhXRWLq9++SOPyMhycSR6ZIkalIZEpDffT02UGPwRK3Pvy8PYRNt9h8c8S9r
5hLxwXw19oqZro6bHNBfPckmy+G1G5eg+oTFTaRG9TZr7/NxJVngr8MObEDrIXTs
9/WoPV2E6cDrf7KJVJfvcN5uX4ilr8Z39BmalqKY4t/3W40NCtnIrvth8uAuHls=
-----END CERTIFICATE-----