Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
File:                     AS30058.roa (raw, json)
Hash identifier:          AIceap6+Q0ZhllMEvkEa/8SUKWiZGazZcbYMrkUaUUA=
Subject key identifier:   54:2A:2B:B3:08:C8:C6:88:01:B9:B5:1B:04:19:E2:D7:05:93:0F:7B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       28D123F2B2C4D324C0FAF387E263BD3B7F8D38C9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
Signing time:             Tue 05 Mar 2024 15:01:09 +0000
ROA not before:           Tue 05 Mar 2024 14:56:09 +0000
ROA not after:            Tue 04 Mar 2025 15:01:09 +0000
asID:                     30058
IP address blocks:        179.61.239.0/24 maxlen: 24
                          181.215.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:d1:23:f2:b2:c4:d3:24:c0:fa:f3:87:e2:63:bd:3b:7f:8d:38:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar  5 14:56:09 2024 GMT
            Not After : Mar  4 15:01:09 2025 GMT
        Subject: CN=542A2BB308C8C68801B9B51B0419E2D705930F7B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:3a:8a:d2:66:b0:a3:3a:99:24:2e:e7:35:d9:
                    fe:9a:c3:41:d4:9e:fe:fd:4a:da:99:12:29:ee:a8:
                    91:af:36:af:28:e9:54:55:5e:27:bc:f9:45:a3:d0:
                    46:09:ac:b2:11:b9:0e:ad:d0:93:70:eb:9e:59:b6:
                    de:5f:cc:86:d0:6e:3e:37:2f:1a:bb:0c:80:f2:8f:
                    40:e2:fc:08:9f:8d:75:92:2e:e7:8f:d9:de:53:bc:
                    26:8f:76:ff:f3:1f:03:bf:06:93:be:2d:bb:c3:6a:
                    c6:33:2e:e1:24:fe:63:fc:83:30:76:00:c0:e9:b6:
                    7a:99:66:c8:95:e8:d9:ac:73:b4:fa:63:37:94:50:
                    6c:5d:11:d8:ba:20:14:15:1b:6a:01:83:e1:f7:4f:
                    3c:b0:74:14:b7:af:3d:18:27:1d:a6:42:3a:22:bc:
                    ac:96:a1:f8:4a:21:de:de:f3:24:7d:45:5d:20:47:
                    2a:74:00:03:04:06:ed:a5:59:f1:3b:6c:1e:b6:c8:
                    b8:87:4d:fb:b5:15:01:69:48:e6:b1:8d:f7:91:f2:
                    55:b3:93:d7:7b:6c:a5:c8:00:70:95:78:b8:95:0d:
                    ca:1a:e3:65:59:ac:d5:15:e5:e3:ee:be:3b:c4:38:
                    84:1f:df:21:39:8e:97:18:f9:69:d7:6e:e2:90:37:
                    37:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:2A:2B:B3:08:C8:C6:88:01:B9:B5:1B:04:19:E2:D7:05:93:0F:7B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.239.0/24
                  181.215.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:ec:5b:05:d1:fb:a8:1d:03:f5:df:fb:88:65:4a:64:47:ab:
         99:74:0a:e6:b8:35:1d:c0:89:ca:18:8d:11:8d:1f:c1:0a:4e:
         69:0f:11:c0:fb:aa:be:58:af:67:7f:85:ba:2a:86:8c:84:c2:
         d5:20:29:75:c8:5d:55:6e:5b:69:d6:7d:9f:cd:95:0e:91:38:
         f6:8e:84:13:67:1c:45:f1:91:a6:1c:b9:4e:71:04:6d:6d:04:
         fe:80:6a:41:c2:a8:1d:2f:90:3c:95:50:35:ec:df:b7:df:d4:
         d8:2d:72:df:10:fe:a8:8a:74:28:9e:0b:a4:19:a0:b1:ad:4c:
         72:80:5f:57:67:50:79:b4:90:05:5e:d6:4f:82:00:b0:fc:26:
         81:57:fe:8c:81:2e:c0:d5:d7:56:e2:54:72:f4:24:ad:ae:56:
         16:9f:f2:b3:10:0c:97:c2:1b:a0:c0:d7:cd:46:f1:d0:82:59:
         6f:61:49:17:db:39:e6:1f:a1:93:88:4c:1a:2a:00:3e:51:57:
         98:be:b4:59:fa:7d:7a:4b:fa:c0:23:0f:70:b5:f6:ac:f4:c0:
         28:25:0c:b4:9c:fc:40:fd:5a:1f:cb:7f:ee:d8:41:0f:82:76:
         6e:6a:f6:02:27:27:ab:0e:8e:d8:c7:bc:6e:75:3d:a8:be:a1:
         34:33:04:74
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUKNEj8rLE0yTA+vOH4mO9O3+NOMkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAzMDUxNDU2MDlaFw0yNTAzMDQxNTAxMDlaMDMxMTAvBgNV
BAMTKDU0MkEyQkIzMDhDOEM2ODgwMUI5QjUxQjA0MTlFMkQ3MDU5MzBGN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPOorSZrCjOpkkLuc12f6aw0HU
nv79StqZEinuqJGvNq8o6VRVXie8+UWj0EYJrLIRuQ6t0JNw655Ztt5fzIbQbj43
Lxq7DIDyj0Di/AifjXWSLueP2d5TvCaPdv/zHwO/BpO+LbvDasYzLuEk/mP8gzB2
AMDptnqZZsiV6Nmsc7T6YzeUUGxdEdi6IBQVG2oBg+H3TzywdBS3rz0YJx2mQjoi
vKyWofhKId7e8yR9RV0gRyp0AAMEBu2lWfE7bB62yLiHTfu1FQFpSOaxjfeR8lWz
k9d7bKXIAHCVeLiVDcoa42VZrNUV5ePuvjvEOIQf3yE5jpcY+WnXbuKQNzddAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUVCorswjIxogBubUbBBni1wWTD3swHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzAwNTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACzPe8D
BAC111gwDQYJKoZIhvcNAQELBQADggEBAIXsWwXR+6gdA/Xf+4hlSmRHq5l0Cua4
NR3AicoYjRGNH8EKTmkPEcD7qr5Yr2d/hboqhoyEwtUgKXXIXVVuW2nWfZ/NlQ6R
OPaOhBNnHEXxkaYcuU5xBG1tBP6AakHCqB0vkDyVUDXs37ff1Ngtct8Q/qiKdCie
C6QZoLGtTHKAX1dnUHm0kAVe1k+CALD8JoFX/oyBLsDV11biVHL0JK2uVhaf8rMQ
DJfCG6DA181G8dCCWW9hSRfbOeYfoZOITBoqAD5RV5i+tFn6fXpL+sAjD3C19qz0
wCglDLSc/ED9Wh/Lf+7YQQ+Cdm5q9gInJ6sOjtjHvG51Pai+oTQzBHQ=
-----END CERTIFICATE-----