Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29208.roa
File:                     AS29208.roa (raw, json)
Hash identifier:          cIqwQ5uNB3+YwzLci9VUERuwNh+VDLvfIrT3Xf9Fqwg=
Subject key identifier:   C0:2E:04:43:54:7D:57:65:4D:14:FC:1D:94:38:BE:BF:F1:17:43:31
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       63FC6BAFA0F60A2A64865004C2A81B040EFC02CC
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29208.roa
Signing time:             Wed 30 Jul 2025 11:54:13 +0000
ROA not before:           Wed 30 Jul 2025 11:49:13 +0000
ROA not after:            Wed 29 Jul 2026 11:54:13 +0000
asID:                     29208
IP address blocks:        141.11.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 01:12:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:fc:6b:af:a0:f6:0a:2a:64:86:50:04:c2:a8:1b:04:0e:fc:02:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jul 30 11:49:13 2025 GMT
            Not After : Jul 29 11:54:13 2026 GMT
        Subject: CN=C02E0443547D57654D14FC1D9438BEBFF1174331
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:24:3b:cf:2d:18:53:d9:61:38:aa:e9:c3:e6:
                    23:d4:72:4c:58:7b:31:8a:b1:02:15:64:97:6a:cd:
                    ba:cf:3d:d9:72:31:60:52:dc:36:67:38:ad:bc:72:
                    10:e4:37:6c:94:83:fe:81:17:09:fe:d2:3b:a6:2c:
                    1f:85:fd:62:d0:ba:40:58:0c:ec:38:85:a3:dc:a7:
                    40:28:95:fe:bb:ad:e7:d5:5c:52:7d:91:38:50:2e:
                    1c:c1:fe:26:db:c2:c8:e5:ca:9e:05:69:31:e8:68:
                    a7:ed:92:cf:05:3d:78:c7:73:68:0d:84:6a:f0:e8:
                    44:73:2f:6c:af:7b:8e:9d:1d:8e:d7:c8:a1:bc:65:
                    db:71:85:d4:1d:07:9b:57:46:ac:d4:cc:08:a2:97:
                    46:9a:ce:f3:f1:15:44:ea:4a:45:7c:67:a8:04:de:
                    6d:3e:3b:3c:6b:c6:d1:39:3a:8b:d0:cf:ec:69:4b:
                    d9:c8:a5:2a:76:98:f1:91:bf:8d:c3:c8:be:af:35:
                    e7:ef:69:a3:c7:1e:27:f2:79:85:58:b6:52:cb:a3:
                    16:77:fb:f0:1c:e8:11:e0:91:8c:54:0e:b2:f2:6b:
                    62:d8:a8:e0:5e:c5:62:41:8f:1c:7d:69:9d:70:88:
                    82:8b:11:a0:06:9c:2c:9e:e1:69:3c:f5:55:79:61:
                    e5:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:2E:04:43:54:7D:57:65:4D:14:FC:1D:94:38:BE:BF:F1:17:43:31
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29208.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:29:04:00:ab:8e:2d:5c:5c:ea:7b:29:6c:98:e5:b1:6b:65:
         c3:a6:70:6d:ea:01:06:c4:8b:0a:b5:2f:62:47:79:13:95:b3:
         f6:12:a7:ce:84:92:89:94:c6:e9:00:44:e7:06:af:25:be:3b:
         8c:db:fa:7d:97:83:6e:62:f0:4c:38:e9:ea:ef:39:9f:8a:c7:
         0d:81:7a:cf:b5:c9:64:6f:9e:5e:fb:d9:a6:9c:00:e0:fe:4f:
         98:d5:25:38:4d:6c:97:6e:e4:8c:f3:16:79:b6:f1:ca:08:fa:
         79:95:29:b9:46:52:c2:c1:84:c1:e8:db:c7:3b:15:dc:4d:8f:
         75:01:53:08:61:7f:19:0b:c4:5d:a5:80:e7:1d:a5:65:88:50:
         4d:37:39:bf:6f:d7:4c:39:f0:80:05:67:ae:be:94:2a:70:5c:
         7c:d2:64:ee:06:1d:c5:f0:e7:d7:74:60:48:ae:ad:a2:fa:55:
         01:13:03:a9:0e:87:5e:c8:0c:7b:6e:c2:88:15:55:47:66:ec:
         c8:4e:f0:d9:a4:0b:c0:27:88:53:02:dc:de:84:33:05:c8:ca:
         2a:23:18:1b:f5:4e:2f:34:32:45:fb:e7:a4:ee:79:7a:41:1f:
         14:05:ff:31:28:38:0d:1d:84:40:6d:2b:b9:6b:ac:52:d4:2e:
         ba:ed:ae:6a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUY/xrr6D2CipkhlAEwqgbBA78AswwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA3MzAxMTQ5MTNaFw0yNjA3MjkxMTU0MTNaMDMxMTAvBgNV
BAMTKEMwMkUwNDQzNTQ3RDU3NjU0RDE0RkMxRDk0MzhCRUJGRjExNzQzMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyJDvPLRhT2WE4qunD5iPUckxY
ezGKsQIVZJdqzbrPPdlyMWBS3DZnOK28chDkN2yUg/6BFwn+0jumLB+F/WLQukBY
DOw4haPcp0Aolf67refVXFJ9kThQLhzB/ibbwsjlyp4FaTHoaKftks8FPXjHc2gN
hGrw6ERzL2yve46dHY7XyKG8ZdtxhdQdB5tXRqzUzAiil0aazvPxFUTqSkV8Z6gE
3m0+OzxrxtE5OovQz+xpS9nIpSp2mPGRv43DyL6vNefvaaPHHifyeYVYtlLLoxZ3
+/Ac6BHgkYxUDrLya2LYqOBexWJBjxx9aZ1wiIKLEaAGnCye4Wk89VV5YeUfAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUwC4EQ1R9V2VNFPwdlDi+v/EXQzEwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjkyMDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC7Mw
DQYJKoZIhvcNAQELBQADggEBAEIpBACrji1cXOp7KWyY5bFrZcOmcG3qAQbEiwq1
L2JHeROVs/YSp86EkomUxukAROcGryW+O4zb+n2Xg25i8Ew46ervOZ+Kxw2Bes+1
yWRvnl772aacAOD+T5jVJThNbJdu5IzzFnm28coI+nmVKblGUsLBhMHo28c7FdxN
j3UBUwhhfxkLxF2lgOcdpWWIUE03Ob9v10w58IAFZ66+lCpwXHzSZO4GHcXw59d0
YEiuraL6VQETA6kOh17IDHtuwogVVUdm7MhO8NmkC8AniFMC3N6EMwXIyiojGBv1
Ti80MkX756TueXpBHxQF/zEoOA0dhEBtK7lrrFLULrrtrmo=
-----END CERTIFICATE-----