Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29066.roa
File:                     AS29066.roa (raw, json)
Hash identifier:          IneMBwZX2neFuHOW/Cqii7gdPt9Wk8R5JMaZ4ItcJzk=
Subject key identifier:   4C:35:6E:93:00:EE:98:11:9E:2F:A3:8D:6D:A1:99:DA:9B:CE:AD:46
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       22E8F41BEA4CF2265F0F50E0862CF56DD6FF7287
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29066.roa
Signing time:             Wed 07 May 2025 08:54:07 +0000
ROA not before:           Wed 07 May 2025 08:49:07 +0000
ROA not after:            Wed 06 May 2026 08:54:07 +0000
asID:                     29066
IP address blocks:        141.11.54.0/23 maxlen: 23
                          141.11.162.0/23 maxlen: 23
                          141.11.206.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 21:31:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:e8:f4:1b:ea:4c:f2:26:5f:0f:50:e0:86:2c:f5:6d:d6:ff:72:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  7 08:49:07 2025 GMT
            Not After : May  6 08:54:07 2026 GMT
        Subject: CN=4C356E9300EE98119E2FA38D6DA199DA9BCEAD46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c7:e2:b9:31:d0:b8:2f:16:96:d4:8f:8e:14:
                    fc:1f:4e:73:51:e3:ea:60:e5:04:45:bb:4c:81:93:
                    27:d1:bf:75:9a:ae:34:a4:0a:c8:f1:e5:7f:87:17:
                    c1:ac:01:c6:01:fc:9d:33:23:e6:03:9b:b8:ed:0d:
                    de:c8:fd:92:77:95:d7:e2:26:20:54:8d:63:47:68:
                    d1:d3:b5:41:f5:bf:22:85:08:dc:cf:e5:46:c5:ef:
                    26:19:62:ae:d3:cb:55:03:b3:5c:4a:fe:97:60:13:
                    d0:8f:2a:24:6a:14:66:e6:46:24:21:ac:b9:4d:d0:
                    43:05:ea:aa:04:6f:cb:36:f4:aa:58:f7:ad:58:a8:
                    8b:f1:80:0f:67:5c:aa:2f:6c:42:36:6a:e0:0a:e4:
                    b1:9f:79:9c:ca:e4:d6:f5:c1:c9:f6:18:ea:c9:2b:
                    24:ac:5a:cb:a2:00:0d:cc:a4:66:a9:a2:4b:1b:39:
                    bd:80:8e:89:c3:cd:1b:a8:0b:33:d0:52:68:de:6e:
                    c6:93:44:60:c2:62:0e:41:ac:cf:c8:23:02:a9:c3:
                    b4:a4:d1:e8:4c:20:91:2e:cd:e7:96:0b:93:e7:93:
                    05:1e:e5:6b:46:60:af:12:6b:a6:59:c8:2a:16:91:
                    e4:e3:af:d8:40:0c:18:26:a3:c7:54:42:14:0f:3c:
                    8d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:35:6E:93:00:EE:98:11:9E:2F:A3:8D:6D:A1:99:DA:9B:CE:AD:46
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29066.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.54.0/23
                  141.11.162.0/23
                  141.11.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:9e:f0:b1:db:cc:e6:3f:a0:7e:81:bd:a3:3c:c0:93:3c:53:
         d3:79:33:b4:48:ff:87:19:9d:59:bf:81:41:91:b5:34:59:21:
         7d:c9:66:1d:22:fc:4b:d4:bc:ac:5b:40:e1:be:12:76:6c:23:
         c3:1d:49:bc:72:c0:59:4a:13:a8:0f:28:0c:6d:76:12:58:ac:
         36:5f:7c:f3:cc:0d:05:67:e3:11:b9:c1:c7:dc:ed:c3:db:02:
         08:bf:4f:50:87:71:0a:ca:57:01:4e:d7:70:7c:73:42:de:82:
         e2:f1:56:c0:a1:63:25:7d:f7:51:7a:a3:ca:35:b2:0a:14:39:
         4b:39:92:94:a3:94:f7:b2:6a:73:b8:6a:cf:c8:18:8a:c2:78:
         e1:7d:df:78:7d:c6:0d:1a:25:b9:f8:2c:4c:08:ff:20:ac:f6:
         4b:9e:ff:01:ea:f1:18:c7:25:f5:02:c0:d1:f9:fb:61:1a:95:
         3f:14:42:95:7b:4d:e1:c2:61:b6:31:6d:3e:25:89:48:f8:ac:
         5c:3a:69:45:3a:ad:fa:4d:f8:a8:23:0a:7a:a8:44:6a:09:dd:
         92:f6:ee:c3:00:26:20:55:5f:18:b0:86:e0:ba:82:62:0b:b5:
         d6:53:97:3f:44:c5:ec:d1:df:d6:d6:4e:69:f7:a7:83:87:bd:
         f6:76:de:a8
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUIuj0G+pM8iZfD1Dghiz1bdb/cocwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA1MDcwODQ5MDdaFw0yNjA1MDYwODU0MDdaMDMxMTAvBgNV
BAMTKDRDMzU2RTkzMDBFRTk4MTE5RTJGQTM4RDZEQTE5OURBOUJDRUFENDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFx+K5MdC4LxaW1I+OFPwfTnNR
4+pg5QRFu0yBkyfRv3WarjSkCsjx5X+HF8GsAcYB/J0zI+YDm7jtDd7I/ZJ3ldfi
JiBUjWNHaNHTtUH1vyKFCNzP5UbF7yYZYq7Ty1UDs1xK/pdgE9CPKiRqFGbmRiQh
rLlN0EMF6qoEb8s29KpY961YqIvxgA9nXKovbEI2auAK5LGfeZzK5Nb1wcn2GOrJ
KySsWsuiAA3MpGapoksbOb2AjonDzRuoCzPQUmjebsaTRGDCYg5BrM/IIwKpw7Sk
0ehMIJEuzeeWC5PnkwUe5WtGYK8Sa6ZZyCoWkeTjr9hADBgmo8dUQhQPPI0/AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUTDVukwDumBGeL6ONbaGZ2pvOrUYwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjkwNjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAGNCzYD
BAGNC6IDBAGNC84wDQYJKoZIhvcNAQELBQADggEBAJSe8LHbzOY/oH6BvaM8wJM8
U9N5M7RI/4cZnVm/gUGRtTRZIX3JZh0i/EvUvKxbQOG+EnZsI8MdSbxywFlKE6gP
KAxtdhJYrDZffPPMDQVn4xG5wcfc7cPbAgi/T1CHcQrKVwFO13B8c0LeguLxVsCh
YyV991F6o8o1sgoUOUs5kpSjlPeyanO4as/IGIrCeOF933h9xg0aJbn4LEwI/yCs
9kue/wHq8RjHJfUCwNH5+2EalT8UQpV7TeHCYbYxbT4liUj4rFw6aUU6rfpN+Kgj
CnqoRGoJ3ZL27sMAJiBVXxiwhuC6gmILtdZTlz9ExezR39bWTmn3p4OHvfZ23qg=
-----END CERTIFICATE-----