Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS7029.roa
File:                     AS7029.roa (raw, json)
Hash identifier:          lh1KG2ZmUijQKH1Y4tIqoK6Mw39I8LgHdwFU6kjv2sk=
Subject key identifier:   92:89:EE:F9:97:10:92:E7:76:81:2C:2A:A3:E3:67:80:E3:F8:6D:0E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       41E6C5B21E22CE4CDDCBD159D65CD656E4B10010
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS7029.roa
Signing time:             Tue 05 Nov 2024 19:47:52 +0000
ROA not before:           Tue 05 Nov 2024 19:42:52 +0000
ROA not after:            Tue 04 Nov 2025 19:47:52 +0000
asID:                     7029
IP address blocks:        181.214.39.0/24 maxlen: 24
                          191.96.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:e6:c5:b2:1e:22:ce:4c:dd:cb:d1:59:d6:5c:d6:56:e4:b1:00:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov  5 19:42:52 2024 GMT
            Not After : Nov  4 19:47:52 2025 GMT
        Subject: CN=9289EEF9971092E776812C2AA3E36780E3F86D0E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8e:fb:66:1d:0b:14:b5:5c:43:8e:32:7d:c4:
                    dc:43:57:68:80:ae:98:e4:f5:93:79:41:05:63:4e:
                    79:f5:9f:18:66:7f:87:4a:c5:99:bf:43:5a:71:f6:
                    85:36:9b:8f:e3:0a:3b:a2:08:b4:00:0e:fa:55:ee:
                    be:49:74:6d:0c:c3:15:4f:57:7b:4b:34:b6:a9:79:
                    5b:27:f1:28:7a:4d:31:1a:a7:7e:11:f6:a2:89:88:
                    64:1a:76:b1:9f:30:25:80:30:c8:e0:03:7b:7b:c2:
                    4f:3d:0f:ea:f5:19:58:b1:36:8b:f5:c2:ca:d2:f0:
                    01:fc:60:3e:aa:40:32:8f:7b:0a:89:7a:55:fc:ab:
                    3e:be:cd:f0:20:c1:41:8a:ed:d0:ad:43:c0:38:7e:
                    d3:c4:42:c0:42:30:43:55:a2:7b:9a:e4:80:f6:92:
                    2d:ae:ab:ed:c0:1c:c2:0c:73:7c:73:6d:e3:77:42:
                    a5:e0:83:7f:5b:13:a5:37:a0:c6:97:f1:9a:8a:45:
                    64:0e:7a:66:fd:53:c8:9e:7d:ef:56:23:e6:9d:58:
                    40:62:b9:d1:84:f7:86:2c:78:4f:cc:b9:10:aa:7f:
                    19:69:5d:f8:87:e5:7d:f9:50:cc:e8:2e:38:c1:62:
                    f9:ef:da:16:85:47:9e:ce:d3:16:93:25:11:65:e0:
                    e9:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:89:EE:F9:97:10:92:E7:76:81:2C:2A:A3:E3:67:80:E3:F8:6D:0E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS7029.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.39.0/24
                  191.96.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:e9:68:66:16:7b:d3:ca:7a:04:23:f9:f6:1a:d4:c2:75:37:
         ec:1d:02:bc:b0:84:4a:51:5e:5e:70:21:25:2f:5e:06:a6:4a:
         cd:bf:23:ab:24:84:cb:8e:60:7f:54:2c:e5:d9:3d:50:db:fa:
         b3:92:16:30:c9:a3:45:88:85:e8:41:af:dd:cf:4a:f3:f2:71:
         ee:b1:1f:0e:dd:95:32:be:aa:11:d4:0d:96:9d:7a:c7:24:52:
         37:93:38:59:36:87:04:64:61:67:c8:46:4b:75:e7:46:36:e7:
         75:1b:83:e0:03:d3:2a:06:f4:d0:01:b9:fd:de:90:a9:82:72:
         46:aa:2d:3e:68:32:38:93:3a:cf:a9:b3:28:fd:e9:d3:90:48:
         16:e3:8e:a9:a4:60:d2:38:64:e4:f5:6d:59:4a:aa:aa:8c:54:
         b5:dd:d0:60:b7:f0:3b:dc:ed:7c:6f:f9:25:2d:71:f6:e3:43:
         e9:7c:17:3e:c9:2f:de:3c:ba:23:20:f4:cf:44:0e:d0:dd:50:
         65:1c:d0:e9:e9:70:83:9f:91:7f:4b:57:8e:48:46:b8:c8:cc:
         42:b0:bd:16:98:dc:a7:f4:3b:b0:1e:e7:e3:6c:29:73:66:12:
         f1:2a:af:eb:95:a2:ff:24:2b:a7:4b:14:14:b2:57:f4:04:d4:
         6d:8b:79:85
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUQebFsh4izkzdy9FZ1lzWVuSxABAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDExMDUxOTQyNTJaFw0yNTExMDQxOTQ3NTJaMDMxMTAvBgNV
BAMTKDkyODlFRUY5OTcxMDkyRTc3NjgxMkMyQUEzRTM2NzgwRTNGODZEMEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHjvtmHQsUtVxDjjJ9xNxDV2iA
rpjk9ZN5QQVjTnn1nxhmf4dKxZm/Q1px9oU2m4/jCjuiCLQADvpV7r5JdG0MwxVP
V3tLNLapeVsn8Sh6TTEap34R9qKJiGQadrGfMCWAMMjgA3t7wk89D+r1GVixNov1
wsrS8AH8YD6qQDKPewqJelX8qz6+zfAgwUGK7dCtQ8A4ftPEQsBCMENVonua5ID2
ki2uq+3AHMIMc3xzbeN3QqXgg39bE6U3oMaX8ZqKRWQOemb9U8iefe9WI+adWEBi
udGE94YseE/MuRCqfxlpXfiH5X35UMzoLjjBYvnv2haFR57O0xaTJRFl4OnHAgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQUkonu+ZcQkud2gSwqo+NngOP4bQ4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNzAyOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEALXWJwME
AL9gGzANBgkqhkiG9w0BAQsFAAOCAQEAYeloZhZ708p6BCP59hrUwnU37B0CvLCE
SlFeXnAhJS9eBqZKzb8jqySEy45gf1Qs5dk9UNv6s5IWMMmjRYiF6EGv3c9K8/Jx
7rEfDt2VMr6qEdQNlp16xyRSN5M4WTaHBGRhZ8hGS3XnRjbndRuD4APTKgb00AG5
/d6QqYJyRqotPmgyOJM6z6mzKP3p05BIFuOOqaRg0jhk5PVtWUqqqoxUtd3QYLfw
O9ztfG/5JS1x9uND6XwXPskv3jy6IyD0z0QO0N1QZRzQ6elwg5+Rf0tXjkhGuMjM
QrC9Fpjcp/Q7sB7n42wpc2YS8Sqv65Wi/yQrp0sUFLJX9ATUbYt5hQ==
-----END CERTIFICATE-----