Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS29066.roa
File:                     AS29066.roa (raw, json)
Hash identifier:          f1+4k1Y6WY6IdZoC9XSYBtJTkNJaaRWGPtVRMXN11zA=
Subject key identifier:   22:1F:B0:A2:3E:5E:35:81:7A:D9:2D:B2:DA:B9:45:50:71:A8:AE:81
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1C22973776414571D2F77978A576E0DEDEA22093
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS29066.roa
Signing time:             Sat 06 Apr 2024 11:09:31 +0000
ROA not before:           Sat 06 Apr 2024 11:04:31 +0000
ROA not after:            Sat 05 Apr 2025 11:09:31 +0000
asID:                     29066
IP address blocks:        146.103.8.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:22:97:37:76:41:45:71:d2:f7:79:78:a5:76:e0:de:de:a2:20:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  6 11:04:31 2024 GMT
            Not After : Apr  5 11:09:31 2025 GMT
        Subject: CN=221FB0A23E5E35817AD92DB2DAB9455071A8AE81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fb:af:84:f0:ed:15:a7:4e:f1:34:37:29:30:
                    bb:06:5f:a5:35:da:5f:31:1d:60:74:1f:66:fc:d5:
                    06:38:eb:cf:67:7e:9e:7d:a8:89:1c:22:d2:0b:0b:
                    da:cc:d3:fb:d4:7c:dc:64:36:26:8b:2d:6a:21:01:
                    0e:b9:42:f9:1e:55:72:cd:58:a2:af:c8:ba:30:cf:
                    c8:84:14:eb:5d:0e:0c:ef:5f:ce:4b:a0:18:5c:01:
                    3c:69:62:b3:e2:b9:39:aa:e9:d5:fa:7c:e3:5c:08:
                    3f:d9:45:2e:e1:9c:ef:3c:04:66:5a:43:80:c9:5d:
                    28:04:bd:4a:a0:82:1e:93:ad:75:48:29:7e:2b:64:
                    1a:e8:d4:85:87:26:47:ff:34:4e:64:b1:22:1c:b7:
                    de:1c:28:86:27:4c:a8:ae:c5:2d:70:41:a9:25:77:
                    80:d5:ba:e7:60:d5:b5:8d:4b:bb:75:e0:2a:7f:d8:
                    7b:79:8d:0d:19:a2:cf:29:85:66:4a:c1:ee:fb:27:
                    5b:30:45:3e:73:24:5a:51:21:3a:4e:6b:47:59:2c:
                    a9:94:4a:1f:18:2c:bc:6d:e1:18:c1:f6:d2:b7:26:
                    27:e8:3e:1f:53:c8:67:dd:34:ee:38:be:c0:35:89:
                    0f:a0:53:91:e0:b9:d6:1e:01:e5:a9:ac:38:5d:68:
                    ed:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:1F:B0:A2:3E:5E:35:81:7A:D9:2D:B2:DA:B9:45:50:71:A8:AE:81
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS29066.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:07:22:90:09:e6:01:e4:06:31:91:78:4f:66:5d:7e:b4:f5:
         f1:cf:d9:14:04:50:c0:8d:db:ba:79:e7:b2:e7:a3:62:1a:e8:
         a2:17:fa:09:08:c8:5a:a7:c5:65:cb:ae:07:61:29:da:f1:86:
         c3:90:e6:84:34:82:a9:e3:ae:50:e6:38:35:8a:f0:c6:b1:1f:
         37:bf:d1:22:5c:84:81:cd:3c:60:be:f7:04:0c:a1:d5:db:6f:
         e2:86:a8:04:90:b3:c6:d2:3a:20:df:c2:a1:53:26:31:df:19:
         e5:cd:4b:eb:93:e2:c9:3f:30:30:a8:20:c0:41:5f:10:a9:93:
         98:70:a3:a4:56:4c:32:e4:c1:0c:d5:33:fe:59:17:7a:c2:f7:
         5a:29:67:2c:b1:c3:c5:65:77:c0:c1:3f:f5:4b:db:a7:53:8f:
         f8:da:09:c1:99:61:a1:cb:e9:24:05:1e:8a:d6:99:ff:99:e9:
         db:53:2e:50:8f:7e:98:7c:61:5a:91:a1:2b:c3:32:82:83:54:
         ae:54:8b:d4:0b:08:32:70:68:87:98:54:49:f6:12:77:a0:d7:
         96:39:eb:6b:de:39:de:48:77:d5:e0:73:7b:87:f6:86:50:f5:
         b3:29:49:77:12:6b:0d:74:3e:23:15:f7:0f:ad:24:e0:28:8d:
         2d:cd:b2:3c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUHCKXN3ZBRXHS93l4pXbg3t6iIJMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MDYxMTA0MzFaFw0yNTA0MDUxMTA5MzFaMDMxMTAvBgNV
BAMTKDIyMUZCMEEyM0U1RTM1ODE3QUQ5MkRCMkRBQjk0NTUwNzFBOEFFODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv+6+E8O0Vp07xNDcpMLsGX6U1
2l8xHWB0H2b81QY4689nfp59qIkcItILC9rM0/vUfNxkNiaLLWohAQ65QvkeVXLN
WKKvyLowz8iEFOtdDgzvX85LoBhcATxpYrPiuTmq6dX6fONcCD/ZRS7hnO88BGZa
Q4DJXSgEvUqggh6TrXVIKX4rZBro1IWHJkf/NE5ksSIct94cKIYnTKiuxS1wQakl
d4DVuudg1bWNS7t14Cp/2Ht5jQ0Zos8phWZKwe77J1swRT5zJFpRITpOa0dZLKmU
Sh8YLLxt4RjB9tK3JifoPh9TyGfdNO44vsA1iQ+gU5HgudYeAeWprDhdaO3DAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUIh+woj5eNYF62S2y2rlFUHGoroEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjkwNjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGSZwgw
DQYJKoZIhvcNAQELBQADggEBAG8HIpAJ5gHkBjGReE9mXX609fHP2RQEUMCN27p5
57Lno2Ia6KIX+gkIyFqnxWXLrgdhKdrxhsOQ5oQ0gqnjrlDmODWK8MaxHze/0SJc
hIHNPGC+9wQModXbb+KGqASQs8bSOiDfwqFTJjHfGeXNS+uT4sk/MDCoIMBBXxCp
k5hwo6RWTDLkwQzVM/5ZF3rC91opZyyxw8Vld8DBP/VL26dTj/jaCcGZYaHL6SQF
HorWmf+Z6dtTLlCPfph8YVqRoSvDMoKDVK5Ui9QLCDJwaIeYVEn2Eneg15Y562ve
Od5Id9Xgc3uH9oZQ9bMpSXcSaw10PiMV9w+tJOAojS3Nsjw=
-----END CERTIFICATE-----