Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS29802.roa
File:                     AS29802.roa (raw, json)
Hash identifier:          SAeVEIP8zj0mmQ1GbQe/Iy5KTwJ5awdoRCTPvQFCDc0=
Subject key identifier:   20:72:4A:AE:74:29:09:E4:46:B9:2C:39:32:09:F9:02:9C:C9:9B:8F
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6F87B55CD841A1080CAF8D771C086435B4EECC89
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS29802.roa
Signing time:             Fri 11 Jul 2025 15:56:36 +0000
ROA not before:           Fri 11 Jul 2025 15:51:36 +0000
ROA not after:            Fri 10 Jul 2026 15:56:36 +0000
asID:                     29802
IP address blocks:        46.202.232.0/22 maxlen: 24
                          46.202.240.0/22 maxlen: 24
                          46.203.108.0/22 maxlen: 24
                          46.203.116.0/22 maxlen: 24
                          46.203.128.0/22 maxlen: 24
                          46.203.140.0/22 maxlen: 24
                          46.203.198.0/24 maxlen: 24
                          46.203.201.0/24 maxlen: 24
                          46.203.206.0/24 maxlen: 24
                          46.203.209.0/24 maxlen: 24
                          91.124.130.0/24 maxlen: 24
                          91.124.149.0/24 maxlen: 24
                          92.112.134.0/24 maxlen: 24
                          92.112.136.0/24 maxlen: 24
                          92.112.139.0/24 maxlen: 24
                          92.112.145.0/24 maxlen: 24
                          92.112.148.0/24 maxlen: 24
                          92.112.150.0/24 maxlen: 24
                          92.112.168.0/24 maxlen: 24
                          92.112.169.0/24 maxlen: 24
                          92.112.173.0/24 maxlen: 24
                          92.112.174.0/24 maxlen: 24
                          92.112.203.0/24 maxlen: 24
                          92.113.83.0/24 maxlen: 24
                          92.113.103.0/24 maxlen: 24
                          92.113.162.0/24 maxlen: 24
                          92.113.232.0/24 maxlen: 24
                          92.113.233.0/24 maxlen: 24
                          92.113.237.0/24 maxlen: 24
                          92.113.238.0/24 maxlen: 24
                          92.113.242.0/24 maxlen: 24
                          92.113.243.0/24 maxlen: 24
                          95.135.60.0/24 maxlen: 24
                          178.92.92.0/22 maxlen: 24
                          178.93.112.0/22 maxlen: 24
                          178.95.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:87:b5:5c:d8:41:a1:08:0c:af:8d:77:1c:08:64:35:b4:ee:cc:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jul 11 15:51:36 2025 GMT
            Not After : Jul 10 15:56:36 2026 GMT
        Subject: CN=20724AAE742909E446B92C393209F9029CC99B8F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:64:cf:db:f5:f6:53:6a:b6:e1:8c:b1:9d:1c:
                    95:d3:fb:0e:70:1f:d3:ed:ed:32:55:22:05:85:61:
                    7c:b5:ad:60:c5:cd:23:2b:36:98:82:0d:b4:a0:ab:
                    c3:01:68:01:11:f9:a4:2f:0a:ae:69:c6:f9:d2:c2:
                    a5:89:69:87:2d:16:ee:93:a4:95:2f:70:8f:b4:30:
                    22:8a:38:be:05:96:aa:46:ec:1c:df:60:d4:4d:62:
                    7f:ad:07:57:c8:00:bb:51:27:d8:cf:ed:7b:21:b2:
                    64:27:7b:f4:89:ed:33:5e:d9:21:1b:21:83:25:be:
                    6f:a6:5b:7e:78:7b:84:f7:bb:b4:d7:73:5a:48:28:
                    78:1d:c4:f4:d4:09:08:11:1e:1f:36:fc:7d:33:54:
                    8c:76:83:45:21:0f:ff:2f:de:ed:74:68:c4:24:d0:
                    dd:0d:2f:5c:5a:43:88:f6:39:d5:a8:e3:e7:ca:74:
                    5f:0d:79:6b:86:a9:bd:a4:f9:d7:70:0f:af:d7:49:
                    01:3b:ed:b1:1e:71:b8:82:da:cf:88:0b:68:97:95:
                    be:4e:9d:32:8b:60:f4:f1:4a:45:2f:86:01:79:d4:
                    a2:9d:0e:08:2d:ec:4a:20:6b:e8:f1:fc:02:89:70:
                    b3:15:02:f7:dd:80:a4:b6:e0:b5:33:5c:af:6a:55:
                    b9:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:72:4A:AE:74:29:09:E4:46:B9:2C:39:32:09:F9:02:9C:C9:9B:8F
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS29802.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.232.0/22
                  46.202.240.0/22
                  46.203.108.0/22
                  46.203.116.0/22
                  46.203.128.0/22
                  46.203.140.0/22
                  46.203.198.0/24
                  46.203.201.0/24
                  46.203.206.0/24
                  46.203.209.0/24
                  91.124.130.0/24
                  91.124.149.0/24
                  92.112.134.0/24
                  92.112.136.0/24
                  92.112.139.0/24
                  92.112.145.0/24
                  92.112.148.0/24
                  92.112.150.0/24
                  92.112.168.0/23
                  92.112.173.0-92.112.174.255
                  92.112.203.0/24
                  92.113.83.0/24
                  92.113.103.0/24
                  92.113.162.0/24
                  92.113.232.0/23
                  92.113.237.0-92.113.238.255
                  92.113.242.0/23
                  95.135.60.0/24
                  178.92.92.0/22
                  178.93.112.0/22
                  178.95.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:5f:fa:c2:39:0e:69:82:54:7b:b7:9e:73:b8:3f:95:0b:52:
         bb:0c:76:e4:7a:de:43:28:14:91:94:1d:75:bf:6f:51:0d:0a:
         15:ec:70:71:c9:f5:4f:13:c0:fd:ce:24:a2:68:4c:76:60:e3:
         11:d5:21:86:af:5c:73:38:18:a8:ac:36:93:77:0e:67:53:9d:
         0a:6d:c9:2e:6b:a5:f2:1b:08:73:63:a7:b5:7f:ff:0d:59:5a:
         3b:48:e1:6d:cc:ca:b4:48:9e:61:c6:55:35:57:ff:25:83:fb:
         7d:bd:52:87:cc:f2:56:bc:71:e2:6f:13:1c:fa:2c:a2:69:34:
         71:fc:f0:30:cb:ad:9e:60:fb:8f:98:6b:04:a7:65:ef:35:76:
         c1:e4:22:00:70:90:a7:b1:e2:38:3c:47:33:f9:87:db:a0:fb:
         f2:d7:f4:05:0f:3b:27:14:57:5c:9c:58:a4:c7:26:20:91:e0:
         b8:dd:0a:43:24:bd:a1:c8:0e:32:11:f8:0f:e2:62:10:64:6e:
         66:be:3e:7d:a0:e4:a4:4e:44:3c:a5:07:03:18:73:94:8a:41:
         d4:d4:d9:30:a5:a5:b9:d6:e4:fc:11:0d:31:8d:0a:2d:d1:54:
         f5:e7:cb:a3:ad:ea:2b:1a:a6:fe:c4:23:5a:4a:e0:bf:62:f8:
         bc:9d:d6:1d
-----BEGIN CERTIFICATE-----
MIIFyDCCBLCgAwIBAgIUb4e1XNhBoQgMr413HAhkNbTuzIkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA3MTExNTUxMzZaFw0yNjA3MTAxNTU2MzZaMDMxMTAvBgNV
BAMTKDIwNzI0QUFFNzQyOTA5RTQ0NkI5MkMzOTMyMDlGOTAyOUNDOTlCOEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdZM/b9fZTarbhjLGdHJXT+w5w
H9Pt7TJVIgWFYXy1rWDFzSMrNpiCDbSgq8MBaAER+aQvCq5pxvnSwqWJaYctFu6T
pJUvcI+0MCKKOL4FlqpG7BzfYNRNYn+tB1fIALtRJ9jP7XshsmQne/SJ7TNe2SEb
IYMlvm+mW354e4T3u7TXc1pIKHgdxPTUCQgRHh82/H0zVIx2g0UhD/8v3u10aMQk
0N0NL1xaQ4j2OdWo4+fKdF8NeWuGqb2k+ddwD6/XSQE77bEecbiC2s+IC2iXlb5O
nTKLYPTxSkUvhgF51KKdDggt7Eoga+jx/AKJcLMVAvfdgKS24LUzXK9qVbkTAgMB
AAGjggLSMIICzjAdBgNVHQ4EFgQUIHJKrnQpCeRGuSw5Mgn5ApzJm48wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjk4MDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgecGCCsGAQUFBwEHAQH/BIHXMIHUMIHRBAIAATCBygME
Ai7K6AMEAi7K8AMEAi7LbAMEAi7LdAMEAi7LgAMEAi7LjAMEAC7LxgMEAC7LyQME
AC7LzgMEAC7L0QMEAFt8ggMEAFt8lQMEAFxwhgMEAFxwiAMEAFxwiwMEAFxwkQME
AFxwlAMEAFxwlgMEAVxwqDAMAwQAXHCtAwQAXHCuAwQAXHDLAwQAXHFTAwQAXHFn
AwQAXHGiAwQBXHHoMAwDBABcce0DBABcce4DBAFccfIDBABfhzwDBAKyXFwDBAKy
XXADBACyXyMwDQYJKoZIhvcNAQELBQADggEBAIdf+sI5DmmCVHu3nnO4P5ULUrsM
duR63kMoFJGUHXW/b1ENChXscHHJ9U8TwP3OJKJoTHZg4xHVIYavXHM4GKisNpN3
DmdTnQptyS5rpfIbCHNjp7V//w1ZWjtI4W3MyrRInmHGVTVX/yWD+329UofM8la8
ceJvExz6LKJpNHH88DDLrZ5g+4+YawSnZe81dsHkIgBwkKex4jg8RzP5h9ug+/LX
9AUPOycUV1ycWKTHJiCR4LjdCkMkvaHIDjIR+A/iYhBkbma+Pn2g5KRORDylBwMY
c5SKQdTU2TClpbnW5PwRDTGNCi3RVPXny6Ot6isapv7EI1pK4L9i+Lyd1h0=
-----END CERTIFICATE-----
Generated at Tue Jul 22 19:29:29 2025 by rpki-client