Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS36530.roa
File:                     AS36530.roa (raw, json)
Hash identifier:          sMwDINUP5OfmnL5e0cnPdupz5DIyJb7yreaCGlt01II=
Subject key identifier:   9E:D3:5D:44:D8:71:EE:95:02:68:AE:9A:8B:96:30:E5:34:DD:DB:E2
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       47C9F45820AFCA9F48A88D5352987522BC9DF81F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS36530.roa
Signing time:             Sat 24 May 2025 00:01:59 +0000
ROA not before:           Fri 23 May 2025 23:56:59 +0000
ROA not after:            Sat 23 May 2026 00:01:59 +0000
asID:                     36530
IP address blocks:        96.62.103.0/24 maxlen: 24
                          96.62.115.0/24 maxlen: 24
                          148.135.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:c9:f4:58:20:af:ca:9f:48:a8:8d:53:52:98:75:22:bc:9d:f8:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 23 23:56:59 2025 GMT
            Not After : May 23 00:01:59 2026 GMT
        Subject: CN=9ED35D44D871EE950268AE9A8B9630E534DDDBE2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:07:9e:1b:bb:57:fb:f2:12:1d:29:15:c1:f9:
                    9d:e5:e9:6b:f5:49:b6:1b:6e:38:1b:69:29:10:46:
                    1c:6f:de:b4:2c:cc:95:2d:80:4f:b3:90:36:20:b2:
                    ca:29:93:5f:7e:44:f2:43:43:cb:c2:9f:4a:e9:c9:
                    9e:19:b8:d7:60:25:f7:48:67:32:ce:b9:fc:62:a9:
                    1b:41:f5:4e:7e:28:af:8b:ed:f8:3c:51:f3:ce:48:
                    8f:6d:10:4d:ec:3c:55:61:81:54:57:4f:fc:79:4c:
                    d3:3a:35:7d:ba:b2:39:7a:e8:62:7f:fc:79:45:c9:
                    3d:f6:b0:d4:90:a2:9f:1d:6c:01:14:6e:9b:f3:bb:
                    db:ca:d6:e6:ce:be:c4:ad:d2:bd:74:3a:07:91:6b:
                    62:a2:cb:c9:96:bd:15:a4:18:84:ad:37:38:da:90:
                    12:7a:8d:2b:6d:97:72:10:63:e4:b6:84:36:3c:9e:
                    78:78:0a:d9:97:a5:3c:13:a1:59:42:f8:09:32:ef:
                    74:f8:a5:8e:36:c6:27:82:b4:f6:fd:42:af:1f:e0:
                    48:e9:32:9c:1f:ba:de:b0:9f:21:ab:25:70:bc:ba:
                    a1:cd:c4:c1:3b:66:2d:b8:e6:04:b1:93:ac:e1:af:
                    a1:84:34:0e:07:b7:61:80:b9:a0:f2:d5:75:c2:7b:
                    9d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:D3:5D:44:D8:71:EE:95:02:68:AE:9A:8B:96:30:E5:34:DD:DB:E2
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS36530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.103.0/24
                  96.62.115.0/24
                  148.135.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:fa:3d:8c:40:3c:bd:d7:07:c6:e1:9b:f2:2c:06:3b:7b:fa:
         70:42:fb:ff:42:12:c1:62:cb:9b:ce:c2:69:89:74:24:3a:1e:
         b8:e2:8e:d3:a0:07:10:24:08:3b:80:ec:cf:d6:11:1b:57:a2:
         a7:3c:74:22:2a:09:cb:65:a6:09:17:06:0d:08:4c:c7:2e:3e:
         ce:1f:81:eb:00:a7:4c:90:d7:df:f8:82:d8:2a:0f:98:4d:ad:
         0e:8d:89:36:26:a3:63:2c:9a:c4:3c:b6:05:51:1a:e8:87:8b:
         fc:7e:a0:e9:64:5c:af:42:60:fa:1f:45:58:1f:b4:f0:93:9d:
         f4:8a:0d:66:04:3a:4f:27:11:2c:40:5e:45:97:96:6e:6c:ba:
         bb:e6:bd:3d:3d:73:69:07:80:e6:73:e9:3c:a6:a1:3c:7f:d4:
         98:f4:08:48:b0:7b:67:d9:9d:0a:9c:73:47:4d:0e:be:0d:69:
         4a:0b:f5:12:b3:75:67:eb:e9:bf:1b:0f:c4:53:19:d8:c4:d0:
         a4:9c:47:f1:be:d9:ad:3b:62:c0:fc:9b:b6:9c:91:d3:e5:b8:
         46:19:ec:f1:58:2e:65:0d:93:e0:13:6c:00:c9:a8:c7:b2:40:
         85:f6:b5:42:be:b1:61:08:80:99:57:99:79:f8:d6:73:09:60:
         fa:5d:46:f5
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUR8n0WCCvyp9IqI1TUph1Iryd+B8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MjMyMzU2NTlaFw0yNjA1MjMwMDAxNTlaMDMxMTAvBgNV
BAMTKDlFRDM1RDQ0RDg3MUVFOTUwMjY4QUU5QThCOTYzMEU1MzRERERCRTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoB54bu1f78hIdKRXB+Z3l6Wv1
SbYbbjgbaSkQRhxv3rQszJUtgE+zkDYgssopk19+RPJDQ8vCn0rpyZ4ZuNdgJfdI
ZzLOufxiqRtB9U5+KK+L7fg8UfPOSI9tEE3sPFVhgVRXT/x5TNM6NX26sjl66GJ/
/HlFyT32sNSQop8dbAEUbpvzu9vK1ubOvsSt0r10OgeRa2Kiy8mWvRWkGIStNzja
kBJ6jSttl3IQY+S2hDY8nnh4CtmXpTwToVlC+Aky73T4pY42xieCtPb9Qq8f4Ejp
Mpwfut6wnyGrJXC8uqHNxME7Zi245gSxk6zhr6GENA4Ht2GAuaDy1XXCe50HAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUntNdRNhx7pUCaK6ai5Yw5TTd2+IwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzY1MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABgPmcD
BABgPnMDBACUh7UwDQYJKoZIhvcNAQELBQADggEBALH6PYxAPL3XB8bhm/IsBjt7
+nBC+/9CEsFiy5vOwmmJdCQ6HrjijtOgBxAkCDuA7M/WERtXoqc8dCIqCctlpgkX
Bg0ITMcuPs4fgesAp0yQ19/4gtgqD5hNrQ6NiTYmo2MsmsQ8tgVRGuiHi/x+oOlk
XK9CYPofRVgftPCTnfSKDWYEOk8nESxAXkWXlm5survmvT09c2kHgOZz6TymoTx/
1Jj0CEiwe2fZnQqcc0dNDr4NaUoL9RKzdWfr6b8bD8RTGdjE0KScR/G+2a07YsD8
m7ackdPluEYZ7PFYLmUNk+ATbADJqMeyQIX2tUK+sWEIgJlXmXn41nMJYPpdRvU=
-----END CERTIFICATE-----