Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS29802.roa
File:                     AS29802.roa (raw, json)
Hash identifier:          pqD5rCk3EDrYQ3KsYgvy8dKRWehKN8gKvWBJ2bDzjvs=
Subject key identifier:   D4:37:34:B3:C9:95:9B:82:A5:50:93:94:33:3B:52:F8:8E:A4:D5:94
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       7995D108A13A169581F21CCE1CD0079D567B766A
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS29802.roa
Signing time:             Sat 06 Jun 2026 10:56:31 +0000
ROA not before:           Sat 06 Jun 2026 10:51:31 +0000
ROA not after:            Sat 05 Jun 2027 10:56:31 +0000
asID:                     29802
IP address blocks:        188.221.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:95:d1:08:a1:3a:16:95:81:f2:1c:ce:1c:d0:07:9d:56:7b:76:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  6 10:51:31 2026 GMT
            Not After : Jun  5 10:56:31 2027 GMT
        Subject: CN=D43734B3C9959B82A5509394333B52F88EA4D594
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cc:86:69:d7:f8:1d:3f:fb:92:3a:27:41:e1:
                    94:95:9a:10:35:5e:3e:8f:af:b8:46:ae:80:15:18:
                    43:31:56:a2:cb:11:fc:ed:75:f9:e0:e8:a5:77:30:
                    90:1b:65:bf:da:c9:8d:cb:7e:05:f5:d0:90:a4:b2:
                    56:eb:04:ce:06:bd:a2:2e:83:4e:21:fb:e5:d9:8b:
                    dd:8d:0f:d6:fd:e7:ba:2d:34:1a:17:ae:59:20:f7:
                    2a:c2:2b:6d:d1:7b:13:2d:02:2a:28:2f:a2:52:bf:
                    5f:03:01:49:54:a4:ff:9c:34:cf:c6:d8:48:b4:d9:
                    59:41:5f:c7:04:c8:d0:89:fd:14:76:f4:a5:14:a0:
                    79:47:5a:f8:0b:b7:83:16:7b:94:17:bb:ec:8c:0b:
                    cc:b2:ce:61:a4:6d:3f:8f:9e:38:a5:fc:87:6a:01:
                    b3:53:f7:45:91:39:5b:50:52:56:ec:cb:81:6a:20:
                    77:21:bf:9c:be:76:03:20:53:0b:3c:5b:ae:63:9d:
                    0a:1d:04:fc:ae:5f:76:ba:75:f0:91:07:19:d8:6f:
                    c3:94:6d:23:1c:dc:e9:bf:1f:1a:37:e6:4e:23:ba:
                    0f:bc:0b:c9:af:f6:c0:10:5d:1b:0b:e4:9d:cb:1d:
                    5e:a9:0d:75:31:ee:0b:65:6e:ce:49:59:0b:c9:56:
                    d7:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:37:34:B3:C9:95:9B:82:A5:50:93:94:33:3B:52:F8:8E:A4:D5:94
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS29802.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.221.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:43:fc:98:f7:2b:04:a2:2a:15:fe:d7:a1:3a:78:8c:96:f2:
         0c:3b:44:90:4a:b4:9b:fd:23:d6:2b:f9:08:86:62:a7:73:f1:
         3c:0c:5f:00:a1:5f:53:82:50:81:a4:6e:bf:23:fd:13:5a:8d:
         db:67:51:b8:24:12:77:be:37:e4:90:3b:40:32:1d:ba:90:05:
         d3:38:93:26:bc:f2:55:9f:35:cd:cf:d7:20:66:61:ca:ef:5d:
         a8:24:55:e7:9a:1d:d2:28:66:82:3a:0f:d5:e7:a6:26:af:0c:
         5e:2b:1b:fc:4e:e9:44:12:23:ba:b4:f1:66:e2:00:00:d8:c2:
         65:a7:b7:5c:81:be:b9:9e:7a:09:4c:0d:a7:6e:ad:b2:7a:19:
         33:32:41:9f:14:fa:73:7f:83:ae:b3:9f:0e:32:72:96:89:f8:
         4b:a5:34:87:50:e1:3e:4f:f1:8c:1c:a6:d7:13:30:06:be:a5:
         04:17:d5:ee:4c:bd:19:d8:42:fb:ff:3f:63:8c:61:17:a2:49:
         73:97:49:03:8c:29:b0:a5:39:7c:59:c3:d8:24:2e:47:6e:c5:
         f6:bc:0e:41:94:88:82:11:4c:a7:a8:16:40:6e:32:f9:da:79:
         64:dd:90:26:1a:3c:73:8c:99:e4:66:47:1c:26:5f:dd:08:ca:
         f5:88:c9:a4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUeZXRCKE6FpWB8hzOHNAHnVZ7dmowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDYxMDUxMzFaFw0yNzA2MDUxMDU2MzFaMDMxMTAvBgNV
BAMTKEQ0MzczNEIzQzk5NTlCODJBNTUwOTM5NDMzM0I1MkY4OEVBNEQ1OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3zIZp1/gdP/uSOidB4ZSVmhA1
Xj6Pr7hGroAVGEMxVqLLEfztdfng6KV3MJAbZb/ayY3LfgX10JCkslbrBM4GvaIu
g04h++XZi92ND9b957otNBoXrlkg9yrCK23RexMtAiooL6JSv18DAUlUpP+cNM/G
2Ei02VlBX8cEyNCJ/RR29KUUoHlHWvgLt4MWe5QXu+yMC8yyzmGkbT+Pnjil/Idq
AbNT90WROVtQUlbsy4FqIHchv5y+dgMgUws8W65jnQodBPyuX3a6dfCRBxnYb8OU
bSMc3Om/Hxo35k4jug+8C8mv9sAQXRsL5J3LHV6pDXUx7gtlbs5JWQvJVtcRAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU1Dc0s8mVm4KlUJOUMztS+I6k1ZQwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjk4MDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC83akw
DQYJKoZIhvcNAQELBQADggEBAKlD/Jj3KwSiKhX+16E6eIyW8gw7RJBKtJv9I9Yr
+QiGYqdz8TwMXwChX1OCUIGkbr8j/RNajdtnUbgkEne+N+SQO0AyHbqQBdM4kya8
8lWfNc3P1yBmYcrvXagkVeeaHdIoZoI6D9XnpiavDF4rG/xO6UQSI7q08WbiAADY
wmWnt1yBvrmeeglMDadurbJ6GTMyQZ8U+nN/g66znw4ycpaJ+EulNIdQ4T5P8Ywc
ptcTMAa+pQQX1e5MvRnYQvv/P2OMYReiSXOXSQOMKbClOXxZw9gkLkduxfa8DkGU
iIIRTKeoFkBuMvnaeWTdkCYaPHOMmeRmRxwmX90IyvWIyaQ=
-----END CERTIFICATE-----