Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58061.roa
File:                     AS58061.roa (raw, json)
Hash identifier:          SmJK2KInMuy/QLjfvP9anCacZeWoY0OL9qPzsBOWLZ4=
Subject key identifier:   DB:9A:31:01:49:AA:59:AE:F4:58:D4:24:47:2C:18:CD:96:FF:18:B1
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1564FDF9234EE488633C30D562520F5C84E15727
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58061.roa
Signing time:             Thu 21 May 2026 00:00:18 +0000
ROA not before:           Wed 20 May 2026 23:55:18 +0000
ROA not after:            Thu 20 May 2027 00:00:18 +0000
asID:                     58061
IP address blocks:        191.101.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 14:59:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:64:fd:f9:23:4e:e4:88:63:3c:30:d5:62:52:0f:5c:84:e1:57:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 20 23:55:18 2026 GMT
            Not After : May 20 00:00:18 2027 GMT
        Subject: CN=DB9A310149AA59AEF458D424472C18CD96FF18B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ba:8c:94:fa:8a:ea:1d:74:6a:bb:30:a7:4c:
                    6b:de:b6:82:d0:df:07:72:a1:02:b4:d1:c6:cd:f5:
                    f2:56:42:bb:53:87:9c:87:09:bb:52:a0:fc:c2:61:
                    6d:28:cb:5c:13:d1:f5:c9:5f:a1:04:e0:b5:19:54:
                    15:bb:e4:4e:85:6b:66:3d:fa:f0:c9:b4:5d:7c:6c:
                    16:2f:ee:18:74:fd:a1:84:91:85:06:08:db:f6:f0:
                    5b:3b:e4:0b:23:dc:ba:8f:f7:d5:19:86:e5:e2:de:
                    f3:d1:4a:c8:61:86:a1:74:c6:55:25:67:3a:9f:34:
                    3b:94:fc:6c:e3:6d:ec:0a:d7:af:1a:46:ca:04:5e:
                    1b:0b:a9:51:45:64:65:bf:27:0d:05:f5:15:6f:ad:
                    96:bd:f0:fe:8b:ba:03:1a:8b:59:28:5b:d8:54:ad:
                    27:6c:57:f9:e0:d9:94:f7:33:54:32:12:99:68:33:
                    65:d4:b8:0d:d0:6f:03:f0:e9:e6:d6:19:10:e6:41:
                    39:00:93:08:49:93:ed:ed:4f:7c:4e:57:d3:a0:8c:
                    4b:60:f2:b2:23:cd:31:64:ff:5a:1a:22:d8:95:35:
                    91:3b:3f:67:32:d7:ad:4b:fa:f9:85:b2:a2:73:d4:
                    54:9a:e1:f5:26:ef:bb:3c:30:9a:d0:df:06:26:2f:
                    a7:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:9A:31:01:49:AA:59:AE:F4:58:D4:24:47:2C:18:CD:96:FF:18:B1
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58061.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:c6:86:fd:ea:85:52:16:f9:e9:a3:cd:61:69:f6:a4:a7:ab:
         72:f3:c8:ed:5c:83:50:2b:b2:dd:9e:b1:8d:1d:97:ac:b8:da:
         e5:cd:f0:38:47:71:e6:7f:da:3f:95:78:de:0f:16:e3:48:ef:
         2d:af:f5:e6:13:b8:f9:bf:2d:0d:0f:0d:c4:27:0e:47:5a:ca:
         56:2b:07:b5:64:6b:e6:a2:45:45:47:a4:00:ae:2a:4d:4d:fd:
         8e:49:c7:09:1b:9f:ba:18:65:24:57:ed:00:f4:4b:24:0c:1b:
         12:27:7a:fe:3d:30:eb:6c:69:27:d2:aa:52:f9:f3:29:12:ec:
         5c:0b:d6:42:ff:e8:1b:00:52:39:69:0c:60:bf:fb:00:67:a1:
         79:f3:d5:79:57:2f:99:e3:68:08:b9:8c:1b:95:e3:4a:40:9f:
         b2:63:76:73:7f:80:35:9b:f4:6d:43:04:02:e1:12:63:dc:9a:
         3f:fd:f1:7b:1c:6e:3e:dc:90:0b:85:9a:2b:60:9b:52:8e:ed:
         88:ec:7b:aa:f3:37:08:76:62:0f:4d:ff:42:c8:c2:a6:1b:f7:
         a8:0c:81:40:84:be:b8:b1:2d:6b:58:80:62:50:79:c7:13:d7:
         f7:67:f5:ed:55:61:3d:c4:6f:fd:f0:e6:32:d7:2e:0e:8a:22:
         9a:df:47:6a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUFWT9+SNO5IhjPDDVYlIPXIThVycwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MjAyMzU1MThaFw0yNzA1MjAwMDAwMThaMDMxMTAvBgNV
BAMTKERCOUEzMTAxNDlBQTU5QUVGNDU4RDQyNDQ3MkMxOENEOTZGRjE4QjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjuoyU+orqHXRquzCnTGvetoLQ
3wdyoQK00cbN9fJWQrtTh5yHCbtSoPzCYW0oy1wT0fXJX6EE4LUZVBW75E6Fa2Y9
+vDJtF18bBYv7hh0/aGEkYUGCNv28Fs75Asj3LqP99UZhuXi3vPRSshhhqF0xlUl
ZzqfNDuU/GzjbewK168aRsoEXhsLqVFFZGW/Jw0F9RVvrZa98P6LugMai1koW9hU
rSdsV/ng2ZT3M1QyEploM2XUuA3QbwPw6ebWGRDmQTkAkwhJk+3tT3xOV9OgjEtg
8rIjzTFk/1oaItiVNZE7P2cy161L+vmFsqJz1FSa4fUm77s8MJrQ3wYmL6fnAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU25oxAUmqWa70WNQkRywYzZb/GLEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTgwNjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/ZXAw
DQYJKoZIhvcNAQELBQADggEBAJDGhv3qhVIW+emjzWFp9qSnq3LzyO1cg1Arst2e
sY0dl6y42uXN8DhHceZ/2j+VeN4PFuNI7y2v9eYTuPm/LQ0PDcQnDkdaylYrB7Vk
a+aiRUVHpACuKk1N/Y5Jxwkbn7oYZSRX7QD0SyQMGxInev49MOtsaSfSqlL58ykS
7FwL1kL/6BsAUjlpDGC/+wBnoXnz1XlXL5njaAi5jBuV40pAn7JjdnN/gDWb9G1D
BALhEmPcmj/98Xscbj7ckAuFmitgm1KO7Yjse6rzNwh2Yg9N/0LIwqYb96gMgUCE
vrixLWtYgGJQeccT1/dn9e1VYT3Eb/3w5jLXLg6KIprfR2o=
-----END CERTIFICATE-----