Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS29066.roa
File:                     AS29066.roa (raw, json)
Hash identifier:          3k7KnGTCMPr8O1U7djEthQs3kr4O+WljmSAoQV2s6FE=
Subject key identifier:   83:2C:AD:D8:92:CB:F8:45:BF:79:50:1E:32:F3:0C:A0:F9:04:8B:E3
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       243D987C615552BDC917A0C19624EB4A80A44D64
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS29066.roa
Signing time:             Sun 03 Aug 2025 00:54:13 +0000
ROA not before:           Sun 03 Aug 2025 00:49:13 +0000
ROA not after:            Sun 02 Aug 2026 00:54:13 +0000
asID:                     29066
IP address blocks:        181.41.205.0/24 maxlen: 24
                          193.7.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:3d:98:7c:61:55:52:bd:c9:17:a0:c1:96:24:eb:4a:80:a4:4d:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug  3 00:49:13 2025 GMT
            Not After : Aug  2 00:54:13 2026 GMT
        Subject: CN=832CADD892CBF845BF79501E32F30CA0F9048BE3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1b:8e:64:db:c3:71:9e:d9:75:af:7b:1d:de:
                    7b:87:25:e0:4a:b7:83:82:b9:6e:a7:c7:c8:ac:1c:
                    a6:1a:92:a5:7c:27:c5:e8:87:20:05:8a:91:54:e5:
                    0c:e5:df:32:4b:60:06:59:3c:20:8f:e5:fc:52:e8:
                    61:cb:9b:7b:ce:d9:68:27:6e:45:d1:77:f8:13:5b:
                    3f:2f:bc:0e:19:cd:a4:4d:ee:ce:1d:d2:a4:34:c6:
                    11:aa:6d:ae:1f:15:35:07:5e:3f:66:b8:ba:27:9e:
                    31:af:39:81:1e:b9:ec:02:6c:a2:39:86:7a:2a:b4:
                    98:fb:3d:67:80:6e:46:ea:37:e6:77:e8:fe:2b:1c:
                    4b:72:18:b1:a8:94:95:93:16:0e:6b:a8:86:50:5d:
                    ea:0e:75:b5:2b:bb:2a:a4:67:b8:8e:2d:74:08:d7:
                    e7:ef:bd:5e:9e:c5:e5:7f:ef:fb:a4:5d:6f:e1:7b:
                    4e:fe:0b:90:19:b7:74:a5:07:81:09:49:5f:be:66:
                    c2:31:4a:fe:11:59:2c:b8:ab:3d:c2:5d:a4:c6:c5:
                    71:c9:ca:9c:90:be:31:22:e0:5c:65:24:4f:3a:f0:
                    da:a0:c1:50:1e:16:5f:27:84:17:de:53:fb:89:65:
                    7e:03:3b:18:5b:0f:4f:24:f4:81:6f:94:c0:bc:ee:
                    90:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:2C:AD:D8:92:CB:F8:45:BF:79:50:1E:32:F3:0C:A0:F9:04:8B:E3
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS29066.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.205.0/24
                  193.7.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:46:3b:c5:b6:ed:db:3a:c2:c8:0d:59:3b:02:68:ea:da:b1:
         c0:83:2d:e0:ae:fb:bb:45:5d:bf:40:09:97:ac:bd:56:af:b2:
         3d:da:5a:8d:56:23:e6:96:cb:8d:55:8f:f1:7e:db:f8:75:cf:
         ed:f5:e9:47:04:fa:1e:2b:03:97:81:2d:c4:c7:73:d6:90:dd:
         ce:0c:21:8c:a5:6f:32:db:73:62:4b:ad:bf:9e:27:b2:a5:98:
         10:99:6f:33:d9:f2:ec:7a:61:2c:c6:61:c5:0a:03:30:2f:46:
         06:65:b1:e5:40:1c:f1:d8:25:87:59:d4:c9:10:25:7a:80:03:
         4f:e2:cf:41:69:b4:cc:fd:da:f3:c9:ad:a3:df:8a:ef:37:94:
         51:47:dd:cb:87:33:cb:b6:e7:57:cf:9e:60:6b:b9:0c:01:9e:
         ff:ad:31:7b:18:f3:cc:95:6d:05:9a:d8:96:91:e0:72:27:a1:
         6c:ef:28:a9:68:9b:62:f7:0a:39:85:4b:4d:d4:49:ec:3c:a3:
         25:e7:df:e5:1c:60:0a:e9:3e:d4:f2:ca:ca:75:6d:5a:16:58:
         ef:d7:ba:cb:15:72:d8:5f:b5:a4:80:fb:a7:1b:2e:80:b4:9b:
         f8:6a:d8:d2:2a:40:da:1d:40:18:ff:de:aa:11:a1:91:6d:de:
         ce:f4:64:fc
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUJD2YfGFVUr3JF6DBliTrSoCkTWQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MDMwMDQ5MTNaFw0yNjA4MDIwMDU0MTNaMDMxMTAvBgNV
BAMTKDgzMkNBREQ4OTJDQkY4NDVCRjc5NTAxRTMyRjMwQ0EwRjkwNDhCRTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8G45k28Nxntl1r3sd3nuHJeBK
t4OCuW6nx8isHKYakqV8J8XohyAFipFU5Qzl3zJLYAZZPCCP5fxS6GHLm3vO2Wgn
bkXRd/gTWz8vvA4ZzaRN7s4d0qQ0xhGqba4fFTUHXj9muLonnjGvOYEeuewCbKI5
hnoqtJj7PWeAbkbqN+Z36P4rHEtyGLGolJWTFg5rqIZQXeoOdbUruyqkZ7iOLXQI
1+fvvV6exeV/7/ukXW/he07+C5AZt3SlB4EJSV++ZsIxSv4RWSy4qz3CXaTGxXHJ
ypyQvjEi4FxlJE868NqgwVAeFl8nhBfeU/uJZX4DOxhbD08k9IFvlMC87pBHAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUgyyt2JLL+EW/eVAeMvMMoPkEi+MwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjkwNjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC1Kc0D
BADBB8swDQYJKoZIhvcNAQELBQADggEBADpGO8W27ds6wsgNWTsCaOrascCDLeCu
+7tFXb9ACZesvVavsj3aWo1WI+aWy41Vj/F+2/h1z+316UcE+h4rA5eBLcTHc9aQ
3c4MIYylbzLbc2JLrb+eJ7KlmBCZbzPZ8ux6YSzGYcUKAzAvRgZlseVAHPHYJYdZ
1MkQJXqAA0/iz0FptMz92vPJraPfiu83lFFH3cuHM8u251fPnmBruQwBnv+tMXsY
88yVbQWa2JaR4HInoWzvKKlom2L3CjmFS03USew8oyXn3+UcYArpPtTyysp1bVoW
WO/XussVcthftaSA+6cbLoC0m/hq2NIqQNodQBj/3qoRoZFt3s70ZPw=
-----END CERTIFICATE-----