Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36530.roa
File:                     AS36530.roa (raw, json)
Hash identifier:          XTpyQtwGutb02jtev0q/5JUcaUmdNcFEK/hoeB2fQt4=
Subject key identifier:   BA:9C:F6:A4:38:ED:2E:C9:39:D1:03:98:41:25:DB:18:B1:EB:23:B6
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7FC49C413C119D51248760C84E2349BDC9D4C8C5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36530.roa
Signing time:             Tue 26 Aug 2025 05:54:58 +0000
ROA not before:           Tue 26 Aug 2025 05:49:57 +0000
ROA not after:            Tue 25 Aug 2026 05:54:57 +0000
asID:                     36530
IP address blocks:        179.61.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:c4:9c:41:3c:11:9d:51:24:87:60:c8:4e:23:49:bd:c9:d4:c8:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 26 05:49:57 2025 GMT
            Not After : Aug 25 05:54:57 2026 GMT
        Subject: CN=BA9CF6A438ED2EC939D103984125DB18B1EB23B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:2d:a2:f5:73:09:79:13:9c:bd:4d:f7:84:56:
                    83:b8:ab:d5:0b:de:26:85:62:38:07:58:a2:fa:4e:
                    41:34:65:d0:a3:98:55:f7:92:c4:b2:57:bc:fe:7d:
                    4e:84:7d:ab:05:fa:98:e2:68:6f:06:0b:7a:1f:1f:
                    1a:e0:95:8b:09:5b:f0:24:52:00:c6:bc:06:a7:83:
                    e0:27:b9:91:02:23:2f:c7:5f:2b:43:f5:cb:75:dd:
                    3b:4d:b7:1c:78:62:16:ca:f6:d4:c4:3d:70:29:b7:
                    03:96:41:a4:df:7d:93:42:40:00:47:ed:a4:aa:7b:
                    23:45:7a:b3:ea:33:c6:82:01:f7:8c:f3:2b:05:ee:
                    7f:13:15:11:24:56:95:f8:d8:fe:fb:c6:75:9c:17:
                    54:f4:5b:68:19:6e:4b:f9:ee:ba:e9:56:6a:bf:df:
                    f6:e7:68:ac:6b:6c:b7:71:0c:09:ca:88:ae:d2:81:
                    61:24:13:55:c3:e7:7b:b6:c5:d9:80:69:f0:42:55:
                    4c:68:c1:30:d9:0d:4e:d0:cd:f7:c3:34:17:e4:22:
                    23:48:6a:31:8b:9b:25:c0:3c:f6:69:1b:64:01:21:
                    6f:69:c0:4b:3f:fb:79:15:5b:f9:d3:ad:05:5d:e4:
                    65:e8:e3:7e:03:e2:7e:94:25:29:60:fd:57:f9:2f:
                    06:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:9C:F6:A4:38:ED:2E:C9:39:D1:03:98:41:25:DB:18:B1:EB:23:B6
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:a0:14:af:1a:42:58:72:50:af:a7:a8:19:02:e5:b8:7c:7c:
         53:b5:62:51:3b:ed:e7:bb:89:14:79:b2:f0:35:57:3d:a1:e4:
         90:79:e2:8c:04:32:b8:13:ba:63:aa:48:28:20:a0:fd:08:c7:
         af:d8:1a:ed:14:97:d5:94:89:ab:77:4f:f3:de:10:07:58:78:
         37:c8:57:8b:13:28:5a:67:77:9a:f5:5c:10:27:6b:37:95:5a:
         51:7b:95:9f:26:09:fb:c4:de:52:d2:4e:19:0f:cf:5e:1f:1b:
         18:0c:27:c5:28:f8:7f:0b:39:08:2c:72:a7:0a:a5:8e:24:d5:
         f7:24:be:f2:85:24:22:c0:97:9e:21:c6:fa:99:65:33:9d:fd:
         7a:05:19:02:96:5d:ec:d2:69:f6:41:1c:77:9c:88:22:f2:96:
         18:79:ca:8c:2e:90:01:45:0e:71:2f:5a:65:73:a3:88:61:69:
         70:f6:53:c0:91:92:fd:67:0e:6f:7b:94:52:2a:3f:73:6f:04:
         1b:62:2c:0e:31:05:e5:2f:b0:cb:3f:a3:29:3e:2c:a1:16:58:
         56:3c:a6:c6:7e:52:d2:89:70:93:8e:66:a6:b5:d3:17:91:2c:
         01:ba:a3:41:41:34:a5:9c:31:8e:5b:26:de:98:fc:c2:8e:55:
         63:10:9d:e9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUf8ScQTwRnVEkh2DITiNJvcnUyMUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MjYwNTQ5NTdaFw0yNjA4MjUwNTU0NTdaMDMxMTAvBgNV
BAMTKEJBOUNGNkE0MzhFRDJFQzkzOUQxMDM5ODQxMjVEQjE4QjFFQjIzQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfLaL1cwl5E5y9TfeEVoO4q9UL
3iaFYjgHWKL6TkE0ZdCjmFX3ksSyV7z+fU6EfasF+pjiaG8GC3ofHxrglYsJW/Ak
UgDGvAang+AnuZECIy/HXytD9ct13TtNtxx4YhbK9tTEPXAptwOWQaTffZNCQABH
7aSqeyNFerPqM8aCAfeM8ysF7n8TFREkVpX42P77xnWcF1T0W2gZbkv57rrpVmq/
3/bnaKxrbLdxDAnKiK7SgWEkE1XD53u2xdmAafBCVUxowTDZDU7QzffDNBfkIiNI
ajGLmyXAPPZpG2QBIW9pwEs/+3kVW/nTrQVd5GXo434D4n6UJSlg/Vf5LwYLAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUupz2pDjtLsk50QOYQSXbGLHrI7YwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzY1MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACzPbkw
DQYJKoZIhvcNAQELBQADggEBAHegFK8aQlhyUK+nqBkC5bh8fFO1YlE77ee7iRR5
svA1Vz2h5JB54owEMrgTumOqSCggoP0Ix6/YGu0Ul9WUiat3T/PeEAdYeDfIV4sT
KFpnd5r1XBAnazeVWlF7lZ8mCfvE3lLSThkPz14fGxgMJ8Uo+H8LOQgscqcKpY4k
1fckvvKFJCLAl54hxvqZZTOd/XoFGQKWXezSafZBHHeciCLylhh5yowukAFFDnEv
WmVzo4hhaXD2U8CRkv1nDm97lFIqP3NvBBtiLA4xBeUvsMs/oyk+LKEWWFY8psZ+
UtKJcJOOZqa10xeRLAG6o0FBNKWcMY5bJt6Y/MKOVWMQnek=
-----END CERTIFICATE-----