Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS7029.roa
File:                     AS7029.roa (raw, json)
Hash identifier:          sD43QDbg0M1ujz8FBgk2sJ0CHOwsJtRUGZ+I7UN+Pe4=
Subject key identifier:   74:A1:B3:CE:B9:60:13:B1:BB:0C:AB:9A:86:4C:77:43:0C:9F:8D:54
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       73A775D6154491C582F29BFB25B993642DB15516
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS7029.roa
Signing time:             Wed 09 Apr 2025 12:53:13 +0000
ROA not before:           Wed 09 Apr 2025 12:48:13 +0000
ROA not after:            Wed 08 Apr 2026 12:53:13 +0000
asID:                     7029
IP address blocks:        85.8.156.0/22 maxlen: 22
                          193.187.108.0/22 maxlen: 22
                          213.139.224.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:a7:75:d6:15:44:91:c5:82:f2:9b:fb:25:b9:93:64:2d:b1:55:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Apr  9 12:48:13 2025 GMT
            Not After : Apr  8 12:53:13 2026 GMT
        Subject: CN=74A1B3CEB96013B1BB0CAB9A864C77430C9F8D54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ae:89:9b:45:09:bc:31:23:92:9f:4a:23:b9:
                    72:84:2e:77:d9:d3:cc:54:69:e6:dd:9a:bd:8b:4f:
                    c8:db:0f:3b:26:49:c0:44:c0:72:ba:99:87:b0:33:
                    f5:39:39:83:e4:1d:74:1e:56:85:21:e7:50:ed:f5:
                    39:42:5b:5e:56:78:fc:88:8c:7e:e5:32:6a:54:aa:
                    05:70:99:82:b0:48:6a:74:3f:cc:af:51:de:e8:9e:
                    3a:f5:3a:e7:0e:52:a7:08:c1:b1:78:81:dc:83:07:
                    6d:99:68:7f:1f:24:d0:e1:6a:e6:aa:18:88:24:54:
                    db:d8:66:82:fd:19:ef:43:cb:ef:6e:f1:eb:6d:28:
                    4b:35:13:31:2a:da:ed:59:36:a0:a5:b4:15:cf:ff:
                    6d:71:54:6d:96:18:d0:c2:9b:0f:39:13:b6:ce:93:
                    16:8a:56:7a:eb:ca:4a:05:eb:08:4e:d2:b2:44:cc:
                    1f:a9:9c:d1:1f:d7:47:97:fb:c5:fc:da:a3:22:af:
                    3c:46:51:1e:64:1e:6e:b4:93:f3:48:2f:74:26:fd:
                    7e:95:cd:49:cd:1d:8b:af:0f:06:27:be:20:34:6c:
                    c0:18:9e:22:22:19:ee:b3:95:5c:a5:8b:be:4c:79:
                    cb:23:3e:43:71:f6:32:9f:2d:b9:32:c5:06:fc:b9:
                    9b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:A1:B3:CE:B9:60:13:B1:BB:0C:AB:9A:86:4C:77:43:0C:9F:8D:54
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS7029.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.8.156.0/22
                  193.187.108.0/22
                  213.139.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:47:bf:90:d9:fb:6c:c2:bc:ed:21:13:6e:b7:7b:f6:24:2e:
         5a:ea:74:e2:41:18:2a:81:b5:d7:c6:f9:39:a2:49:ed:42:8c:
         1b:d9:a0:c1:0c:9d:c2:c8:af:11:df:27:c9:d6:39:6d:fc:5c:
         d6:6e:90:5a:69:f8:17:9d:41:41:27:74:8a:e2:19:b9:d1:1c:
         39:b6:be:64:3d:a4:0c:5c:6e:63:19:06:c1:de:94:2b:d6:08:
         12:d8:7f:e8:f9:74:3d:4d:2a:3a:0c:86:14:01:00:2a:5f:54:
         d4:cd:e1:02:f2:bd:72:ca:94:ea:e5:04:ee:b8:49:7f:9b:46:
         87:c1:17:89:d3:2b:90:6f:54:0f:e3:d0:c4:8e:58:06:99:b3:
         b1:4c:6d:e9:cf:c2:41:09:89:a0:e5:80:e2:7e:5c:d5:90:8e:
         a6:c6:2e:1b:eb:0b:2d:06:77:aa:fc:53:6b:43:7f:73:1d:a4:
         2d:23:46:ca:86:81:2d:43:33:89:05:fa:b9:85:ea:b4:e0:a5:
         ea:dc:7c:12:c2:c2:5c:10:0f:59:3d:09:99:99:3e:15:97:d6:
         26:1c:f9:1d:de:42:8a:a2:f3:00:53:cc:67:69:6f:bb:36:52:
         58:58:11:bd:66:8f:75:b2:1a:0c:80:9f:c0:eb:19:b7:5f:45:
         d3:2b:68:b7
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUc6d11hVEkcWC8pv7JbmTZC2xVRYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA0MDkxMjQ4MTNaFw0yNjA0MDgxMjUzMTNaMDMxMTAvBgNV
BAMTKDc0QTFCM0NFQjk2MDEzQjFCQjBDQUI5QTg2NEM3NzQzMEM5RjhENTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcrombRQm8MSOSn0ojuXKELnfZ
08xUaebdmr2LT8jbDzsmScBEwHK6mYewM/U5OYPkHXQeVoUh51Dt9TlCW15WePyI
jH7lMmpUqgVwmYKwSGp0P8yvUd7onjr1OucOUqcIwbF4gdyDB22ZaH8fJNDhauaq
GIgkVNvYZoL9Ge9Dy+9u8ettKEs1EzEq2u1ZNqCltBXP/21xVG2WGNDCmw85E7bO
kxaKVnrrykoF6whO0rJEzB+pnNEf10eX+8X82qMirzxGUR5kHm60k/NIL3Qm/X6V
zUnNHYuvDwYnviA0bMAYniIiGe6zlVyli75MecsjPkNx9jKfLbkyxQb8uZuVAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUdKGzzrlgE7G7DKuahkx3QwyfjVQwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTNzAyOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAlUInAME
AsG7bAMEAtWL4DANBgkqhkiG9w0BAQsFAAOCAQEAfUe/kNn7bMK87SETbrd79iQu
Wup04kEYKoG118b5OaJJ7UKMG9mgwQydwsivEd8nydY5bfxc1m6QWmn4F51BQSd0
iuIZudEcOba+ZD2kDFxuYxkGwd6UK9YIEth/6Pl0PU0qOgyGFAEAKl9U1M3hAvK9
csqU6uUE7rhJf5tGh8EXidMrkG9UD+PQxI5YBpmzsUxt6c/CQQmJoOWA4n5c1ZCO
psYuG+sLLQZ3qvxTa0N/cx2kLSNGyoaBLUMziQX6uYXqtOCl6tx8EsLCXBAPWT0J
mZk+FZfWJhz5Hd5CiqLzAFPMZ2lvuzZSWFgRvWaPdbIaDICfwOsZt19F0ytotw==
-----END CERTIFICATE-----