Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS7029.roa
File:                     AS7029.roa (raw, json)
Hash identifier:          SOsFVPlNiWmLjbMopgqTN/LBMeNRJodRXmRxzg3nQ1w=
Subject key identifier:   40:FB:49:B4:0D:65:65:13:AB:1D:9E:25:3C:C8:AC:88:5F:F5:63:34
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1AC02125B2018EB1819C56F6290D4212FB81E411
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS7029.roa
Signing time:             Tue 05 Nov 2024 19:47:53 +0000
ROA not before:           Tue 05 Nov 2024 19:42:53 +0000
ROA not after:            Tue 04 Nov 2025 19:47:53 +0000
asID:                     7029
IP address blocks:        176.105.227.0/24 maxlen: 24
                          193.151.181.0/24 maxlen: 24
                          194.113.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:c0:21:25:b2:01:8e:b1:81:9c:56:f6:29:0d:42:12:fb:81:e4:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov  5 19:42:53 2024 GMT
            Not After : Nov  4 19:47:53 2025 GMT
        Subject: CN=40FB49B40D656513AB1D9E253CC8AC885FF56334
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2a:3f:34:5b:be:f9:03:68:d6:e6:48:84:f4:
                    51:ee:5e:db:69:0c:e3:c4:d9:6c:c7:8d:76:03:e3:
                    7a:e0:80:64:d9:9d:0f:7c:11:45:22:e6:6a:47:30:
                    fc:a6:3d:85:48:63:a8:38:ec:61:4f:4d:23:4b:d9:
                    aa:19:df:c8:90:c2:0c:c1:40:b4:7e:ea:5f:ce:f7:
                    05:64:83:a3:68:b0:08:6c:b2:00:13:dc:60:de:29:
                    8d:e8:9a:98:b1:d5:66:4d:65:a5:84:09:78:af:8d:
                    4d:13:9d:97:47:f8:46:fa:ee:53:6f:8b:74:f9:a6:
                    12:77:e4:97:53:ba:6f:06:64:0d:e5:fa:cc:ff:8d:
                    d1:e9:dd:d8:5e:43:0e:c4:4f:05:ce:e3:a3:1a:db:
                    73:c0:0b:94:5c:44:aa:ca:1c:7a:b1:e0:ca:fe:05:
                    ae:af:30:0f:4d:1a:38:ae:30:ae:58:8b:34:e5:81:
                    f9:74:84:e5:2b:8f:4d:23:14:01:1b:0a:b6:03:61:
                    a8:60:93:97:9c:63:4e:5e:57:e5:7d:6d:fd:bc:7c:
                    21:64:33:62:39:37:ca:9b:c4:dc:4a:13:1d:54:a9:
                    d2:af:62:d0:80:1d:3f:92:18:7c:55:df:55:4f:45:
                    58:41:54:30:e6:b4:2c:96:73:33:1e:20:f8:46:eb:
                    42:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:FB:49:B4:0D:65:65:13:AB:1D:9E:25:3C:C8:AC:88:5F:F5:63:34
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS7029.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.105.227.0/24
                  193.151.181.0/24
                  194.113.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:1d:58:5a:a3:37:4f:53:e2:98:bb:3f:a5:4b:b3:56:fd:8b:
         be:57:bc:0a:3e:c9:eb:75:ab:27:6a:6b:38:d3:c2:1f:84:66:
         f5:9b:ad:f4:0b:5b:13:d7:a3:f0:f8:ba:5f:88:c5:07:8c:a2:
         f6:99:31:e8:42:34:40:0f:a6:13:d4:98:6d:1a:df:1d:17:84:
         c6:06:39:2e:d7:23:47:59:02:bc:1e:36:65:81:3e:1b:3b:bf:
         6d:e9:f3:a9:38:f9:4a:fd:64:f0:a5:8c:a7:6a:13:ec:48:9b:
         ad:11:0a:11:2b:cd:d1:9f:1b:c4:f7:0e:f3:21:31:e1:05:ad:
         96:eb:97:09:3f:58:dc:85:b6:ac:ff:4c:05:5c:2a:12:44:2c:
         06:cc:ec:52:1c:c2:e9:3e:4d:34:2a:cb:ad:24:39:bd:ac:15:
         65:41:9c:99:1a:b4:b4:65:34:8d:dc:db:a7:61:72:2c:8a:1d:
         e5:30:dc:9a:7d:50:0f:02:b5:06:fe:c0:3f:ed:9d:05:61:b5:
         b8:ce:8e:50:19:fc:06:6c:bb:a2:f6:53:54:12:c3:38:d9:58:
         ab:27:6c:33:dc:7f:1e:c8:a1:5f:6e:2a:2c:f4:e8:e9:f5:10:
         e9:6f:e8:ea:d5:af:f3:96:28:f5:d6:c9:24:62:4e:20:56:0a:
         cb:13:ed:39
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUGsAhJbIBjrGBnFb2KQ1CEvuB5BEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDExMDUxOTQyNTNaFw0yNTExMDQxOTQ3NTNaMDMxMTAvBgNV
BAMTKDQwRkI0OUI0MEQ2NTY1MTNBQjFEOUUyNTNDQzhBQzg4NUZGNTYzMzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIKj80W775A2jW5kiE9FHuXttp
DOPE2WzHjXYD43rggGTZnQ98EUUi5mpHMPymPYVIY6g47GFPTSNL2aoZ38iQwgzB
QLR+6l/O9wVkg6NosAhssgAT3GDeKY3ompix1WZNZaWECXivjU0TnZdH+Eb67lNv
i3T5phJ35JdTum8GZA3l+sz/jdHp3dheQw7ETwXO46Ma23PAC5RcRKrKHHqx4Mr+
Ba6vMA9NGjiuMK5YizTlgfl0hOUrj00jFAEbCrYDYahgk5ecY05eV+V9bf28fCFk
M2I5N8qbxNxKEx1UqdKvYtCAHT+SGHxV31VPRVhBVDDmtCyWczMeIPhG60I/AgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUQPtJtA1lZROrHZ4lPMisiF/1YzQwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNzAyOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEALBp4wME
AMGXtQMEAMJx4jANBgkqhkiG9w0BAQsFAAOCAQEAgR1YWqM3T1PimLs/pUuzVv2L
vle8Cj7J63WrJ2prONPCH4Rm9Zut9AtbE9ej8Pi6X4jFB4yi9pkx6EI0QA+mE9SY
bRrfHReExgY5LtcjR1kCvB42ZYE+Gzu/benzqTj5Sv1k8KWMp2oT7EibrREKESvN
0Z8bxPcO8yEx4QWtluuXCT9Y3IW2rP9MBVwqEkQsBszsUhzC6T5NNCrLrSQ5vawV
ZUGcmRq0tGU0jdzbp2FyLIod5TDcmn1QDwK1Bv7AP+2dBWG1uM6OUBn8Bmy7ovZT
VBLDONlYqydsM9x/HsihX24qLPTo6fUQ6W/o6tWv85Yo9dbJJGJOIFYKyxPtOQ==
-----END CERTIFICATE-----