Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/AS7029.roa
File:                     AS7029.roa (raw, json)
Hash identifier:          UzVyQzDNxEH1f7EW/fpjqciXfwpS9M/FPwQFwN2Esxo=
Subject key identifier:   72:FF:38:47:B6:08:49:39:07:92:47:B6:FE:87:66:29:71:49:69:E8
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       1D0BF7245A398F49BB6C565036DA48E4D6456BE1
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/AS7029.roa
Signing time:             Tue 04 Nov 2025 15:34:05 +0000
ROA not before:           Tue 04 Nov 2025 15:29:05 +0000
ROA not after:            Tue 03 Nov 2026 15:34:05 +0000
asID:                     7029
IP address blocks:        46.33.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:0b:f7:24:5a:39:8f:49:bb:6c:56:50:36:da:48:e4:d6:45:6b:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: Nov  4 15:29:05 2025 GMT
            Not After : Nov  3 15:34:05 2026 GMT
        Subject: CN=72FF3847B6084939079247B6FE876629714969E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:df:32:04:fb:3f:89:ad:de:ae:b5:e3:66:a6:
                    0f:8f:1f:d2:03:60:d1:a8:13:de:83:d7:55:b1:de:
                    de:b9:c2:d3:c4:20:70:eb:5c:2c:c5:21:67:00:27:
                    2a:49:f2:aa:34:bf:ac:09:40:f7:a8:21:8f:10:b2:
                    18:84:41:27:2d:1c:14:f8:02:68:ef:40:64:4d:75:
                    af:f7:92:b0:75:93:bd:0e:4d:8d:9f:3c:0a:f1:36:
                    09:c3:f3:60:f3:35:a2:ed:f4:a5:49:57:ba:db:48:
                    09:c2:c3:13:31:e7:e5:95:93:e2:fe:54:60:a5:d8:
                    8d:e5:1c:5e:65:db:13:59:2f:ac:51:30:f5:0c:36:
                    89:f6:19:6a:28:59:fb:b9:42:e3:c1:2a:d8:f6:e9:
                    c9:ed:be:bc:b2:d9:7b:1c:36:1e:ae:66:e7:44:1a:
                    bf:8e:fd:58:7d:20:f1:66:ab:90:51:22:a0:20:1f:
                    e6:6c:79:f3:60:37:22:9a:5d:f5:8f:ad:11:0a:a5:
                    2c:91:b6:88:61:ca:ce:6e:ca:36:05:15:97:bb:55:
                    63:ed:36:a5:da:a5:f8:fb:ff:53:37:6b:2a:2e:78:
                    58:51:fa:c8:00:dd:41:1a:b4:26:7f:3c:49:d7:15:
                    af:bd:ca:d7:4e:4c:f4:02:9c:19:2f:d1:4a:d3:af:
                    7e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:FF:38:47:B6:08:49:39:07:92:47:B6:FE:87:66:29:71:49:69:E8
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/AS7029.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.33.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:14:67:4e:f6:65:43:b4:c8:8b:04:49:7f:61:46:62:e5:94:
         db:10:af:d7:1b:9e:10:06:38:79:13:d8:55:d6:53:4f:bc:18:
         b3:a7:23:18:c1:c3:e9:eb:40:7a:60:62:6c:e5:80:cc:26:42:
         79:93:e3:d5:23:c7:50:7a:d8:42:4b:db:a7:e9:59:9a:a8:62:
         a5:d2:8b:5e:31:27:15:75:18:a7:d4:3e:8e:ad:85:fb:72:ae:
         4a:47:b1:5b:d1:77:f3:e4:06:56:45:10:47:15:83:f3:69:cc:
         2c:c6:0d:75:fb:ee:20:b3:7f:59:f8:77:49:79:0a:59:b4:af:
         ec:44:20:74:1f:11:7e:d3:5c:ed:b2:4e:2b:9d:88:43:40:22:
         27:03:cb:18:22:d3:4b:b2:37:d4:4d:85:04:6d:e8:6f:04:b8:
         f9:76:bf:76:20:d9:d2:21:e3:ea:52:0f:6a:d3:93:a4:fc:b4:
         a8:40:b1:49:0f:72:7c:98:31:36:8d:f6:4c:46:e6:51:d0:69:
         9c:a0:9e:c4:15:f2:5e:0c:a1:7f:b6:5a:a0:0b:c1:2b:a3:fb:
         1c:9c:83:71:91:81:77:c2:1e:46:2d:e5:b7:7a:db:c9:09:89:
         5d:44:89:c3:1a:4e:32:88:4c:d8:fc:23:4f:f3:f3:56:a2:d5:
         23:3f:f1:97
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUHQv3JFo5j0m7bFZQNtpI5NZFa+EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM1ZDkzNzA2Y2JmNDY4OGNlN2Q2MGZjMGVkNjkzZDRj
YzRhOTMyNjAeFw0yNTExMDQxNTI5MDVaFw0yNjExMDMxNTM0MDVaMDMxMTAvBgNV
BAMTKDcyRkYzODQ3QjYwODQ5MzkwNzkyNDdCNkZFODc2NjI5NzE0OTY5RTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi3zIE+z+Jrd6uteNmpg+PH9ID
YNGoE96D11Wx3t65wtPEIHDrXCzFIWcAJypJ8qo0v6wJQPeoIY8QshiEQSctHBT4
AmjvQGRNda/3krB1k70OTY2fPArxNgnD82DzNaLt9KVJV7rbSAnCwxMx5+WVk+L+
VGCl2I3lHF5l2xNZL6xRMPUMNon2GWooWfu5QuPBKtj26cntvryy2XscNh6uZudE
Gr+O/Vh9IPFmq5BRIqAgH+ZsefNgNyKaXfWPrREKpSyRtohhys5uyjYFFZe7VWPt
NqXapfj7/1M3ayoueFhR+sgA3UEatCZ/PEnXFa+9ytdOTPQCnBkv0UrTr35tAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUcv84R7YISTkHkke2/odmKXFJaegwHwYDVR0j
BBgwFoAUc12TcGy/RojOfWD8DtaT1MxKkyYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmU2ZGE1YzctNjcwYS00MWIxLTk2ZWItMzg5OTM4OGIy
OTJjLzAvNzM1RDkzNzA2Q0JGNDY4OENFN0Q2MEZDMEVENjkzRDRDQzRBOTMyNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxMlRjR3lfUm9qT2ZXRDhEdGFUMU14
S2t5WS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzJlNmRhNWM3LTY3MGEt
NDFiMS05NmViLTM4OTkzODhiMjkyYy8wL0FTNzAyOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC4hHzAN
BgkqhkiG9w0BAQsFAAOCAQEATBRnTvZlQ7TIiwRJf2FGYuWU2xCv1xueEAY4eRPY
VdZTT7wYs6cjGMHD6etAemBibOWAzCZCeZPj1SPHUHrYQkvbp+lZmqhipdKLXjEn
FXUYp9Q+jq2F+3KuSkexW9F38+QGVkUQRxWD82nMLMYNdfvuILN/Wfh3SXkKWbSv
7EQgdB8RftNc7bJOK52IQ0AiJwPLGCLTS7I31E2FBG3obwS4+Xa/diDZ0iHj6lIP
atOTpPy0qECxSQ9yfJgxNo32TEbmUdBpnKCexBXyXgyhf7ZaoAvBK6P7HJyDcZGB
d8IeRi3lt3rbyQmJXUSJwxpOMohM2PwjT/PzVqLVIz/xlw==
-----END CERTIFICATE-----