Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS7029.roa
File:                     AS7029.roa (raw, json)
Hash identifier:          SwDb9p6b8nS2LLbNd8dbe0xqI26CHRInQV27VcbWIQc=
Subject key identifier:   B2:A5:C8:83:2E:EE:7F:A9:F0:BA:55:CE:B5:E8:59:98:9F:08:6E:01
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6C9F9071481C850A109F9C86EC15BCE89DCF1919
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS7029.roa
Signing time:             Fri 10 Jan 2025 00:02:02 +0000
ROA not before:           Thu 09 Jan 2025 23:57:02 +0000
ROA not after:            Fri 09 Jan 2026 00:02:02 +0000
asID:                     7029
IP address blocks:        191.101.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:9f:90:71:48:1c:85:0a:10:9f:9c:86:ec:15:bc:e8:9d:cf:19:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  9 23:57:02 2025 GMT
            Not After : Jan  9 00:02:02 2026 GMT
        Subject: CN=B2A5C8832EEE7FA9F0BA55CEB5E859989F086E01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d3:e6:be:a9:f0:9a:ae:31:e8:6a:f5:9b:66:
                    3c:fa:09:13:c1:c8:73:28:6e:0b:47:74:34:1c:19:
                    5f:f9:f8:9b:5a:b9:33:60:c2:59:d6:9e:4d:48:5b:
                    b5:bc:8d:2a:55:c6:07:eb:55:70:84:16:79:a4:51:
                    1b:09:79:29:88:89:4c:0a:fc:bf:80:8d:07:e5:d6:
                    9c:08:0a:ce:ad:f7:41:09:a8:bc:d9:8f:bb:1e:88:
                    88:d2:b3:02:03:b1:54:46:7e:36:c9:f2:4b:7e:07:
                    41:1b:21:f0:2a:92:3c:1c:f4:12:83:b9:60:ca:69:
                    3c:a7:46:e7:6d:1f:74:4a:86:9d:55:bc:4f:84:a2:
                    92:d2:e9:c6:ad:4e:5c:13:7a:8d:e8:3c:c7:46:65:
                    c9:d5:df:e2:da:6a:6a:79:f9:e3:50:a5:a7:9d:ff:
                    12:b6:13:42:6b:c0:b0:13:75:21:ac:f1:8b:71:b9:
                    56:63:b5:4c:c3:86:15:73:5b:eb:80:f4:33:20:09:
                    9c:5d:1b:fa:8d:e9:19:0c:9c:27:f5:b5:14:1c:ca:
                    48:ae:bb:fa:43:b1:86:4b:c9:c7:43:7f:dd:e1:d4:
                    93:48:9f:61:fe:97:27:db:a9:d7:10:18:74:72:2f:
                    e2:70:9f:72:27:39:fb:d4:0c:62:5a:2e:94:6a:80:
                    88:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:A5:C8:83:2E:EE:7F:A9:F0:BA:55:CE:B5:E8:59:98:9F:08:6E:01
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS7029.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:ff:4f:7a:c6:40:78:b5:ad:9a:f6:1f:c4:55:fe:3a:b2:ac:
         cf:51:57:aa:32:ac:ae:1d:ab:17:ca:25:ce:73:b8:b6:69:f8:
         9b:8a:c4:5a:dd:e3:62:c9:a7:e1:c9:49:95:2c:ec:c5:15:15:
         42:1c:66:6b:6b:7d:45:94:d6:a9:37:bd:31:d5:88:9b:01:24:
         51:8c:e2:c7:79:4d:56:0c:5f:d2:13:9a:c5:0b:c0:2d:c4:3e:
         24:ae:8a:6f:e2:87:af:e6:7e:d2:98:38:75:ab:35:ce:b4:e3:
         20:b1:70:54:0f:29:5c:7b:74:52:87:e3:7d:58:0b:e6:7d:c9:
         db:09:26:5b:8e:17:79:f0:4e:3f:37:2f:7f:12:a9:48:90:4b:
         61:1a:0f:d9:52:37:31:ea:5e:e2:e6:4f:d0:e8:9f:d9:c3:26:
         36:e2:e7:e1:d3:f7:89:41:ca:b7:5f:25:cf:6b:48:44:4c:7e:
         78:41:f8:b4:f9:31:f0:b9:5c:f6:7a:b5:fe:10:75:3a:0c:5d:
         a2:c5:2e:88:1e:43:67:9b:54:77:2b:2b:e1:69:d3:32:7f:93:
         95:f9:f1:eb:07:44:50:3e:70:6f:fd:e8:02:88:8a:32:73:1e:
         31:f4:99:d1:70:59:9b:23:b1:b7:1c:27:56:0c:ee:e5:d6:c7:
         ac:b1:a2:fc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUbJ+QcUgchQoQn5yG7BW86J3PGRkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDkyMzU3MDJaFw0yNjAxMDkwMDAyMDJaMDMxMTAvBgNV
BAMTKEIyQTVDODgzMkVFRTdGQTlGMEJBNTVDRUI1RTg1OTk4OUYwODZFMDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz0+a+qfCarjHoavWbZjz6CRPB
yHMobgtHdDQcGV/5+JtauTNgwlnWnk1IW7W8jSpVxgfrVXCEFnmkURsJeSmIiUwK
/L+AjQfl1pwICs6t90EJqLzZj7seiIjSswIDsVRGfjbJ8kt+B0EbIfAqkjwc9BKD
uWDKaTynRudtH3RKhp1VvE+EopLS6catTlwTeo3oPMdGZcnV3+Laamp5+eNQpaed
/xK2E0JrwLATdSGs8YtxuVZjtUzDhhVzW+uA9DMgCZxdG/qN6RkMnCf1tRQcykiu
u/pDsYZLycdDf93h1JNIn2H+lyfbqdcQGHRyL+Jwn3InOfvUDGJaLpRqgIjdAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUsqXIgy7uf6nwulXOtehZmJ8IbgEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNzAyOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAL9lGzAN
BgkqhkiG9w0BAQsFAAOCAQEArP9PesZAeLWtmvYfxFX+OrKsz1FXqjKsrh2rF8ol
znO4tmn4m4rEWt3jYsmn4clJlSzsxRUVQhxma2t9RZTWqTe9MdWImwEkUYzix3lN
Vgxf0hOaxQvALcQ+JK6Kb+KHr+Z+0pg4das1zrTjILFwVA8pXHt0UofjfVgL5n3J
2wkmW44XefBOPzcvfxKpSJBLYRoP2VI3Mepe4uZP0Oif2cMmNuLn4dP3iUHKt18l
z2tIREx+eEH4tPkx8Llc9nq1/hB1OgxdosUuiB5DZ5tUdysr4WnTMn+Tlfnx6wdE
UD5wb/3oAoiKMnMeMfSZ0XBZmyOxtxwnVgzu5dbHrLGi/A==
-----END CERTIFICATE-----