Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS30058.roa
File:                     AS30058.roa (raw, json)
Hash identifier:          1lMB4pTqWMId/sxa5kFRLo6vrPoICbR9l0UZ2cMI//8=
Subject key identifier:   10:40:2A:E1:9B:53:57:63:59:BD:87:19:44:49:DA:3C:4B:81:EE:26
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       3A2209CE73FE6F210252BABA681049F86DB8BD5B
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS30058.roa
Signing time:             Wed 08 Apr 2026 14:15:41 +0000
ROA not before:           Wed 08 Apr 2026 14:10:41 +0000
ROA not after:            Wed 07 Apr 2027 14:15:41 +0000
asID:                     30058
IP address blocks:        178.92.92.0/24 maxlen: 24
                          178.95.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:22:09:ce:73:fe:6f:21:02:52:ba:ba:68:10:49:f8:6d:b8:bd:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr  8 14:10:41 2026 GMT
            Not After : Apr  7 14:15:41 2027 GMT
        Subject: CN=10402AE19B53576359BD87194449DA3C4B81EE26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9b:b6:52:25:f5:53:60:4f:24:a5:d2:80:01:
                    8a:8c:0f:7a:2b:74:67:9a:72:76:d0:90:5e:8e:88:
                    a2:00:cc:1a:a1:ba:90:56:01:b6:22:32:1b:ef:c3:
                    cb:ff:83:8c:52:8a:49:46:a3:3e:ba:c9:92:eb:88:
                    4a:d2:79:02:fa:43:d2:0d:38:b3:b6:77:06:21:70:
                    50:f9:bb:5f:07:66:5e:40:91:95:85:9f:c3:ab:32:
                    ce:be:fa:89:e0:05:cc:23:ab:4f:ac:8d:3c:d1:e8:
                    ab:2c:90:f7:32:80:1a:40:69:a5:7c:62:12:09:13:
                    9e:a7:f8:63:39:ea:fa:66:80:d0:07:9b:2b:98:96:
                    d6:0e:77:57:6d:bf:b3:6f:f6:19:c4:6b:cc:2e:af:
                    8d:ac:ca:cb:32:9b:6d:e6:52:71:ea:64:ab:eb:de:
                    d9:4e:3d:17:59:02:f1:30:06:78:8b:61:fc:c9:10:
                    b6:2b:47:8d:b4:6b:4e:70:57:99:c6:17:07:7f:70:
                    53:7c:c5:ee:e9:bc:a5:9a:00:ac:ff:de:d0:58:17:
                    b4:c1:9b:7b:5f:bc:21:a7:2d:f3:c5:71:e6:c1:19:
                    e4:d0:5d:e7:37:ef:33:d4:f9:1b:e7:a1:a5:db:91:
                    e6:4e:21:fd:d1:37:21:a5:76:a9:4f:28:21:fa:02:
                    15:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:40:2A:E1:9B:53:57:63:59:BD:87:19:44:49:DA:3C:4B:81:EE:26
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS30058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.92.92.0/24
                  178.95.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:1b:92:09:51:5a:52:d9:70:64:ca:3d:d5:09:e1:82:37:d6:
         7a:a7:a8:9d:a1:6e:36:bf:c8:d9:2a:ba:10:1d:ee:18:6a:a4:
         28:53:d5:ba:49:7f:a9:a1:61:36:9e:ad:44:44:c3:11:86:ae:
         22:dd:a7:23:bb:19:7e:78:04:ab:00:ed:fc:79:17:67:f5:8b:
         c5:78:3a:03:6b:c6:a8:a1:4b:55:2f:38:b4:fb:69:f7:05:c7:
         17:21:bb:93:bd:15:9c:69:22:b5:5c:ec:5a:84:75:f9:dc:c3:
         84:a9:97:fd:ce:93:71:89:83:8b:d4:b1:09:03:9b:57:32:66:
         e4:27:c5:96:92:64:b4:ad:c9:6d:96:a7:38:1c:8d:ac:5c:01:
         ef:f5:a9:64:a4:5a:61:26:fd:9a:0f:99:58:fd:ac:05:bb:0a:
         af:b9:45:36:0e:9d:0d:27:b1:b2:de:54:dd:23:34:df:2a:a5:
         01:24:cf:47:9a:db:f9:f7:33:60:62:43:32:a8:f2:0f:9e:92:
         c3:41:5e:24:36:a9:f3:81:74:42:26:2b:3b:5e:e9:d6:92:6e:
         0e:e8:3d:40:8e:11:98:4e:e1:1e:ef:d3:c5:3a:00:44:07:8f:
         bb:39:6e:ea:be:39:20:aa:6b:2d:41:20:36:43:4d:62:0b:a3:
         9d:df:7a:c6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUOiIJznP+byECUrq6aBBJ+G24vVswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MDgxNDEwNDFaFw0yNzA0MDcxNDE1NDFaMDMxMTAvBgNV
BAMTKDEwNDAyQUUxOUI1MzU3NjM1OUJEODcxOTQ0NDlEQTNDNEI4MUVFMjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvm7ZSJfVTYE8kpdKAAYqMD3or
dGeacnbQkF6OiKIAzBqhupBWAbYiMhvvw8v/g4xSiklGoz66yZLriErSeQL6Q9IN
OLO2dwYhcFD5u18HZl5AkZWFn8OrMs6++ongBcwjq0+sjTzR6KsskPcygBpAaaV8
YhIJE56n+GM56vpmgNAHmyuYltYOd1dtv7Nv9hnEa8wur42syssym23mUnHqZKvr
3tlOPRdZAvEwBniLYfzJELYrR420a05wV5nGFwd/cFN8xe7pvKWaAKz/3tBYF7TB
m3tfvCGnLfPFcebBGeTQXec37zPU+RvnoaXbkeZOIf3RNyGldqlPKCH6AhVTAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUEEAq4ZtTV2NZvYcZREnaPEuB7iYwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzAwNTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACyXFwD
BACyX/8wDQYJKoZIhvcNAQELBQADggEBAD8bkglRWlLZcGTKPdUJ4YI31nqnqJ2h
bja/yNkquhAd7hhqpChT1bpJf6mhYTaerUREwxGGriLdpyO7GX54BKsA7fx5F2f1
i8V4OgNrxqihS1UvOLT7afcFxxchu5O9FZxpIrVc7FqEdfncw4Spl/3Ok3GJg4vU
sQkDm1cyZuQnxZaSZLStyW2WpzgcjaxcAe/1qWSkWmEm/ZoPmVj9rAW7Cq+5RTYO
nQ0nsbLeVN0jNN8qpQEkz0ea2/n3M2BiQzKo8g+eksNBXiQ2qfOBdEImKzte6daS
bg7oPUCOEZhO4R7v08U6AEQHj7s5buq+OSCqay1BIDZDTWILo53fesY=
-----END CERTIFICATE-----