Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/29FCaAYYGxF38GRIEOTlfCqPXmo.roa
File:                     29FCaAYYGxF38GRIEOTlfCqPXmo.roa (raw, json)
Hash identifier:          SVoMULes5WkO+U5mku9WD3sjpCzRNbNzXOWPbWS8GpA=
Subject key identifier:   DB:D1:42:68:06:18:1B:11:77:F0:64:48:10:E4:E5:7C:2A:8F:5E:6A
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       01984809E7B1736015B688645D7E0E169718
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/29FCaAYYGxF38GRIEOTlfCqPXmo.roa
Signing time:             Sat 26 Jul 2025 18:41:05 +0000
ROA not before:           Sat 26 Jul 2025 18:41:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34837
IP address blocks:        46.38.129.0/24 maxlen: 24
                          46.38.131.0/24 maxlen: 24
                          46.38.140.0/24 maxlen: 24
                          212.16.64.0/19 maxlen: 19
                          212.16.64.0/24 maxlen: 24
                          212.16.65.0/24 maxlen: 24
                          212.16.66.0/24 maxlen: 24
                          212.16.67.0/24 maxlen: 24
                          212.16.68.0/24 maxlen: 24
                          212.16.75.0/24 maxlen: 24
                          212.16.76.0/24 maxlen: 24
                          212.16.82.0/24 maxlen: 24
                          212.16.83.0/24 maxlen: 24
                          212.16.88.0/24 maxlen: 24
                          212.16.90.0/24 maxlen: 24
                          212.16.91.0/24 maxlen: 24
                          212.80.0.0/19 maxlen: 19
                          212.80.1.0/24 maxlen: 24
                          212.80.3.0/24 maxlen: 24
                          212.80.5.0/24 maxlen: 24
                          212.80.12.0/24 maxlen: 24
                          212.80.13.0/24 maxlen: 24
                          212.80.14.0/24 maxlen: 24
                          212.80.15.0/24 maxlen: 24
                          212.80.16.0/24 maxlen: 24
                          212.80.28.0/24 maxlen: 24
                          212.80.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:48:09:e7:b1:73:60:15:b6:88:64:5d:7e:0e:16:97:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jul 26 18:41:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbd1426806181b1177f0644810e4e57c2a8f5e6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:22:65:0c:57:5f:df:02:bb:2e:e2:31:e6:51:
                    23:b1:73:f2:18:ad:e3:23:4c:f6:f1:77:e6:7e:91:
                    11:de:5b:83:35:db:2c:c7:53:f0:14:75:5e:85:0c:
                    02:fb:41:e0:15:f4:f5:f8:54:fc:4e:77:12:38:6f:
                    2c:47:c2:7a:10:17:7a:c8:27:03:67:ed:14:55:bd:
                    ea:c3:e2:fc:fc:a1:85:cc:f0:1a:c1:cd:42:d8:2f:
                    2d:45:3c:61:73:e5:51:ce:07:bb:5b:f3:c3:20:fc:
                    b3:2f:61:3a:1b:97:c1:a5:78:62:52:35:93:54:a6:
                    ac:06:29:2d:ca:61:a3:c0:b4:41:02:33:ae:20:a5:
                    31:f7:b5:b8:b3:18:9e:49:69:64:30:a6:a2:e4:2b:
                    4f:b0:55:39:2b:fe:05:cd:bf:bd:08:75:ed:7a:0a:
                    df:09:97:73:6c:d1:a1:c2:42:28:59:f7:9f:ae:24:
                    b9:70:1b:72:25:69:51:e0:03:88:6b:8c:45:63:d8:
                    11:4b:f7:d5:a6:5a:9e:f2:61:f8:82:51:56:c7:67:
                    18:4d:88:7e:a9:3c:ad:97:26:d1:25:a2:a1:37:45:
                    b0:67:48:8d:d8:40:02:5b:35:72:55:89:ee:9b:d1:
                    d0:7d:7f:aa:ba:69:be:15:ef:91:22:89:40:01:33:
                    57:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:D1:42:68:06:18:1B:11:77:F0:64:48:10:E4:E5:7C:2A:8F:5E:6A
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/29FCaAYYGxF38GRIEOTlfCqPXmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.129.0/24
                  46.38.131.0/24
                  46.38.140.0/24
                  212.16.64.0/19
                  212.80.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         35:90:64:dd:2b:a3:30:13:40:05:12:7a:2c:14:cc:00:bc:57:
         e4:bb:9d:79:be:01:3d:8c:d4:0c:2c:57:ad:3d:86:1a:2a:cd:
         03:6a:10:b7:3e:18:56:39:e3:2f:a5:fb:3c:77:e4:38:d3:1e:
         c8:bc:c8:88:5e:27:94:aa:00:e1:99:ec:1f:41:97:49:89:03:
         29:71:8b:fd:e2:d0:6a:3f:ee:7b:b6:6d:a2:87:22:18:7f:7a:
         f1:8a:d6:3a:5f:89:18:88:53:df:52:13:c6:2b:c4:50:58:fd:
         14:6e:da:f5:8d:84:86:49:54:01:b2:1e:d7:5e:f2:6a:f6:65:
         09:6c:c1:ed:eb:4c:46:5b:89:4a:d0:2c:d7:72:e9:d6:b7:af:
         eb:09:9e:7d:71:79:17:31:64:ab:39:99:b9:60:d1:fc:32:2a:
         2f:97:d4:7a:cc:df:81:88:03:6e:eb:90:99:fe:6e:6f:7a:64:
         a9:07:cc:57:42:e1:48:5d:ad:55:49:61:82:33:4a:1c:41:38:
         b5:6e:03:c7:8b:89:2c:6a:3b:e6:76:bb:c3:1e:b4:ad:4d:50:
         8a:b6:20:d9:6e:f0:ea:cc:46:e8:6d:04:a1:80:f7:6f:89:fc:
         b8:26:57:11:20:7a:18:ca:d3:af:0c:bb:c1:67:5d:7a:99:38:
         30:5f:ed:b3
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZhICeexc2AVtohkXX4OFpcYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwNzI2MTg0MTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmQxNDI2ODA2MTgxYjExNzdmMDY0NDgxMGU0ZTU3YzJhOGY1ZTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5SJlDFdf3wK7LuIx5lEjsXPyGK3j
I0z28XfmfpER3luDNdssx1PwFHVehQwC+0HgFfT1+FT8TncSOG8sR8J6EBd6yCcD
Z+0UVb3qw+L8/KGFzPAawc1C2C8tRTxhc+VRzge7W/PDIPyzL2E6G5fBpXhiUjWT
VKasBiktymGjwLRBAjOuIKUx97W4sxieSWlkMKai5CtPsFU5K/4Fzb+9CHXtegrf
CZdzbNGhwkIoWfefriS5cBtyJWlR4AOIa4xFY9gRS/fVplqe8mH4glFWx2cYTYh+
qTytlybRJaKhN0WwZ0iN2EACWzVyVYnum9HQfX+qumm+Fe+RIolAATNXIQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNvRQmgGGBsRd/BkSBDk5Xwqj15qMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvMjlGQ2FBWVlHeEYzOEdSSUVPVGxmQ3FQWG1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQALiaBAwQA
LiaDAwQALiaMAwQF1BBAAwQF1FAAMA0GCSqGSIb3DQEBCwUAA4IBAQA1kGTdK6Mw
E0AFEnosFMwAvFfku515vgE9jNQMLFetPYYaKs0DahC3PhhWOeMvpfs8d+Q40x7I
vMiIXieUqgDhmewfQZdJiQMpcYv94tBqP+57tm2ihyIYf3rxitY6X4kYiFPfUhPG
K8RQWP0Ubtr1jYSGSVQBsh7XXvJq9mUJbMHt60xGW4lK0CzXcunWt6/rCZ59cXkX
MWSrOZm5YNH8Miovl9R6zN+BiANu65CZ/m5vemSpB8xXQuFIXa1VSWGCM0ocQTi1
bgPHi4ksajvmdrvDHrStTVCKtiDZbvDqzEbobQShgPdvify4JlcRIHoYytOvDLvB
Z116mTgwX+2z
-----END CERTIFICATE-----
Generated at Wed Aug 6 14:08:06 2025 by rpki-client