Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7029.roa
File:                     AS7029.roa (raw, json)
Hash identifier:          Msalhc1jl7dCMRh/8/9aAKfvWdGdN17APvP2z5Ewq5c=
Subject key identifier:   E2:EB:A6:48:0B:7A:E3:B8:DF:94:16:79:4D:3F:C9:C1:8B:1C:B9:BA
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       78FB89902138E7A3421CD450068723651DF69110
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7029.roa
Signing time:             Fri 10 Jan 2025 00:01:58 +0000
ROA not before:           Thu 09 Jan 2025 23:56:58 +0000
ROA not after:            Fri 09 Jan 2026 00:01:58 +0000
asID:                     7029
IP address blocks:        140.233.192.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 02:59:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:fb:89:90:21:38:e7:a3:42:1c:d4:50:06:87:23:65:1d:f6:91:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jan  9 23:56:58 2025 GMT
            Not After : Jan  9 00:01:58 2026 GMT
        Subject: CN=E2EBA6480B7AE3B8DF9416794D3FC9C18B1CB9BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:19:1c:75:51:65:32:55:ce:39:13:2f:27:d5:
                    a8:76:0b:3c:7f:cc:8f:2c:9c:86:93:0e:b8:90:4e:
                    24:63:89:90:c0:b5:33:38:80:8d:fc:c0:dd:f8:2a:
                    6c:25:5f:fb:57:db:4e:75:3e:dd:d6:f6:ab:74:c6:
                    49:5f:b4:38:b9:91:00:93:46:f8:3d:ab:0c:25:c3:
                    95:75:46:a0:2c:ea:35:ed:41:8f:bd:1c:6b:3e:52:
                    66:db:35:c7:6f:02:e8:d8:11:61:6d:ef:14:a0:0d:
                    45:31:9d:95:f3:e3:e4:56:79:4e:4d:8b:71:2e:ed:
                    4a:61:fd:c7:44:11:52:bf:a3:63:b2:92:8b:ec:14:
                    1e:b0:dd:ea:12:fe:0e:13:0d:c3:06:68:d0:49:89:
                    5b:7d:c1:84:84:4c:7c:9e:fa:e5:88:28:d4:8b:f1:
                    40:ba:fa:a4:df:1f:85:0a:25:07:e3:0e:ed:19:7a:
                    fa:76:66:b4:00:12:8c:0b:e2:c9:4e:fd:73:99:95:
                    5a:45:ed:08:41:64:bf:5e:8e:23:11:07:ce:6b:13:
                    f7:3c:80:ca:cd:f2:2a:f1:dd:f1:aa:0a:9a:2c:b1:
                    06:49:92:1f:98:7c:55:14:7a:60:4e:14:5a:20:4c:
                    ee:2b:13:27:95:d6:0e:f3:f1:a0:bf:a0:1d:f8:0c:
                    e2:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:EB:A6:48:0B:7A:E3:B8:DF:94:16:79:4D:3F:C9:C1:8B:1C:B9:BA
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7029.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         0b:1e:bd:6b:fb:49:f5:85:3a:f2:13:8f:d2:8e:56:24:be:49:
         7e:84:85:17:34:e7:68:72:41:01:92:0b:cb:a0:d1:dd:54:48:
         71:0f:0a:31:3f:81:fe:3c:fa:de:3e:11:fe:fc:1d:61:04:05:
         8d:9f:f4:ae:4c:8e:34:96:a6:e9:12:81:67:72:22:42:06:0e:
         c7:a7:c6:df:18:b5:3e:95:27:79:62:9c:02:eb:8e:9d:f2:b8:
         8f:6e:dd:5a:ca:5e:a9:eb:55:0d:b1:c4:9c:a2:18:1d:0f:6d:
         7c:d6:27:cb:f0:44:58:ff:53:bb:85:5c:b1:e0:53:f5:ca:c0:
         ff:7c:32:7d:c9:fb:50:ad:12:7c:49:6b:fb:59:18:16:b7:91:
         62:c3:cb:4a:e8:77:b8:17:5e:9f:72:bd:8f:f6:18:a3:1f:83:
         8f:39:15:2d:d7:d5:3c:d9:29:96:8d:0b:c4:2c:ec:65:37:bc:
         1c:53:f2:7c:ad:c1:2b:69:0b:de:99:e0:c5:48:2a:76:bf:e3:
         5e:be:9c:f9:b9:a3:d5:fe:59:2b:7e:aa:f0:d3:12:43:4e:23:
         fe:0f:93:0c:6a:cb:07:48:db:21:de:a8:28:ef:ba:d8:e2:6e:
         a3:31:e8:b9:23:75:fe:ae:b5:05:64:f1:cb:c9:3b:d8:c7:ca:
         27:49:3f:d9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUePuJkCE456NCHNRQBocjZR32kRAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTAxMDkyMzU2NThaFw0yNjAxMDkwMDAxNThaMDMxMTAvBgNV
BAMTKEUyRUJBNjQ4MEI3QUUzQjhERjk0MTY3OTREM0ZDOUMxOEIxQ0I5QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYGRx1UWUyVc45Ey8n1ah2Czx/
zI8snIaTDriQTiRjiZDAtTM4gI38wN34KmwlX/tX2051Pt3W9qt0xklftDi5kQCT
Rvg9qwwlw5V1RqAs6jXtQY+9HGs+UmbbNcdvAujYEWFt7xSgDUUxnZXz4+RWeU5N
i3Eu7Uph/cdEEVK/o2OykovsFB6w3eoS/g4TDcMGaNBJiVt9wYSETHye+uWIKNSL
8UC6+qTfH4UKJQfjDu0Zevp2ZrQAEowL4slO/XOZlVpF7QhBZL9ejiMRB85rE/c8
gMrN8irx3fGqCpossQZJkh+YfFUUemBOFFogTO4rEyeV1g7z8aC/oB34DOLbAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU4uumSAt647jflBZ5TT/JwYscubowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNzAyOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBozpwDAN
BgkqhkiG9w0BAQsFAAOCAQEACx69a/tJ9YU68hOP0o5WJL5JfoSFFzTnaHJBAZIL
y6DR3VRIcQ8KMT+B/jz63j4R/vwdYQQFjZ/0rkyONJam6RKBZ3IiQgYOx6fG3xi1
PpUneWKcAuuOnfK4j27dWspeqetVDbHEnKIYHQ9tfNYny/BEWP9Tu4VcseBT9crA
/3wyfcn7UK0SfElr+1kYFreRYsPLSuh3uBden3K9j/YYox+DjzkVLdfVPNkplo0L
xCzsZTe8HFPyfK3BK2kL3pngxUgqdr/jXr6c+bmj1f5ZK36q8NMSQ04j/g+TDGrL
B0jbId6oKO+62OJuozHouSN1/q61BWTxy8k72MfKJ0k/2Q==
-----END CERTIFICATE-----