Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS329007.roa
File:                     AS329007.roa (raw, json)
Hash identifier:          ctEj7PvCTYn4n+WMPK8m8G9CztoM3fqurAl98yEYaw0=
Subject key identifier:   20:55:8F:01:4A:98:C8:76:04:37:F3:B3:02:E6:CC:FE:7F:4F:71:94
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1686032D8749636F5C6BFF3D53AA6AE22EA26D24
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS329007.roa
Signing time:             Fri 11 Jul 2025 16:47:28 +0000
ROA not before:           Fri 11 Jul 2025 16:42:28 +0000
ROA not after:            Fri 10 Jul 2026 16:47:28 +0000
asID:                     329007
IP address blocks:        82.29.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:86:03:2d:87:49:63:6f:5c:6b:ff:3d:53:aa:6a:e2:2e:a2:6d:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 11 16:42:28 2025 GMT
            Not After : Jul 10 16:47:28 2026 GMT
        Subject: CN=20558F014A98C8760437F3B302E6CCFE7F4F7194
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:8e:37:db:17:87:57:10:6c:61:15:7f:18:f4:
                    f5:3e:be:0d:8b:73:e4:2f:68:e2:f6:09:07:9f:82:
                    02:18:57:54:44:f0:78:52:39:e4:a7:45:22:75:5e:
                    e0:cd:1b:97:1d:d5:57:8a:12:72:f9:9b:8e:58:bf:
                    2b:66:17:0e:2d:8c:1c:c5:14:64:58:0d:24:6f:3b:
                    91:f4:cd:62:86:fb:dd:fe:4d:05:8f:0d:bb:1d:13:
                    ac:02:9f:d0:5c:cc:77:84:be:2e:83:96:9d:20:b3:
                    40:5e:3a:cc:78:06:e3:75:72:6b:5a:a1:ea:41:72:
                    8a:f0:59:8e:24:c3:4b:6f:da:3f:5a:52:67:72:7f:
                    2f:33:3d:57:46:23:80:57:33:cf:ab:04:dc:fb:ff:
                    7a:ea:ce:ba:d9:7b:01:47:e3:11:1a:a6:7b:fe:35:
                    28:c2:d6:2f:d9:00:73:48:a0:03:24:3e:6b:ba:81:
                    d8:a3:83:8a:e0:d6:4a:01:e9:bf:ab:9f:5d:3d:4e:
                    06:98:21:59:cd:47:92:b9:0e:00:06:76:7e:b3:d9:
                    96:1d:88:5f:14:56:f0:eb:04:19:7b:3b:ab:09:61:
                    56:76:70:18:9a:0e:9a:7d:45:f7:05:ed:de:d5:a9:
                    50:bf:39:1f:6b:c9:c5:f3:1f:ef:16:ad:40:ff:bc:
                    62:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:55:8F:01:4A:98:C8:76:04:37:F3:B3:02:E6:CC:FE:7F:4F:71:94
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS329007.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:db:e2:92:3e:a5:92:f3:6c:90:11:a8:09:a8:ce:ae:e7:63:
         e7:77:f0:8f:1e:54:d0:27:39:5d:02:bf:d3:77:04:75:f5:ff:
         45:14:5c:38:9e:19:3f:78:e6:75:1c:db:49:8b:b4:a9:03:a2:
         80:65:a9:45:01:d7:f4:82:a7:c7:77:62:b0:30:d4:97:81:ef:
         6b:ae:a6:8f:c9:ba:6a:ca:9a:9d:45:79:ac:a4:f6:ee:52:d5:
         9e:ce:0c:8b:91:a7:7f:c6:79:3f:ff:81:5e:c5:37:2e:05:3c:
         b8:9a:69:22:e7:f5:62:f8:15:4a:80:88:39:49:b9:76:06:84:
         b6:63:cf:11:91:a7:8f:14:32:b8:35:6d:34:1b:33:18:f0:c8:
         d4:73:d3:15:bc:c9:84:fd:70:21:be:80:ec:ce:e7:ff:d8:84:
         97:9b:87:86:c2:ad:c8:ef:9c:b8:a6:30:34:70:41:ad:84:8e:
         d1:e5:0a:f4:20:cc:cf:6a:43:0e:fe:f8:fc:86:1c:59:c2:28:
         89:3a:c7:89:8f:9d:ee:16:51:3d:e9:29:a9:2e:0b:7f:41:f1:
         21:d3:43:eb:c5:ce:30:42:56:6f:b8:99:af:25:21:65:be:3e:
         92:54:63:20:9c:2b:4a:d5:c5:84:77:df:02:35:e9:8a:60:cd:
         7f:5a:a8:67
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFoYDLYdJY29ca/89U6pq4i6ibSQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MTExNjQyMjhaFw0yNjA3MTAxNjQ3MjhaMDMxMTAvBgNV
BAMTKDIwNTU4RjAxNEE5OEM4NzYwNDM3RjNCMzAyRTZDQ0ZFN0Y0RjcxOTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsjjfbF4dXEGxhFX8Y9PU+vg2L
c+QvaOL2CQefggIYV1RE8HhSOeSnRSJ1XuDNG5cd1VeKEnL5m45YvytmFw4tjBzF
FGRYDSRvO5H0zWKG+93+TQWPDbsdE6wCn9BczHeEvi6Dlp0gs0BeOsx4BuN1cmta
oepBcorwWY4kw0tv2j9aUmdyfy8zPVdGI4BXM8+rBNz7/3rqzrrZewFH4xEapnv+
NSjC1i/ZAHNIoAMkPmu6gdijg4rg1koB6b+rn109TgaYIVnNR5K5DgAGdn6z2ZYd
iF8UVvDrBBl7O6sJYVZ2cBiaDpp9RfcF7d7VqVC/OR9rycXzH+8WrUD/vGIfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUIFWPAUqYyHYEN/OzAubM/n9PcZQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzI5MDA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUh1t
MA0GCSqGSIb3DQEBCwUAA4IBAQAA2+KSPqWS82yQEagJqM6u52Pnd/CPHlTQJzld
Ar/TdwR19f9FFFw4nhk/eOZ1HNtJi7SpA6KAZalFAdf0gqfHd2KwMNSXge9rrqaP
ybpqypqdRXmspPbuUtWezgyLkad/xnk//4FexTcuBTy4mmki5/Vi+BVKgIg5Sbl2
BoS2Y88RkaePFDK4NW00GzMY8MjUc9MVvMmE/XAhvoDszuf/2ISXm4eGwq3I75y4
pjA0cEGthI7R5Qr0IMzPakMO/vj8hhxZwiiJOseJj53uFlE96SmpLgt/QfEh00Pr
xc4wQlZvuJmvJSFlvj6SVGMgnCtK1cWEd98CNemKYM1/Wqhn
-----END CERTIFICATE-----