Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS29066.roa
File:                     AS29066.roa (raw, json)
Hash identifier:          QYMUlZGTZYo5KTMrjyppplDhIQfKus3acM2EV89W23A=
Subject key identifier:   7D:51:46:FF:66:9B:95:23:7A:2B:2B:0A:50:E7:93:EB:BC:5C:7F:AF
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7EB0BE80334037A00BA13C69B32C7632BA0FE972
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS29066.roa
Signing time:             Mon 14 Jul 2025 13:55:41 +0000
ROA not before:           Mon 14 Jul 2025 13:50:41 +0000
ROA not after:            Mon 13 Jul 2026 13:55:41 +0000
asID:                     29066
IP address blocks:        146.103.8.0/23 maxlen: 23
                          147.79.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 00:16:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:b0:be:80:33:40:37:a0:0b:a1:3c:69:b3:2c:76:32:ba:0f:e9:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 14 13:50:41 2025 GMT
            Not After : Jul 13 13:55:41 2026 GMT
        Subject: CN=7D5146FF669B95237A2B2B0A50E793EBBC5C7FAF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ef:54:29:d1:a5:00:9f:53:66:a2:3d:ff:0c:
                    a4:42:4f:f8:38:e8:13:01:83:ba:57:e4:02:b4:a2:
                    9d:97:d2:3e:a9:3d:24:29:df:6c:3b:31:7f:4f:2a:
                    73:89:a6:18:00:78:67:57:e1:82:61:f3:7d:55:b6:
                    fe:19:3c:27:04:04:8e:f1:b9:75:26:35:9c:a9:a7:
                    e9:63:d4:2e:8f:d5:e2:1d:bb:c5:10:0e:5c:3e:06:
                    a6:bb:ec:c2:c0:68:4a:a0:2b:6e:83:f9:ab:dd:32:
                    17:97:4b:82:15:41:7b:5d:b0:8c:56:60:da:f3:a5:
                    15:84:0a:9a:fb:1b:39:07:a3:68:95:d8:9e:76:ab:
                    50:4c:0c:57:34:3c:c9:8d:9e:08:9b:d1:ad:51:2c:
                    ea:99:e5:4a:33:11:6f:cf:66:e9:2f:40:36:ca:23:
                    cd:49:c6:b1:d6:84:5b:00:be:e3:d7:f0:0b:f4:8c:
                    5d:7f:8d:d6:6e:8b:1b:bb:6a:46:5b:56:99:bb:e4:
                    de:9d:b3:0d:33:87:4b:f1:a2:c8:1e:8d:48:10:67:
                    e4:01:5e:60:2a:f4:20:73:f6:3a:41:02:fa:9b:3c:
                    04:70:10:bd:05:9b:fd:f9:0c:b6:dc:34:ec:39:f9:
                    66:29:01:7e:e5:77:eb:ec:ad:73:ba:02:7e:12:c8:
                    e6:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:51:46:FF:66:9B:95:23:7A:2B:2B:0A:50:E7:93:EB:BC:5C:7F:AF
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS29066.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.8.0/23
                  147.79.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:ee:03:ad:66:95:74:97:40:93:f2:7c:21:0b:22:9a:c1:b5:
         94:c9:44:39:0c:f3:98:a4:ed:9e:04:f9:11:2e:ad:e2:cf:f8:
         12:3e:01:c2:17:da:83:98:28:17:72:2c:a5:24:f5:41:bc:4f:
         3d:05:e0:ba:01:e4:be:0e:1c:7e:74:01:b8:89:5c:58:cb:c2:
         0e:bd:e4:2f:80:a1:5b:35:c7:32:ca:b4:2e:d3:f5:ff:71:2b:
         ce:75:63:84:89:a9:91:52:69:39:96:07:3e:35:60:6c:46:bf:
         e9:80:29:0e:33:2d:a0:bd:83:f4:c9:5d:09:30:83:b6:bb:22:
         d0:dc:5e:9e:4a:43:f0:50:3e:39:ca:dc:fa:5f:4c:58:15:a2:
         51:d9:29:3f:80:ba:f4:00:92:68:1b:b1:ae:b1:ed:b3:70:bd:
         5f:f2:c6:5f:cd:00:5e:3b:bd:11:aa:10:32:c1:84:12:f4:d6:
         79:47:18:75:99:01:9e:39:55:f8:ac:3a:1b:4e:4e:3b:14:de:
         9c:5e:95:9a:59:22:9f:bf:03:ad:2b:7b:63:bf:6b:09:2a:b0:
         6c:63:f3:4b:2b:03:86:2e:22:ba:a9:4d:61:28:1f:52:53:2d:
         1e:e1:fd:0b:48:e4:dc:f7:8c:e0:65:48:a5:71:c7:ce:cd:04:
         5d:fc:06:f6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUfrC+gDNAN6ALoTxpsyx2MroP6XIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MTQxMzUwNDFaFw0yNjA3MTMxMzU1NDFaMDMxMTAvBgNV
BAMTKDdENTE0NkZGNjY5Qjk1MjM3QTJCMkIwQTUwRTc5M0VCQkM1QzdGQUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx71Qp0aUAn1Nmoj3/DKRCT/g4
6BMBg7pX5AK0op2X0j6pPSQp32w7MX9PKnOJphgAeGdX4YJh831Vtv4ZPCcEBI7x
uXUmNZypp+lj1C6P1eIdu8UQDlw+Bqa77MLAaEqgK26D+avdMheXS4IVQXtdsIxW
YNrzpRWECpr7GzkHo2iV2J52q1BMDFc0PMmNngib0a1RLOqZ5UozEW/PZukvQDbK
I81JxrHWhFsAvuPX8Av0jF1/jdZuixu7akZbVpm75N6dsw0zh0vxosgejUgQZ+QB
XmAq9CBz9jpBAvqbPARwEL0Fm/35DLbcNOw5+WYpAX7ld+vsrXO6An4SyOYPAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUfVFG/2ablSN6KysKUOeT67xcf68wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjkwNjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAGSZwgD
BACTTwcwDQYJKoZIhvcNAQELBQADggEBAKDuA61mlXSXQJPyfCELIprBtZTJRDkM
85ik7Z4E+REureLP+BI+AcIX2oOYKBdyLKUk9UG8Tz0F4LoB5L4OHH50AbiJXFjL
wg695C+AoVs1xzLKtC7T9f9xK851Y4SJqZFSaTmWBz41YGxGv+mAKQ4zLaC9g/TJ
XQkwg7a7ItDcXp5KQ/BQPjnK3PpfTFgVolHZKT+AuvQAkmgbsa6x7bNwvV/yxl/N
AF47vRGqEDLBhBL01nlHGHWZAZ45VfisOhtOTjsU3pxelZpZIp+/A60re2O/awkq
sGxj80srA4YuIrqpTWEoH1JTLR7h/QtI5Nz3jOBlSKVxx87NBF38BvY=
-----END CERTIFICATE-----