Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29802.roa
File:                     AS29802.roa (raw, json)
Hash identifier:          wWWZp3yvfg6b7RmOldGotwZOMF8Kbnu8crwhzDJV4q4=
Subject key identifier:   17:4B:89:A6:24:D4:1B:F5:E8:31:EE:01:DB:A3:3F:9A:E5:93:5A:B6
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       58247F6B27E8B6B48A53FB1E35925A12D0073850
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29802.roa
Signing time:             Thu 09 Oct 2025 00:06:34 +0000
ROA not before:           Thu 09 Oct 2025 00:01:34 +0000
ROA not after:            Thu 08 Oct 2026 00:06:34 +0000
asID:                     29802
IP address blocks:        141.11.35.0/24 maxlen: 24
                          141.11.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:24:7f:6b:27:e8:b6:b4:8a:53:fb:1e:35:92:5a:12:d0:07:38:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct  9 00:01:34 2025 GMT
            Not After : Oct  8 00:06:34 2026 GMT
        Subject: CN=174B89A624D41BF5E831EE01DBA33F9AE5935AB6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f2:7b:95:d1:f9:98:31:8c:30:a8:fe:e5:de:
                    30:bb:0b:1b:4d:69:1d:20:28:8b:85:15:da:ce:6c:
                    74:f1:74:ac:de:98:94:67:af:ae:4e:cc:8a:69:1e:
                    51:da:08:b1:12:9b:0f:44:95:ba:71:1d:24:3b:57:
                    11:1c:3c:88:7d:59:91:0e:dc:19:20:22:0d:e5:b9:
                    1d:23:e6:30:45:91:6e:00:f1:86:a4:20:39:d6:47:
                    32:66:c9:90:f6:43:2e:26:95:f5:ee:25:47:1d:d7:
                    2e:d1:59:09:2f:ec:e2:35:9a:15:aa:1c:ff:ab:ad:
                    f6:fc:69:70:e5:ec:80:11:41:88:1b:56:7d:5d:f3:
                    09:a0:45:2f:47:66:04:c9:d3:af:ef:94:eb:54:54:
                    1e:12:5b:df:9d:3b:a4:e2:9a:dd:f1:a7:16:53:08:
                    70:3d:bc:d1:9a:33:29:53:b8:ec:d6:81:2a:43:aa:
                    c9:9c:6b:69:b3:f5:b4:da:2f:46:b0:26:47:5b:3f:
                    84:6c:35:e0:cb:81:9b:e4:c6:47:24:d1:51:4d:99:
                    a0:70:62:ab:a7:8f:98:03:f8:78:09:81:9b:d2:08:
                    49:5d:d2:a5:4d:b4:3d:e1:c3:d7:da:9c:0c:70:9b:
                    7c:b0:34:17:69:10:30:69:ec:56:49:30:5d:75:46:
                    af:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:4B:89:A6:24:D4:1B:F5:E8:31:EE:01:DB:A3:3F:9A:E5:93:5A:B6
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29802.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.35.0/24
                  141.11.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:85:cc:de:51:62:7b:57:49:db:de:26:d7:c5:0d:4f:17:3a:
         e9:74:ad:6d:29:3b:2f:f5:8d:ec:51:d6:f0:a0:5e:9e:c1:07:
         f3:2f:9c:3e:f6:cc:42:b9:5e:43:5b:55:d0:71:83:4d:5c:0b:
         6b:d2:99:eb:44:b3:32:e3:75:dc:a4:3c:4e:cb:fe:77:d8:02:
         75:33:94:49:96:25:15:ae:85:4f:ae:c4:a0:62:83:e8:fb:e8:
         e8:67:20:ad:c9:66:a0:71:ba:3f:c4:5c:c8:6d:52:55:06:01:
         6b:b0:46:a4:00:44:2e:79:a6:50:65:95:85:28:dd:59:e6:bd:
         c0:80:13:21:50:eb:88:98:a4:a5:bf:71:39:08:56:dd:0f:72:
         e5:52:16:e5:55:ff:e3:71:cf:18:1c:c2:f5:4f:30:7b:ec:c3:
         96:22:95:c8:1f:9f:fe:be:06:92:d2:de:88:f2:9e:50:a2:90:
         aa:47:9b:d3:7d:e5:43:01:a8:4b:d3:ec:11:a8:76:d3:f3:a9:
         7d:01:8b:1b:c4:23:54:d5:d2:95:74:55:9f:c0:28:ad:aa:55:
         c5:51:b2:c9:76:b2:88:9a:39:3b:47:ea:13:8d:b7:9b:ce:ee:
         64:18:be:7b:44:f7:3c:17:93:2c:e6:ce:0e:04:b8:ae:aa:66:
         8f:dc:20:59
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUWCR/ayfotrSKU/seNZJaEtAHOFAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTEwMDkwMDAxMzRaFw0yNjEwMDgwMDA2MzRaMDMxMTAvBgNV
BAMTKDE3NEI4OUE2MjRENDFCRjVFODMxRUUwMURCQTMzRjlBRTU5MzVBQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC78nuV0fmYMYwwqP7l3jC7CxtN
aR0gKIuFFdrObHTxdKzemJRnr65OzIppHlHaCLESmw9ElbpxHSQ7VxEcPIh9WZEO
3BkgIg3luR0j5jBFkW4A8YakIDnWRzJmyZD2Qy4mlfXuJUcd1y7RWQkv7OI1mhWq
HP+rrfb8aXDl7IARQYgbVn1d8wmgRS9HZgTJ06/vlOtUVB4SW9+dO6Timt3xpxZT
CHA9vNGaMylTuOzWgSpDqsmca2mz9bTaL0awJkdbP4RsNeDLgZvkxkck0VFNmaBw
Yqunj5gD+HgJgZvSCEld0qVNtD3hw9fanAxwm3ywNBdpEDBp7FZJMF11Rq9TAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUF0uJpiTUG/XoMe4B26M/muWTWrYwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjk4MDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNCyMD
BACNCyYwDQYJKoZIhvcNAQELBQADggEBADmFzN5RYntXSdveJtfFDU8XOul0rW0p
Oy/1jexR1vCgXp7BB/MvnD72zEK5XkNbVdBxg01cC2vSmetEszLjddykPE7L/nfY
AnUzlEmWJRWuhU+uxKBig+j76OhnIK3JZqBxuj/EXMhtUlUGAWuwRqQARC55plBl
lYUo3VnmvcCAEyFQ64iYpKW/cTkIVt0PcuVSFuVV/+NxzxgcwvVPMHvsw5Yilcgf
n/6+BpLS3ojynlCikKpHm9N95UMBqEvT7BGodtPzqX0BixvEI1TV0pV0VZ/AKK2q
VcVRssl2soiaOTtH6hONt5vO7mQYvntE9zwXkyzmzg4EuK6qZo/cIFk=
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:33:27 2025 by rpki-client