Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS58061.roa
File:                     AS58061.roa (raw, json)
Hash identifier:          Z8bYedarnxxobi6Ligv5nR3ORHnhi3d1ogVdT8jEj0Y=
Subject key identifier:   FB:B1:A4:8E:BF:D8:99:38:E9:1E:0C:51:DB:6C:61:AA:F0:7E:2E:6F
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6314A660FE01FD6D890CE4E67E6D45BA23A1043B
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS58061.roa
Signing time:             Sat 16 May 2026 00:04:16 +0000
ROA not before:           Fri 15 May 2026 23:59:16 +0000
ROA not after:            Sat 15 May 2027 00:04:16 +0000
asID:                     58061
IP address blocks:        91.124.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Jun 2026 23:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:14:a6:60:fe:01:fd:6d:89:0c:e4:e6:7e:6d:45:ba:23:a1:04:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 15 23:59:16 2026 GMT
            Not After : May 15 00:04:16 2027 GMT
        Subject: CN=FBB1A48EBFD89938E91E0C51DB6C61AAF07E2E6F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:75:f8:c8:d9:ab:35:aa:c7:02:f7:d3:fd:bc:
                    4b:cc:2b:91:35:64:86:bd:10:8c:5e:aa:1a:b2:d0:
                    3a:cd:5c:89:d7:b7:ef:f5:ea:de:5f:45:bc:65:5f:
                    f5:06:70:78:24:13:c0:3c:97:30:04:57:71:41:c9:
                    bf:e9:7e:52:95:21:3e:af:18:48:a4:40:59:3e:3d:
                    66:43:62:88:e9:d7:dc:3f:10:1e:ab:f2:99:12:68:
                    33:bb:ba:c8:a9:d6:bf:ea:77:f6:fa:52:74:bd:f7:
                    e0:a7:11:bb:32:eb:d7:0a:25:b3:78:85:ae:b9:43:
                    7c:6b:46:04:0b:08:e0:26:3a:8f:c6:c4:a5:67:68:
                    0a:de:62:22:3a:78:75:4f:03:4c:31:0f:a1:f7:61:
                    55:87:2f:21:2f:e8:3e:14:7b:fe:40:5f:f7:d3:4d:
                    9f:fe:21:4e:6a:42:e5:4e:54:64:19:a2:b5:09:f0:
                    51:8d:b4:ab:f4:bc:68:52:79:b7:95:56:1e:b6:f5:
                    e7:72:1b:ff:89:a5:7b:07:c8:59:01:2b:c3:d1:59:
                    f6:cd:88:e6:2d:ef:24:d5:d6:91:bd:5b:e0:58:c2:
                    55:cf:7c:4f:4d:4a:d4:9d:be:96:c5:2a:de:4f:24:
                    35:b7:fc:fc:be:64:15:60:43:68:1d:b3:4d:71:50:
                    95:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:B1:A4:8E:BF:D8:99:38:E9:1E:0C:51:DB:6C:61:AA:F0:7E:2E:6F
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS58061.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:3a:4b:0c:ba:03:78:7d:c3:5f:ed:ad:f7:eb:a9:ed:ee:0f:
         50:19:80:36:9c:83:49:b7:01:27:80:00:98:af:38:2c:cf:2c:
         74:3d:99:7c:e1:f9:24:8c:17:21:ea:97:3e:f5:54:47:42:1f:
         80:cc:7f:f9:bf:23:de:25:62:21:b7:57:69:ec:21:b4:a0:a3:
         e0:b5:05:3b:85:28:4a:cf:dc:05:d2:ff:c0:8e:e3:9d:0c:a0:
         47:a7:2e:fb:81:be:e0:82:ab:f1:0b:c6:83:05:c1:88:73:c5:
         96:41:ed:1c:08:bc:f3:fb:56:26:1b:ab:f6:0e:3c:7c:28:7c:
         67:54:d3:1c:0f:07:2e:29:f5:f3:8b:32:a2:9d:db:30:99:15:
         51:c4:a1:c7:f1:57:b4:be:9c:38:40:87:1e:66:22:09:2b:6e:
         5d:be:9e:1c:da:01:e9:15:5c:23:28:42:e4:a7:9e:e0:4a:5e:
         23:f8:ff:21:b5:12:7e:0a:11:41:04:96:ef:b0:bd:a4:79:71:
         03:33:cd:7d:9f:cf:49:b5:b7:59:b5:ef:53:87:2c:a2:53:36:
         3d:97:2d:68:93:4d:55:c6:a9:fc:c4:ed:11:89:4f:99:2f:b0:
         e8:a2:18:68:4c:80:46:02:37:bd:00:b6:00:19:9c:b3:bf:9e:
         06:38:d6:4c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUYxSmYP4B/W2JDOTmfm1FuiOhBDswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MTUyMzU5MTZaFw0yNzA1MTUwMDA0MTZaMDMxMTAvBgNV
BAMTKEZCQjFBNDhFQkZEODk5MzhFOTFFMEM1MURCNkM2MUFBRjA3RTJFNkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8dfjI2as1qscC99P9vEvMK5E1
ZIa9EIxeqhqy0DrNXInXt+/16t5fRbxlX/UGcHgkE8A8lzAEV3FByb/pflKVIT6v
GEikQFk+PWZDYojp19w/EB6r8pkSaDO7usip1r/qd/b6UnS99+CnEbsy69cKJbN4
ha65Q3xrRgQLCOAmOo/GxKVnaAreYiI6eHVPA0wxD6H3YVWHLyEv6D4Ue/5AX/fT
TZ/+IU5qQuVOVGQZorUJ8FGNtKv0vGhSebeVVh629edyG/+JpXsHyFkBK8PRWfbN
iOYt7yTV1pG9W+BYwlXPfE9NStSdvpbFKt5PJDW3/Py+ZBVgQ2gds01xUJU/AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+7Gkjr/YmTjpHgxR22xhqvB+Lm8wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNTgwNjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbfDEw
DQYJKoZIhvcNAQELBQADggEBACg6Swy6A3h9w1/trffrqe3uD1AZgDacg0m3ASeA
AJivOCzPLHQ9mXzh+SSMFyHqlz71VEdCH4DMf/m/I94lYiG3V2nsIbSgo+C1BTuF
KErP3AXS/8CO450MoEenLvuBvuCCq/ELxoMFwYhzxZZB7RwIvPP7ViYbq/YOPHwo
fGdU0xwPBy4p9fOLMqKd2zCZFVHEocfxV7S+nDhAhx5mIgkrbl2+nhzaAekVXCMo
QuSnnuBKXiP4/yG1En4KEUEElu+wvaR5cQMzzX2fz0m1t1m171OHLKJTNj2XLWiT
TVXGqfzE7RGJT5kvsOiiGGhMgEYCN70AtgAZnLO/ngY41kw=
-----END CERTIFICATE-----