Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS15830.roa
File:                     AS15830.roa (raw, json)
Hash identifier:          0bBQRVoakmG0+llzutXS78AzqLHdIc2cFFI7Hu1U2uM=
Subject key identifier:   5B:C1:BF:F9:17:8A:F2:86:5C:FC:7E:65:91:81:1B:40:C2:E4:E8:EF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6350F6B8EE4E7ADDCF62E45DBD1733A1A9BD7A7D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS15830.roa
Signing time:             Wed 03 Jun 2026 10:47:25 +0000
ROA not before:           Wed 03 Jun 2026 10:42:25 +0000
ROA not after:            Wed 02 Jun 2027 10:47:25 +0000
asID:                     15830
IP address blocks:        45.95.36.0/24 maxlen: 24
                          85.209.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 14:59:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:50:f6:b8:ee:4e:7a:dd:cf:62:e4:5d:bd:17:33:a1:a9:bd:7a:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun  3 10:42:25 2026 GMT
            Not After : Jun  2 10:47:25 2027 GMT
        Subject: CN=5BC1BFF9178AF2865CFC7E6591811B40C2E4E8EF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:56:d6:5e:fe:a4:5a:b5:b1:59:35:08:a6:70:
                    d7:b3:aa:06:e9:ff:0e:14:13:dd:31:3d:96:a1:af:
                    6b:f0:c0:69:ed:24:2b:ba:49:a8:c3:97:9c:5b:34:
                    0f:04:06:f7:de:5d:17:68:d3:56:3d:df:84:fb:68:
                    dc:b6:59:7b:c7:32:9d:36:88:7c:50:bd:47:72:b2:
                    1e:13:b4:89:68:ec:80:e5:81:b7:56:43:63:f3:f1:
                    8f:fc:4a:32:4f:87:41:4f:ee:ce:f4:c9:98:31:fb:
                    31:12:98:1b:b1:b1:66:3b:16:53:65:2f:7e:8f:a2:
                    81:94:bf:19:3d:8b:4d:34:03:01:58:f1:6e:e5:0b:
                    35:52:af:7c:c6:3a:81:17:3f:17:52:4e:8e:dd:bd:
                    38:0a:53:bb:b7:df:7f:00:9f:a9:2a:52:cc:5a:7a:
                    9d:fa:e3:95:b9:c5:9f:7f:4b:22:d9:e5:ce:f4:a0:
                    02:45:25:6d:87:29:90:ae:fd:6c:ce:15:38:32:14:
                    59:d3:99:b1:a5:01:12:cf:81:11:87:22:75:9f:75:
                    a1:ae:92:cf:eb:b7:a1:8c:d5:f2:d3:5f:30:45:d3:
                    e4:d3:19:15:9b:7c:95:f0:81:8b:0a:60:e3:5b:03:
                    14:5a:7d:d1:4e:89:40:6c:35:2c:cc:98:1e:64:c4:
                    96:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:C1:BF:F9:17:8A:F2:86:5C:FC:7E:65:91:81:1B:40:C2:E4:E8:EF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS15830.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.36.0/24
                  85.209.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:23:38:de:a4:7d:e4:e3:0d:8a:8c:a5:d0:df:84:a4:bb:a7:
         05:b9:c4:d4:99:bc:cb:f6:3a:9d:5d:88:d7:b3:e9:a1:9f:d8:
         dd:4b:f9:62:a4:bf:5b:9b:30:cd:3f:24:0d:fe:7d:9d:fd:bd:
         1a:9b:b9:e6:79:5a:79:e3:bd:90:2f:d1:3e:f6:2e:f1:fa:1f:
         51:e8:de:ea:dc:3b:64:02:5e:32:6b:b8:7e:cd:48:fa:01:8c:
         db:6b:0a:e0:1c:d8:40:59:11:4c:1c:bd:78:c7:00:92:52:8f:
         8f:7e:3c:1c:b4:77:04:92:7e:6f:4d:d7:86:28:39:ce:fe:78:
         5a:3a:19:a5:fe:1b:d1:62:03:ae:2e:a9:86:fa:80:b9:85:f1:
         d0:e1:7a:7e:9e:5a:e5:df:55:a6:d0:13:cc:d9:c8:15:64:7f:
         bf:24:08:a3:21:dd:a2:19:2e:22:2c:7b:71:23:02:c2:99:62:
         22:78:6d:b7:0e:ad:4e:2c:b5:57:9d:12:93:62:8b:02:2f:56:
         0b:ab:8a:5b:02:53:78:51:67:52:11:5c:0f:90:23:b0:f8:d8:
         62:40:65:13:c4:42:55:50:39:c4:7d:52:8c:71:8c:93:fd:50:
         1a:03:40:06:2e:4f:38:4d:b6:34:09:5c:1d:94:55:92:d0:64:
         95:dd:69:a2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUY1D2uO5Oet3PYuRdvRczoam9en0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MDMxMDQyMjVaFw0yNzA2MDIxMDQ3MjVaMDMxMTAvBgNV
BAMTKDVCQzFCRkY5MTc4QUYyODY1Q0ZDN0U2NTkxODExQjQwQzJFNEU4RUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7VtZe/qRatbFZNQimcNezqgbp
/w4UE90xPZahr2vwwGntJCu6SajDl5xbNA8EBvfeXRdo01Y934T7aNy2WXvHMp02
iHxQvUdysh4TtIlo7IDlgbdWQ2Pz8Y/8SjJPh0FP7s70yZgx+zESmBuxsWY7FlNl
L36PooGUvxk9i000AwFY8W7lCzVSr3zGOoEXPxdSTo7dvTgKU7u3338An6kqUsxa
ep3645W5xZ9/SyLZ5c70oAJFJW2HKZCu/WzOFTgyFFnTmbGlARLPgRGHInWfdaGu
ks/rt6GM1fLTXzBF0+TTGRWbfJXwgYsKYONbAxRafdFOiUBsNSzMmB5kxJaRAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUW8G/+ReK8oZc/H5lkYEbQMLk6O8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTU4MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtXyQD
BABV0bIwDQYJKoZIhvcNAQELBQADggEBAEsjON6kfeTjDYqMpdDfhKS7pwW5xNSZ
vMv2Op1diNez6aGf2N1L+WKkv1ubMM0/JA3+fZ39vRqbueZ5WnnjvZAv0T72LvH6
H1Ho3urcO2QCXjJruH7NSPoBjNtrCuAc2EBZEUwcvXjHAJJSj49+PBy0dwSSfm9N
14YoOc7+eFo6GaX+G9FiA64uqYb6gLmF8dDhen6eWuXfVabQE8zZyBVkf78kCKMh
3aIZLiIse3EjAsKZYiJ4bbcOrU4stVedEpNiiwIvVgurilsCU3hRZ1IRXA+QI7D4
2GJAZRPEQlVQOcR9UoxxjJP9UBoDQAYuTzhNtjQJXB2UVZLQZJXdaaI=
-----END CERTIFICATE-----