Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS29802.roa
File:                     AS29802.roa (raw, json)
Hash identifier:          2uPw6arQl2RUvOAPJRuaLpcR5lzpZ2OZNUFllJx6DJM=
Subject key identifier:   11:69:6B:1F:7C:A7:B0:E1:77:E6:C5:4C:86:5F:7D:4C:4C:1D:DD:88
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2D6517811D20DE017C22EA16C049386BE64AAD82
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS29802.roa
Signing time:             Sat 31 May 2025 08:28:17 +0000
ROA not before:           Sat 31 May 2025 08:23:17 +0000
ROA not after:            Sat 30 May 2026 08:28:17 +0000
asID:                     29802
IP address blocks:        192.166.82.0/24 maxlen: 24
                          193.176.129.0/24 maxlen: 24
                          194.147.6.0/24 maxlen: 24
                          194.147.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 14:55:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:65:17:81:1d:20:de:01:7c:22:ea:16:c0:49:38:6b:e6:4a:ad:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: May 31 08:23:17 2025 GMT
            Not After : May 30 08:28:17 2026 GMT
        Subject: CN=11696B1F7CA7B0E177E6C54C865F7D4C4C1DDD88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5e:e8:de:df:6a:12:df:cf:c9:1b:e0:68:97:
                    9a:06:99:72:59:4c:c3:4f:96:29:2b:6e:ce:09:90:
                    43:fa:b0:9e:46:a4:77:92:17:34:94:a6:15:7d:e8:
                    72:e4:77:46:7c:58:2b:19:12:70:36:2c:66:87:14:
                    27:cd:7a:2c:ad:67:65:28:48:c3:a8:c0:b1:44:da:
                    26:7d:ca:c4:a2:ad:49:be:fd:b9:21:3b:f1:94:5c:
                    b1:39:0a:5f:5b:bb:62:96:a4:da:84:a5:b5:72:e5:
                    99:01:23:0c:2e:e3:66:cf:52:94:9c:be:c9:96:6d:
                    db:ff:c0:fa:2c:ff:0f:eb:c5:42:58:37:2d:9f:9e:
                    d1:5c:18:06:2c:ce:25:9c:8f:8a:59:05:ab:b6:3b:
                    ad:c0:f8:41:a1:3a:e4:1f:67:81:5f:0c:4d:58:11:
                    f9:ca:f9:72:20:77:4b:0f:8d:71:39:a8:53:7b:78:
                    2b:3e:d7:6e:03:fe:62:76:5d:a2:62:12:e3:cb:18:
                    c3:7e:5b:2e:8a:3f:90:22:e5:cd:0c:1b:e0:5e:b9:
                    46:a7:71:5e:6e:c0:f8:e9:96:47:cb:2a:69:10:7d:
                    78:19:4c:49:a6:a3:a3:74:99:d8:39:d2:f4:2f:8c:
                    2f:99:00:cb:7d:a1:b2:de:21:e5:62:3e:81:f5:ef:
                    0c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:69:6B:1F:7C:A7:B0:E1:77:E6:C5:4C:86:5F:7D:4C:4C:1D:DD:88
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS29802.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.82.0/24
                  193.176.129.0/24
                  194.147.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:05:88:d5:1e:b9:c1:94:53:d4:82:ed:29:ca:22:98:06:8a:
         50:5c:a4:a0:93:80:9c:cb:9b:80:67:93:e0:79:d2:19:17:02:
         1c:31:9b:b0:5e:b5:7a:ea:21:d0:9e:46:bc:55:89:cc:9a:fc:
         1e:cd:27:2b:60:bc:da:e6:9a:8b:6c:a7:c1:d0:56:b5:1f:1a:
         30:f4:dc:19:41:01:1f:6d:21:9f:47:c4:25:49:df:0f:98:3d:
         58:ea:52:91:79:25:f5:ad:f4:0e:d7:a7:40:22:38:82:68:72:
         d9:92:01:3e:f6:17:fe:f1:1f:a6:7b:46:03:71:94:22:e7:e9:
         02:49:ac:a0:b3:d6:f7:76:5d:a3:e4:b5:b7:df:e7:de:de:d6:
         07:d6:ca:bd:dc:d8:38:26:4e:d1:44:78:b0:5f:e3:09:47:6e:
         0c:12:69:db:80:40:a0:1d:3d:bc:30:82:75:7a:cd:e2:e5:fc:
         9b:87:04:88:fe:f1:2c:a1:33:54:99:9b:38:c9:81:46:fa:3c:
         d9:83:c3:41:64:1c:1f:00:49:0b:6e:02:23:b7:de:34:f2:12:
         c3:69:d8:c5:6b:c8:0c:78:d3:01:05:8b:11:0b:0d:3d:4c:f5:
         f4:59:9e:12:b1:08:92:bd:e0:bd:e2:83:3c:0e:4a:5e:8f:62:
         c1:e0:f8:04
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIULWUXgR0g3gF8IuoWwEk4a+ZKrYIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA1MzEwODIzMTdaFw0yNjA1MzAwODI4MTdaMDMxMTAvBgNV
BAMTKDExNjk2QjFGN0NBN0IwRTE3N0U2QzU0Qzg2NUY3RDRDNEMxREREODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZXuje32oS38/JG+Bol5oGmXJZ
TMNPlikrbs4JkEP6sJ5GpHeSFzSUphV96HLkd0Z8WCsZEnA2LGaHFCfNeiytZ2Uo
SMOowLFE2iZ9ysSirUm+/bkhO/GUXLE5Cl9bu2KWpNqEpbVy5ZkBIwwu42bPUpSc
vsmWbdv/wPos/w/rxUJYNy2fntFcGAYsziWcj4pZBau2O63A+EGhOuQfZ4FfDE1Y
EfnK+XIgd0sPjXE5qFN7eCs+124D/mJ2XaJiEuPLGMN+Wy6KP5Ai5c0MG+BeuUan
cV5uwPjplkfLKmkQfXgZTEmmo6N0mdg50vQvjC+ZAMt9obLeIeViPoH17wy1AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUEWlrH3ynsOF35sVMhl99TEwd3YgwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjk4MDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBADAplID
BADBsIEDBAHCkwYwDQYJKoZIhvcNAQELBQADggEBAF0FiNUeucGUU9SC7SnKIpgG
ilBcpKCTgJzLm4Bnk+B50hkXAhwxm7BetXrqIdCeRrxVicya/B7NJytgvNrmmots
p8HQVrUfGjD03BlBAR9tIZ9HxCVJ3w+YPVjqUpF5JfWt9A7Xp0AiOIJoctmSAT72
F/7xH6Z7RgNxlCLn6QJJrKCz1vd2XaPktbff597e1gfWyr3c2DgmTtFEeLBf4wlH
bgwSaduAQKAdPbwwgnV6zeLl/JuHBIj+8SyhM1SZmzjJgUb6PNmDw0FkHB8ASQtu
AiO33jTyEsNp2MVryAx40wEFixELDT1M9fRZnhKxCJK94L3igzwOSl6PYsHg+AQ=
-----END CERTIFICATE-----