Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
File:                     AS30058.roa (raw, json)
Hash identifier:          JwVE2xcezFzaxgSnZ7GMapln7njHETqfCCchZr33KLw=
Subject key identifier:   3F:B7:B1:A7:C8:8B:FC:FD:12:55:85:B9:37:47:90:97:D3:D1:60:D6
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       C7694DA0FD0891CB944B946EDC48F3D5DDF043
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa
Signing time:             Mon 23 Dec 2024 15:17:39 +0000
ROA not before:           Mon 23 Dec 2024 15:12:39 +0000
ROA not after:            Mon 22 Dec 2025 15:17:39 +0000
asID:                     30058
IP address blocks:        45.89.249.0/24 maxlen: 24
                          179.61.239.0/24 maxlen: 24
                          181.215.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            c7:69:4d:a0:fd:08:91:cb:94:4b:94:6e:dc:48:f3:d5:dd:f0:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 23 15:12:39 2024 GMT
            Not After : Dec 22 15:17:39 2025 GMT
        Subject: CN=3FB7B1A7C88BFCFD125585B937479097D3D160D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f6:0b:f6:8d:22:12:34:94:f4:3e:65:a2:de:
                    ab:8c:ef:0f:c6:af:c4:e1:0f:fd:b6:bc:3a:29:24:
                    93:2f:2c:6d:b0:13:19:50:bf:8e:46:40:9a:a2:19:
                    c7:55:77:7f:30:2a:4d:60:3c:14:06:4c:18:bc:ef:
                    26:66:e9:7f:7c:91:37:d4:9e:c2:86:39:ad:5e:f6:
                    98:82:e9:69:b5:ed:4d:51:77:10:15:76:80:a0:41:
                    3b:b7:4c:a6:47:58:2e:46:d1:bd:e0:f6:19:92:06:
                    c9:27:e9:56:c1:8b:3c:b8:37:ef:8b:29:83:31:d3:
                    7a:79:99:94:bd:85:df:03:46:74:b9:ff:9a:be:fb:
                    11:ae:c8:11:d8:35:77:f7:67:92:6f:e8:24:6b:41:
                    97:03:f5:23:a4:ad:ff:7c:11:63:1b:2b:11:d2:70:
                    7e:b0:d5:ab:14:9a:03:ca:81:0e:f4:a6:72:b4:89:
                    d9:b4:7a:0d:05:fc:92:52:f4:c9:17:b2:4e:07:e7:
                    e9:cb:40:bb:38:b5:c6:40:ff:09:f7:20:42:1d:c6:
                    c6:11:2b:70:62:ee:9d:b4:07:8e:33:0f:51:06:4a:
                    c2:9e:96:02:a0:59:28:2b:24:1d:c1:dc:7f:1e:10:
                    4d:1c:d9:d5:7e:c3:80:04:94:a0:bd:ef:e7:55:e8:
                    69:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:B7:B1:A7:C8:8B:FC:FD:12:55:85:B9:37:47:90:97:D3:D1:60:D6
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.249.0/24
                  179.61.239.0/24
                  181.215.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:ca:eb:6c:6f:82:8d:af:0d:79:87:3f:46:30:fb:9f:ca:49:
         f4:f3:83:c4:b2:71:f5:c0:ba:3e:67:2a:ab:e2:6c:35:69:29:
         03:8a:40:17:d5:b8:88:fc:09:79:a5:cf:eb:75:cf:21:85:07:
         32:f8:ce:9d:be:85:1c:54:17:0d:9e:76:c5:74:13:20:64:55:
         95:fb:2d:07:00:45:70:d6:23:32:22:ee:57:4e:d8:42:b5:b2:
         9e:f5:72:40:cf:ff:08:72:c5:13:26:df:65:1d:ab:32:62:e3:
         6c:ef:89:d0:69:28:56:3f:9e:4a:44:a2:ae:a9:86:32:2e:46:
         ae:ba:44:31:5c:1d:91:c3:5f:27:31:7f:d6:58:a2:db:0d:31:
         75:3d:63:05:9c:52:63:07:be:78:65:80:e1:c0:10:b8:f6:c8:
         70:c0:9d:1d:07:67:e2:9f:42:a5:d8:7c:a8:84:c8:ec:3f:36:
         7b:4f:fc:29:07:ac:9d:0f:67:41:e1:66:ed:50:3b:64:49:d5:
         8a:ff:85:f2:ad:c8:a8:c7:0f:06:0b:93:bf:8d:0a:f6:41:fb:
         de:1e:10:cd:6a:4f:83:f1:63:78:27:7d:c2:59:4b:66:da:ba:
         06:5b:21:59:58:04:94:17:b8:a2:a9:d1:96:f0:39:70:14:e6:
         56:10:c3:33
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUAMdpTaD9CJHLlEuUbtxI89Xd8EMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEyMjMxNTEyMzlaFw0yNTEyMjIxNTE3MzlaMDMxMTAvBgNV
BAMTKDNGQjdCMUE3Qzg4QkZDRkQxMjU1ODVCOTM3NDc5MDk3RDNEMTYwRDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU9gv2jSISNJT0PmWi3quM7w/G
r8ThD/22vDopJJMvLG2wExlQv45GQJqiGcdVd38wKk1gPBQGTBi87yZm6X98kTfU
nsKGOa1e9piC6Wm17U1RdxAVdoCgQTu3TKZHWC5G0b3g9hmSBskn6VbBizy4N++L
KYMx03p5mZS9hd8DRnS5/5q++xGuyBHYNXf3Z5Jv6CRrQZcD9SOkrf98EWMbKxHS
cH6w1asUmgPKgQ70pnK0idm0eg0F/JJS9MkXsk4H5+nLQLs4tcZA/wn3IEIdxsYR
K3Bi7p20B44zD1EGSsKelgKgWSgrJB3B3H8eEE0c2dV+w4AElKC97+dV6GlXAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUP7exp8iL/P0SVYW5N0eQl9PRYNYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzAwNTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAAtWfkD
BACzPe8DBAC111gwDQYJKoZIhvcNAQELBQADggEBAEzK62xvgo2vDXmHP0Yw+5/K
SfTzg8SycfXAuj5nKqvibDVpKQOKQBfVuIj8CXmlz+t1zyGFBzL4zp2+hRxUFw2e
dsV0EyBkVZX7LQcARXDWIzIi7ldO2EK1sp71ckDP/whyxRMm32UdqzJi42zvidBp
KFY/nkpEoq6phjIuRq66RDFcHZHDXycxf9ZYotsNMXU9YwWcUmMHvnhlgOHAELj2
yHDAnR0HZ+KfQqXYfKiEyOw/NntP/CkHrJ0PZ0HhZu1QO2RJ1Yr/hfKtyKjHDwYL
k7+NCvZB+94eEM1qT4PxY3gnfcJZS2baugZbIVlYBJQXuKKp0ZbwOXAU5lYQwzM=
-----END CERTIFICATE-----