Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29066.roa
File:                     AS29066.roa (raw, json)
Hash identifier:          GgGj5eMGxbz2igcEf08wtf2p1DEn07yalSIWZYbnpEU=
Subject key identifier:   40:EE:AA:12:CC:E7:8A:25:CD:CF:29:2A:70:D5:57:97:49:9B:BA:9B
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       70B687099322B1974FFE787F85D3CA648B40A7B6
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29066.roa
Signing time:             Mon 19 Feb 2024 20:34:05 +0000
ROA not before:           Mon 19 Feb 2024 20:29:05 +0000
ROA not after:            Mon 17 Feb 2025 20:34:05 +0000
asID:                     29066
IP address blocks:        141.11.206.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:b6:87:09:93:22:b1:97:4f:fe:78:7f:85:d3:ca:64:8b:40:a7:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 19 20:29:05 2024 GMT
            Not After : Feb 17 20:34:05 2025 GMT
        Subject: CN=40EEAA12CCE78A25CDCF292A70D55797499BBA9B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7b:99:d8:e5:de:a7:5d:b3:a2:66:fd:38:08:
                    e9:e5:0f:41:41:9f:1d:58:88:41:2a:f5:30:97:bf:
                    b6:35:c1:b0:fd:c3:45:df:21:96:a2:b0:bf:81:d6:
                    f0:a3:74:7e:e3:b3:22:85:9d:06:5a:de:bc:59:93:
                    4c:6a:b1:a7:03:b5:59:0f:08:ce:ae:24:81:c5:db:
                    83:c7:4d:6a:d9:4e:7d:94:13:33:40:76:5a:af:f9:
                    14:c6:c3:94:d1:b9:32:a0:e9:ba:9a:12:65:af:b8:
                    2e:91:75:0c:3a:a3:8e:d6:d3:e1:7e:c3:40:c6:c9:
                    35:75:7d:49:45:87:a0:32:f7:81:9a:cf:ab:15:96:
                    50:0e:a3:99:c9:ba:68:01:75:9d:7e:cb:cd:15:60:
                    e6:8c:ee:df:cb:ad:6b:96:2f:44:82:57:c0:13:31:
                    f3:b2:f8:6f:d8:75:b3:2f:86:ef:b9:55:89:f6:22:
                    c2:86:a9:7f:34:2d:9a:a7:01:78:d9:c1:e5:c2:06:
                    c6:04:ac:55:7f:33:c4:0c:4e:34:0c:e1:07:5b:8f:
                    84:00:b6:14:a0:23:69:dd:1a:ae:32:20:2a:db:01:
                    24:48:56:39:8a:ef:dc:1c:18:e8:27:10:61:13:7b:
                    b8:e5:7e:5b:f8:1a:f9:26:16:ad:c6:67:04:bf:3d:
                    55:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:EE:AA:12:CC:E7:8A:25:CD:CF:29:2A:70:D5:57:97:49:9B:BA:9B
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29066.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:fc:01:31:47:db:b9:a0:15:d6:b1:36:96:f5:1a:45:36:0b:
         2f:b3:d4:ca:52:10:e0:51:a9:44:ac:14:5d:8a:13:f0:ae:f0:
         32:64:cc:0b:5e:5f:bb:f1:48:fd:0e:b4:76:2f:77:16:c2:71:
         ec:cb:84:55:fd:d0:61:80:dd:27:b2:aa:d6:65:8c:37:67:d0:
         f8:82:93:c6:26:6c:06:7a:c1:01:fa:f4:21:fb:87:83:57:10:
         c7:2c:e5:e0:d1:a1:46:fd:5b:e0:e1:26:24:f0:36:61:07:72:
         8e:10:e1:11:55:a2:f5:81:74:a2:c8:c8:a6:f8:2b:d9:cc:dd:
         7c:15:ad:93:39:eb:67:ae:5c:ad:c4:46:26:55:e5:ce:60:b4:
         bf:78:b0:d2:17:e8:bf:96:17:41:e4:78:4b:d2:32:ea:df:6c:
         55:19:d2:fb:20:12:43:43:61:b0:85:66:ca:79:e7:7a:77:55:
         cb:80:ae:c1:38:f8:1e:48:7c:7a:ac:e8:96:28:b4:12:9e:bd:
         f7:d9:54:10:30:07:2a:48:73:cf:c0:c5:b1:ac:67:35:8b:fb:
         b3:05:79:96:69:d3:83:a4:15:f6:ce:cf:43:13:2e:47:95:6e:
         4d:c9:4c:53:1a:ee:8f:2d:39:ae:b5:27:c7:52:bb:8b:12:8e:
         83:7b:e8:73
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUcLaHCZMisZdP/nh/hdPKZItAp7YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAyMTkyMDI5MDVaFw0yNTAyMTcyMDM0MDVaMDMxMTAvBgNV
BAMTKDQwRUVBQTEyQ0NFNzhBMjVDRENGMjkyQTcwRDU1Nzk3NDk5QkJBOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNe5nY5d6nXbOiZv04COnlD0FB
nx1YiEEq9TCXv7Y1wbD9w0XfIZaisL+B1vCjdH7jsyKFnQZa3rxZk0xqsacDtVkP
CM6uJIHF24PHTWrZTn2UEzNAdlqv+RTGw5TRuTKg6bqaEmWvuC6RdQw6o47W0+F+
w0DGyTV1fUlFh6Ay94Gaz6sVllAOo5nJumgBdZ1+y80VYOaM7t/LrWuWL0SCV8AT
MfOy+G/YdbMvhu+5VYn2IsKGqX80LZqnAXjZweXCBsYErFV/M8QMTjQM4Qdbj4QA
thSgI2ndGq4yICrbASRIVjmK79wcGOgnEGETe7jlflv4GvkmFq3GZwS/PVVTAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUQO6qEszniiXNzykqcNVXl0mbupswHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjkwNjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGNC84w
DQYJKoZIhvcNAQELBQADggEBABP8ATFH27mgFdaxNpb1GkU2Cy+z1MpSEOBRqUSs
FF2KE/Cu8DJkzAteX7vxSP0OtHYvdxbCcezLhFX90GGA3SeyqtZljDdn0PiCk8Ym
bAZ6wQH69CH7h4NXEMcs5eDRoUb9W+DhJiTwNmEHco4Q4RFVovWBdKLIyKb4K9nM
3XwVrZM562euXK3ERiZV5c5gtL94sNIX6L+WF0HkeEvSMurfbFUZ0vsgEkNDYbCF
Zsp553p3VcuArsE4+B5IfHqs6JYotBKevffZVBAwBypIc8/AxbGsZzWL+7MFeZZp
04OkFfbOz0MTLkeVbk3JTFMa7o8tOa61J8dSu4sSjoN76HM=
-----END CERTIFICATE-----