Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS29802.roa
File:                     AS29802.roa (raw, json)
Hash identifier:          yFv5EnF5eaqHrw2Jkrc5iSdMlj0lIHv4gNah9tXViYY=
Subject key identifier:   F2:A2:49:F7:58:23:2C:E7:07:D1:FF:9D:8E:34:95:DA:D5:12:EB:9E
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0190145C0BC804E125612493FBD87AAB34688C05
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS29802.roa
Signing time:             Fri 07 Feb 2025 00:01:53 +0000
ROA not before:           Thu 06 Feb 2025 23:56:53 +0000
ROA not after:            Fri 06 Feb 2026 00:01:53 +0000
asID:                     29802
IP address blocks:        193.176.129.0/24 maxlen: 24
                          194.147.6.0/24 maxlen: 24
                          194.147.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:14:5c:0b:c8:04:e1:25:61:24:93:fb:d8:7a:ab:34:68:8c:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb  6 23:56:53 2025 GMT
            Not After : Feb  6 00:01:53 2026 GMT
        Subject: CN=F2A249F758232CE707D1FF9D8E3495DAD512EB9E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:4c:95:29:85:ea:78:34:43:4e:9a:a9:4b:93:
                    f3:15:b7:78:0f:0e:5d:91:89:59:2e:22:ac:47:a7:
                    0c:8b:f0:62:31:0b:36:ac:10:7c:05:01:46:ea:28:
                    e0:fa:bf:c7:63:22:12:d7:93:4b:b3:80:c4:ec:e7:
                    f1:6f:33:38:02:fe:28:1a:d0:7c:8c:f9:2f:d1:c2:
                    15:2e:65:a8:dc:9f:08:6c:ea:e4:52:61:35:d2:cb:
                    d9:65:bf:1e:9e:31:48:7c:65:ee:88:1e:ae:52:89:
                    a2:4b:38:69:56:cb:c4:5e:3b:d8:84:3c:d9:7f:93:
                    07:f1:4b:aa:65:9c:e2:43:06:09:22:0e:8c:fc:df:
                    0d:36:55:93:89:54:93:04:17:a9:69:b1:43:d6:ba:
                    92:6d:2c:b8:eb:fa:2b:87:ee:29:97:b9:75:2d:14:
                    47:97:f7:5a:56:91:35:fb:94:f5:91:39:44:42:0a:
                    6f:ca:47:29:0b:39:d4:6a:43:53:a3:d5:39:e9:f4:
                    05:5f:5e:28:e0:66:b2:b7:cb:84:81:1b:e2:98:ba:
                    8e:b6:48:a5:65:3e:e2:19:19:3b:1f:da:7b:87:fb:
                    fe:79:23:be:3a:46:7a:5f:bb:90:77:fb:77:4e:b0:
                    3b:33:de:f7:c5:63:91:f0:12:1b:c9:17:52:5a:12:
                    c4:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:A2:49:F7:58:23:2C:E7:07:D1:FF:9D:8E:34:95:DA:D5:12:EB:9E
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS29802.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.129.0/24
                  194.147.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:74:0c:83:46:be:4a:63:52:31:31:63:02:6e:3a:5e:56:58:
         b9:6a:bb:7f:71:6e:f7:e4:79:b6:f9:ab:81:ff:0a:c2:c9:89:
         1f:5c:e2:0b:16:56:33:84:88:f4:c5:88:b6:0a:05:82:c4:9c:
         ef:d0:20:a3:b5:51:c6:58:71:26:46:42:d0:ee:ab:16:5f:27:
         89:b7:d3:95:4d:1c:e6:7b:48:c1:5a:75:09:3a:f2:40:ac:ae:
         12:b0:0a:16:2c:c2:81:51:2c:b5:78:9a:d9:be:1a:17:66:8a:
         d0:f5:1f:93:d3:de:71:16:8d:05:f1:c7:87:96:af:dc:0a:ef:
         f2:9a:55:fa:99:69:f6:e2:a6:7a:e8:50:62:b9:bf:ee:0f:6d:
         f1:e0:42:ea:d4:24:7c:d7:a6:a4:f0:1c:55:f2:ff:ae:55:0e:
         ff:de:1f:ae:de:d5:43:f1:ee:23:71:31:b5:b3:7b:ce:9b:43:
         68:ec:f8:9c:45:d0:3e:c6:ae:93:e6:75:cc:69:4d:15:9c:b0:
         af:ed:57:0d:e8:86:a0:f9:88:61:81:ec:14:35:85:27:f1:f8:
         a9:27:b9:8e:47:d1:23:8c:93:4d:b3:a0:c5:87:76:0f:33:19:
         83:46:dc:90:ce:95:16:87:ca:a4:c8:2a:4a:05:37:02:49:3e:
         58:53:79:09
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUAZAUXAvIBOElYSST+9h6qzRojAUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTAyMDYyMzU2NTNaFw0yNjAyMDYwMDAxNTNaMDMxMTAvBgNV
BAMTKEYyQTI0OUY3NTgyMzJDRTcwN0QxRkY5RDhFMzQ5NURBRDUxMkVCOUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFTJUphep4NENOmqlLk/MVt3gP
Dl2RiVkuIqxHpwyL8GIxCzasEHwFAUbqKOD6v8djIhLXk0uzgMTs5/FvMzgC/iga
0HyM+S/RwhUuZajcnwhs6uRSYTXSy9llvx6eMUh8Ze6IHq5SiaJLOGlWy8ReO9iE
PNl/kwfxS6plnOJDBgkiDoz83w02VZOJVJMEF6lpsUPWupJtLLjr+iuH7imXuXUt
FEeX91pWkTX7lPWROURCCm/KRykLOdRqQ1Oj1Tnp9AVfXijgZrK3y4SBG+KYuo62
SKVlPuIZGTsf2nuH+/55I746Rnpfu5B3+3dOsDsz3vfFY5HwEhvJF1JaEsRfAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU8qJJ91gjLOcH0f+djjSV2tUS654wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjk4MDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBADBsIED
BAHCkwYwDQYJKoZIhvcNAQELBQADggEBAFt0DINGvkpjUjExYwJuOl5WWLlqu39x
bvfkebb5q4H/CsLJiR9c4gsWVjOEiPTFiLYKBYLEnO/QIKO1UcZYcSZGQtDuqxZf
J4m305VNHOZ7SMFadQk68kCsrhKwChYswoFRLLV4mtm+GhdmitD1H5PT3nEWjQXx
x4eWr9wK7/KaVfqZafbipnroUGK5v+4PbfHgQurUJHzXpqTwHFXy/65VDv/eH67e
1UPx7iNxMbWze86bQ2js+JxF0D7GrpPmdcxpTRWcsK/tVw3ohqD5iGGB7BQ1hSfx
+KknuY5H0SOMk02zoMWHdg8zGYNG3JDOlRaHyqTIKkoFNwJJPlhTeQk=
-----END CERTIFICATE-----