Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS7029.roa
File:                     AS7029.roa (raw, json)
Hash identifier:          EQdsNpFUDlB6ynhRTbcYQBl7UF6yGjIXmjLtDYAN+1w=
Subject key identifier:   DF:86:8B:AA:DB:0F:51:BF:BF:22:A7:EB:92:9F:E4:4C:EC:B5:CB:86
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       783F7BD99CEE3A0095253EAA20EF36BF0042E2EF
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS7029.roa
Signing time:             Tue 30 Sep 2025 10:03:13 +0000
ROA not before:           Tue 30 Sep 2025 09:58:13 +0000
ROA not after:            Tue 29 Sep 2026 10:03:13 +0000
asID:                     7029
IP address blocks:        46.236.244.0/22 maxlen: 24
                          46.236.248.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:3f:7b:d9:9c:ee:3a:00:95:25:3e:aa:20:ef:36:bf:00:42:e2:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:13 2025 GMT
            Not After : Sep 29 10:03:13 2026 GMT
        Subject: CN=DF868BAADB0F51BFBF22A7EB929FE44CECB5CB86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d8:c6:ea:34:8e:68:c2:52:c0:4f:c4:61:a4:
                    bb:8c:0a:1b:67:ad:ae:03:f9:f4:97:1c:6a:0a:80:
                    d5:bf:fe:7f:61:a6:c7:98:94:29:ea:55:0c:53:cb:
                    4c:09:63:ab:dc:68:80:d0:81:ae:ee:3a:b0:0d:a5:
                    b3:90:75:06:7e:51:af:d6:c7:b1:cf:64:84:c0:91:
                    d0:25:a7:0c:ec:d8:dd:d2:11:db:05:27:ea:99:5e:
                    02:cc:4c:a7:b9:dd:74:cb:1e:ea:c1:f1:50:4e:94:
                    3d:62:2a:8a:68:fe:43:25:b3:51:68:e2:32:97:97:
                    9b:38:a4:3b:61:90:25:5b:2c:70:96:98:69:83:77:
                    ca:f3:b0:4c:9d:68:8e:7c:e2:74:5b:b8:db:6d:2f:
                    f5:fe:b5:23:20:5d:fe:6b:b8:47:42:e4:56:5d:79:
                    cf:05:23:30:df:aa:43:3f:3a:ed:fd:78:65:af:86:
                    1a:c8:34:c4:78:a1:cd:a3:fb:88:85:79:5f:f0:76:
                    94:fb:c7:9c:16:53:85:bc:ef:c7:a9:3c:a8:5b:bd:
                    49:6a:a5:4a:b7:cd:78:9a:c5:bd:53:1e:c8:94:a9:
                    90:8a:04:c3:d5:1f:62:5b:10:71:50:15:fd:e7:ee:
                    b7:34:19:d1:95:51:2f:fa:4e:90:40:90:e4:c8:1d:
                    e5:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:86:8B:AA:DB:0F:51:BF:BF:22:A7:EB:92:9F:E4:4C:EC:B5:CB:86
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS7029.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.244.0-46.236.251.255

    Signature Algorithm: sha256WithRSAEncryption
         6f:7e:ad:29:4f:d9:7e:fd:09:2c:6b:bf:92:76:68:e0:02:f9:
         56:23:69:d3:b7:fd:4a:d9:ba:a7:b8:17:b9:28:65:9c:e6:f0:
         c2:63:a2:06:f6:1c:25:58:bb:2c:77:52:02:dc:54:2a:6c:f4:
         51:48:57:09:7f:89:1a:8c:7e:96:84:b9:e3:59:ad:5a:cb:0a:
         4f:9a:7c:e2:3c:11:48:ad:c9:08:09:da:0b:5b:3e:9d:69:3b:
         ef:93:c6:18:be:e4:ef:3c:fa:11:8e:f2:ee:d2:5a:68:e2:cd:
         75:95:9a:06:43:6a:dd:de:45:eb:18:0b:fe:fa:8f:04:b8:29:
         b8:9c:8b:53:21:96:a3:49:cd:79:dd:b2:64:d6:c0:ca:04:9b:
         38:b7:aa:93:34:e6:d8:d0:1e:f8:36:fb:b8:3f:1a:12:9c:dc:
         aa:15:f9:dd:6c:91:37:57:cd:c9:93:6a:09:5d:af:6a:88:d6:
         3f:af:c2:a3:71:6a:b3:b3:c9:8f:b4:3c:32:e2:03:9e:0f:14:
         bd:93:72:93:78:ac:a5:14:9d:aa:59:16:80:a5:10:eb:fe:32:
         02:29:f3:db:94:70:e6:37:31:e7:fe:1f:91:54:23:79:0d:12:
         21:67:97:29:24:ae:98:c3:d8:d3:4b:c4:b6:d7:36:ca:5c:cb:
         73:c4:58:f5
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUeD972ZzuOgCVJT6qIO82vwBC4u8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTNaFw0yNjA5MjkxMDAzMTNaMDMxMTAvBgNV
BAMTKERGODY4QkFBREIwRjUxQkZCRjIyQTdFQjkyOUZFNDRDRUNCNUNCODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO2MbqNI5owlLAT8RhpLuMChtn
ra4D+fSXHGoKgNW//n9hpseYlCnqVQxTy0wJY6vcaIDQga7uOrANpbOQdQZ+Ua/W
x7HPZITAkdAlpwzs2N3SEdsFJ+qZXgLMTKe53XTLHurB8VBOlD1iKopo/kMls1Fo
4jKXl5s4pDthkCVbLHCWmGmDd8rzsEydaI584nRbuNttL/X+tSMgXf5ruEdC5FZd
ec8FIzDfqkM/Ou39eGWvhhrINMR4oc2j+4iFeV/wdpT7x5wWU4W878epPKhbvUlq
pUq3zXiaxb1THsiUqZCKBMPVH2JbEHFQFf3n7rc0GdGVUS/6TpBAkOTIHeUJAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU34aLqtsPUb+/Iqfrkp/kTOy1y4YwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTNzAyOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAnBggrBgEFBQcBBwEB/wQYMBYwFAQCAAEwDjAMAwQCLuz0
AwQCLuz4MA0GCSqGSIb3DQEBCwUAA4IBAQBvfq0pT9l+/Qksa7+SdmjgAvlWI2nT
t/1K2bqnuBe5KGWc5vDCY6IG9hwlWLssd1IC3FQqbPRRSFcJf4kajH6WhLnjWa1a
ywpPmnziPBFIrckICdoLWz6daTvvk8YYvuTvPPoRjvLu0lpo4s11lZoGQ2rd3kXr
GAv++o8EuCm4nItTIZajSc153bJk1sDKBJs4t6qTNObY0B74Nvu4PxoSnNyqFfnd
bJE3V83Jk2oJXa9qiNY/r8KjcWqzs8mPtDwy4gOeDxS9k3KTeKylFJ2qWRaApRDr
/jICKfPblHDmNzHn/h+RVCN5DRIhZ5cpJK6Yw9jTS8S21zbKXMtzxFj1
-----END CERTIFICATE-----