Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS29802.roa
File:                     AS29802.roa (raw, json)
Hash identifier:          ibR5w5FinR/A2wJ8J43k1fd0RS8ReAAv+YcBzo/nVks=
Subject key identifier:   E8:49:A2:FF:42:4B:F2:95:9E:F3:EF:30:EB:2E:E2:D9:CB:F2:3E:29
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       28924E8B54D05D49B083FFCBA606182D2A54C1FA
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS29802.roa
Signing time:             Sat 06 Apr 2024 11:09:31 +0000
ROA not before:           Sat 06 Apr 2024 11:04:31 +0000
ROA not after:            Sat 05 Apr 2025 11:09:31 +0000
asID:                     29802
IP address blocks:        146.103.19.0/24 maxlen: 24
                          147.79.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 19:05:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:92:4e:8b:54:d0:5d:49:b0:83:ff:cb:a6:06:18:2d:2a:54:c1:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  6 11:04:31 2024 GMT
            Not After : Apr  5 11:09:31 2025 GMT
        Subject: CN=E849A2FF424BF2959EF3EF30EB2EE2D9CBF23E29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:5e:75:da:68:2f:4a:5d:c6:35:7c:cf:1b:2f:
                    af:4c:ba:63:4a:0e:5b:5c:95:a5:ee:6e:f8:2c:bb:
                    9e:ec:b7:a9:21:af:c7:3c:3c:82:b5:91:3f:b0:e5:
                    cd:59:55:02:e2:a4:49:95:4f:9a:48:82:4a:c2:52:
                    b5:73:eb:55:94:61:6a:5e:31:dc:42:25:bc:99:27:
                    02:76:70:82:14:17:aa:84:39:4a:12:b2:31:46:18:
                    b7:ad:7d:4f:9f:0b:c5:16:4a:fa:e7:12:cd:e4:18:
                    35:d9:5c:9c:9c:72:82:27:88:c9:ae:f6:0c:49:01:
                    90:ba:9e:35:af:d2:78:7c:52:81:d4:d9:50:c9:88:
                    46:7a:f0:a8:8a:df:b9:1a:9a:6a:37:96:23:ce:79:
                    48:df:ec:34:25:8d:32:03:d4:4d:2f:70:51:b3:f5:
                    5e:16:32:73:51:3f:eb:23:c7:5f:4a:94:e4:11:6e:
                    db:f7:e3:df:87:7a:74:20:74:26:e8:a7:ee:e2:1d:
                    6b:06:d8:86:a6:a0:c7:3a:b7:48:24:6a:ad:91:fa:
                    c0:aa:06:f6:c8:65:46:46:90:1e:2d:9c:75:14:7e:
                    3f:c1:13:56:0a:f5:a9:74:e6:85:78:2b:66:29:ed:
                    4a:e6:c5:49:3d:3d:7f:ee:cb:09:fd:3c:35:be:9d:
                    7e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:49:A2:FF:42:4B:F2:95:9E:F3:EF:30:EB:2E:E2:D9:CB:F2:3E:29
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS29802.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.19.0/24
                  147.79.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:7d:13:01:a3:43:59:24:14:68:e7:b1:a9:f1:c4:00:e9:e5:
         3a:95:10:78:a9:01:6f:e0:b5:5c:3c:84:77:13:f2:52:51:d2:
         63:7f:39:74:af:99:8b:d8:b2:ae:e3:66:96:68:b4:b3:80:af:
         35:a0:b0:32:59:7d:76:85:3f:ad:8e:c2:4b:53:7b:a7:a7:62:
         32:84:ff:cb:ac:7e:5d:16:b8:54:9b:45:68:2c:f9:5d:c9:3e:
         b2:ac:ad:e5:26:77:08:19:a6:c1:07:c0:8d:36:af:cf:02:cd:
         4c:eb:e9:2b:dd:f6:db:e9:1c:40:39:27:b0:99:bb:08:77:f9:
         b0:54:13:7b:66:95:f2:93:e4:3b:4f:b1:65:18:fd:74:2d:94:
         ce:69:79:06:ab:19:a9:17:76:53:11:aa:2c:d0:47:e5:6e:28:
         e6:22:e9:8b:64:e7:24:ad:fc:9f:90:a6:90:ef:b6:8c:f4:29:
         61:30:70:8b:4e:a9:98:15:48:01:7b:0f:92:a5:e9:f9:8d:61:
         16:52:ff:05:1a:1b:14:67:f4:ce:2f:e3:30:3b:a1:c4:3c:55:
         ac:d4:95:ed:50:bc:30:34:ad:8c:ee:2b:7d:93:bc:a6:c4:7d:
         b1:a6:8b:ff:a7:10:5f:f2:a4:53:f3:8c:08:97:7f:c5:53:94:
         9a:5a:db:2c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUKJJOi1TQXUmwg//LpgYYLSpUwfowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MDYxMTA0MzFaFw0yNTA0MDUxMTA5MzFaMDMxMTAvBgNV
BAMTKEU4NDlBMkZGNDI0QkYyOTU5RUYzRUYzMEVCMkVFMkQ5Q0JGMjNFMjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlXnXaaC9KXcY1fM8bL69MumNK
DltclaXubvgsu57st6khr8c8PIK1kT+w5c1ZVQLipEmVT5pIgkrCUrVz61WUYWpe
MdxCJbyZJwJ2cIIUF6qEOUoSsjFGGLetfU+fC8UWSvrnEs3kGDXZXJyccoIniMmu
9gxJAZC6njWv0nh8UoHU2VDJiEZ68KiK37kammo3liPOeUjf7DQljTID1E0vcFGz
9V4WMnNRP+sjx19KlOQRbtv349+HenQgdCbop+7iHWsG2IamoMc6t0gkaq2R+sCq
BvbIZUZGkB4tnHUUfj/BE1YK9al05oV4K2Yp7UrmxUk9PX/uywn9PDW+nX7HAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU6Emi/0JL8pWe8+8w6y7i2cvyPikwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjk4MDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACSZxMD
BACTTx0wDQYJKoZIhvcNAQELBQADggEBAK19EwGjQ1kkFGjnsanxxADp5TqVEHip
AW/gtVw8hHcT8lJR0mN/OXSvmYvYsq7jZpZotLOArzWgsDJZfXaFP62OwktTe6en
YjKE/8usfl0WuFSbRWgs+V3JPrKsreUmdwgZpsEHwI02r88CzUzr6Svd9tvpHEA5
J7CZuwh3+bBUE3tmlfKT5DtPsWUY/XQtlM5peQarGakXdlMRqizQR+VuKOYi6Ytk
5ySt/J+QppDvtoz0KWEwcItOqZgVSAF7D5Kl6fmNYRZS/wUaGxRn9M4v4zA7ocQ8
VazUle1QvDA0rYzuK32TvKbEfbGmi/+nEF/ypFPzjAiXf8VTlJpa2yw=
-----END CERTIFICATE-----