Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS36530.roa
File:                     AS36530.roa (raw, json)
Hash identifier:          qQz9wcHxabrpvOvhmqliU2Uvpb/MlRYszFWK/k2Oy1A=
Subject key identifier:   4E:F4:DC:86:97:1E:DC:9F:F6:D8:38:A6:4B:E0:E0:A8:90:66:3B:05
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       5443E0DD58C5F56110B738670A37EAA78BD071C9
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS36530.roa
Signing time:             Tue 15 Apr 2025 23:19:05 +0000
ROA not before:           Tue 15 Apr 2025 23:14:05 +0000
ROA not after:            Tue 14 Apr 2026 23:19:05 +0000
asID:                     36530
IP address blocks:        141.11.108.0/24 maxlen: 24
                          141.11.166.0/24 maxlen: 24
                          141.11.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:43:e0:dd:58:c5:f5:61:10:b7:38:67:0a:37:ea:a7:8b:d0:71:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 15 23:14:05 2025 GMT
            Not After : Apr 14 23:19:05 2026 GMT
        Subject: CN=4EF4DC86971EDC9FF6D838A64BE0E0A890663B05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9b:91:4d:dd:bc:92:d5:23:c8:77:12:de:fb:
                    56:be:d5:25:c1:22:73:a0:e7:b5:9d:84:79:3c:7e:
                    d4:0d:90:96:53:2d:88:f5:09:79:8c:78:78:50:d8:
                    dc:a1:ec:40:f6:1c:55:fe:89:ed:25:ad:f8:29:6e:
                    ae:38:ae:f5:d1:19:4f:f0:af:cf:9a:9a:c9:53:68:
                    eb:ef:40:39:84:17:63:2e:b8:6b:5a:36:40:74:5a:
                    e1:e7:4d:4b:a3:00:7a:e0:95:8d:6d:5e:a6:e3:4f:
                    41:d9:cf:ea:95:8f:ac:30:28:b4:18:45:1e:6e:df:
                    d1:6c:a1:1a:79:2d:63:55:b6:d5:a7:9c:25:3a:f3:
                    43:43:70:fa:57:7e:fb:01:5d:09:cc:16:49:9e:ab:
                    82:17:6a:b7:28:3a:37:5c:5a:2c:52:57:a1:f1:51:
                    8b:a2:18:04:09:a8:89:cd:a7:2d:6e:e7:3f:f1:6b:
                    64:88:ef:f0:1b:94:be:01:83:06:e8:4f:f0:42:f5:
                    37:1e:68:31:5c:91:fa:ec:ec:12:71:20:21:f8:ab:
                    94:dc:2e:7a:a8:a1:4c:60:a1:0c:14:a5:d7:79:25:
                    e7:54:93:1e:e4:7a:89:4d:9b:b6:b1:8d:25:1f:72:
                    9c:d3:49:19:3d:d2:ad:d4:e8:99:6e:ec:21:72:90:
                    e4:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:F4:DC:86:97:1E:DC:9F:F6:D8:38:A6:4B:E0:E0:A8:90:66:3B:05
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS36530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.108.0/24
                  141.11.166.0/24
                  141.11.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:63:d8:a8:70:1c:cc:b0:56:56:c7:08:48:b4:43:9b:a2:b1:
         d1:02:08:8b:d7:9e:9a:8d:97:2f:43:94:d7:76:0a:6e:e5:3e:
         5a:d7:d4:a2:e5:ad:ef:cf:3c:05:fe:89:6c:bf:fb:c5:ca:c3:
         3c:99:ac:35:45:69:73:69:12:8c:dd:73:ff:80:11:4d:13:16:
         d5:8e:7b:11:d9:37:1f:3d:f6:2c:61:e3:ff:33:36:8f:18:f8:
         bf:e7:91:bb:45:50:12:21:f8:e2:8e:6d:4c:4e:f3:63:6e:18:
         48:84:d7:ce:8a:3f:6d:24:2a:0d:d5:40:88:a2:4f:c2:53:c6:
         5b:0b:bb:fb:d9:1f:eb:d4:b9:49:53:a1:0b:93:ce:29:ad:02:
         11:3e:d2:5a:fd:3c:63:62:e7:35:ab:e4:69:68:a9:66:fc:33:
         ec:be:4d:3a:d9:35:d5:80:cf:d0:75:d9:17:e1:c7:9b:3a:34:
         ce:d0:5d:bb:f9:04:d7:28:ab:1d:b0:d9:c6:94:6f:19:a6:b1:
         b4:28:2d:2f:c2:f5:28:1d:8d:d6:ef:c2:81:af:69:23:d5:7b:
         7d:03:a4:af:04:6e:ad:be:b4:55:07:e6:35:45:97:fb:c7:30:
         d5:cc:01:74:0b:76:0d:41:4e:5d:88:ca:b9:5d:86:f2:e3:9b:
         dc:26:8e:72
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUVEPg3VjF9WEQtzhnCjfqp4vQcckwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA0MTUyMzE0MDVaFw0yNjA0MTQyMzE5MDVaMDMxMTAvBgNV
BAMTKDRFRjREQzg2OTcxRURDOUZGNkQ4MzhBNjRCRTBFMEE4OTA2NjNCMDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6m5FN3byS1SPIdxLe+1a+1SXB
InOg57WdhHk8ftQNkJZTLYj1CXmMeHhQ2Nyh7ED2HFX+ie0lrfgpbq44rvXRGU/w
r8+amslTaOvvQDmEF2MuuGtaNkB0WuHnTUujAHrglY1tXqbjT0HZz+qVj6wwKLQY
RR5u39FsoRp5LWNVttWnnCU680NDcPpXfvsBXQnMFkmeq4IXarcoOjdcWixSV6Hx
UYuiGAQJqInNpy1u5z/xa2SI7/AblL4BgwboT/BC9TceaDFckfrs7BJxICH4q5Tc
LnqooUxgoQwUpdd5JedUkx7keolNm7axjSUfcpzTSRk90q3U6Jlu7CFykOT7AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUTvTchpce3J/22DimS+DgqJBmOwUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzY1MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACNC2wD
BACNC6YDBACNC/AwDQYJKoZIhvcNAQELBQADggEBACtj2KhwHMywVlbHCEi0Q5ui
sdECCIvXnpqNly9DlNd2Cm7lPlrX1KLlre/PPAX+iWy/+8XKwzyZrDVFaXNpEozd
c/+AEU0TFtWOexHZNx899ixh4/8zNo8Y+L/nkbtFUBIh+OKObUxO82NuGEiE186K
P20kKg3VQIiiT8JTxlsLu/vZH+vUuUlToQuTzimtAhE+0lr9PGNi5zWr5GloqWb8
M+y+TTrZNdWAz9B12Rfhx5s6NM7QXbv5BNcoqx2w2caUbxmmsbQoLS/C9Sgdjdbv
woGvaSPVe30DpK8Ebq2+tFUH5jVFl/vHMNXMAXQLdg1BTl2IyrldhvLjm9wmjnI=
-----END CERTIFICATE-----