Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS29802.roa
File:                     AS29802.roa (raw, json)
Hash identifier:          BdS1tAly01U6s0F0+zENuuK57pYunEfM/Y3rk/0WzXU=
Subject key identifier:   CF:0E:26:C7:B8:34:1D:C2:1A:DC:C9:DF:C1:38:3B:F8:0C:36:AA:7D
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1D24DB7AAAD3DF8C0F263A02BEE913928575CD36
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS29802.roa
Signing time:             Mon 28 Jul 2025 17:29:13 +0000
ROA not before:           Mon 28 Jul 2025 17:24:13 +0000
ROA not after:            Mon 27 Jul 2026 17:29:13 +0000
asID:                     29802
IP address blocks:        143.20.134.0/24 maxlen: 24
                          143.20.135.0/24 maxlen: 24
                          143.20.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 19:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:24:db:7a:aa:d3:df:8c:0f:26:3a:02:be:e9:13:92:85:75:cd:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 28 17:24:13 2025 GMT
            Not After : Jul 27 17:29:13 2026 GMT
        Subject: CN=CF0E26C7B8341DC21ADCC9DFC1383BF80C36AA7D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b4:ba:b1:9f:41:98:de:43:69:94:74:94:9d:
                    9b:a7:e2:f1:e6:17:a6:fa:be:a6:47:2b:d9:4b:94:
                    65:58:7b:45:30:21:b9:cd:5b:f6:59:10:1e:dd:ca:
                    4b:a7:70:14:7f:bd:11:7c:03:c4:f9:95:1e:cc:fb:
                    4f:e1:ac:09:85:68:ce:a4:14:d3:44:92:e6:06:a0:
                    f2:a4:8b:30:7c:9e:f9:f2:40:cf:c5:f2:cd:c9:16:
                    a2:0b:11:6d:62:40:57:df:69:bb:b7:d6:14:7a:c6:
                    76:32:63:cc:af:d4:d5:7d:ba:cd:99:63:d3:4a:40:
                    92:e3:d0:05:45:7a:9a:0c:76:aa:d2:31:b6:77:7b:
                    eb:27:f2:79:7d:c8:ff:a5:87:31:c1:a4:b0:01:a4:
                    3a:9f:35:11:b8:1e:1a:83:35:0c:3d:c8:75:42:c2:
                    a3:b7:e3:c5:f7:58:c3:f7:03:86:58:4d:0e:75:96:
                    09:dd:8c:c7:43:31:a3:d4:96:e6:7f:bc:05:22:51:
                    4e:49:9c:87:d7:4d:3b:c4:d5:2d:03:ea:e7:25:45:
                    76:93:29:31:be:94:a9:e7:1c:36:59:1a:c9:1f:25:
                    68:1c:a9:fb:be:e7:f6:89:00:d8:a9:c7:5b:c1:af:
                    33:af:85:7f:c0:69:1c:33:a7:17:7b:92:4a:2a:5a:
                    df:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:0E:26:C7:B8:34:1D:C2:1A:DC:C9:DF:C1:38:3B:F8:0C:36:AA:7D
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS29802.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.134.0/23
                  143.20.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:f1:57:ee:19:67:0a:a7:25:4b:de:e4:8f:a2:92:22:c9:ac:
         eb:33:d4:0f:fe:3a:84:5d:95:62:96:f8:c9:a8:68:51:a2:52:
         f6:b3:06:9c:ab:23:88:19:50:f7:bc:f7:c8:25:18:b2:d8:a9:
         4f:0b:c2:df:37:da:75:b2:1d:2a:5b:b5:c3:18:fc:82:69:5e:
         c7:d0:63:ba:7a:fc:65:a3:16:e3:0e:bf:77:95:af:b7:05:61:
         ca:e6:07:82:c8:7f:d7:72:13:4e:ec:e5:f8:c5:81:c4:cd:71:
         2a:c7:3e:c9:f6:26:44:86:2a:e6:40:c2:6e:7b:81:15:f9:12:
         12:75:46:6d:be:ba:17:af:a6:43:ee:10:97:ea:f0:10:a7:85:
         06:66:73:53:40:5d:3f:a4:4d:97:1b:bf:03:a7:7f:dc:d4:e1:
         7e:c9:cd:98:06:a0:ed:ae:76:e4:1f:56:8f:d4:38:c2:a1:05:
         e8:93:79:67:0f:f7:ba:76:90:92:5b:2c:2c:f6:99:ca:07:f1:
         6d:6a:cb:1e:7e:93:1d:a4:31:ce:4e:ba:79:59:80:f4:5a:f8:
         59:63:4f:dd:83:29:9b:07:77:4a:b7:bd:10:3a:86:b3:19:52:
         26:4d:d7:6b:9f:3c:1d:58:d5:08:af:25:ca:de:f8:ad:14:d0:
         cd:be:5c:2e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUHSTbeqrT34wPJjoCvukTkoV1zTYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjgxNzI0MTNaFw0yNjA3MjcxNzI5MTNaMDMxMTAvBgNV
BAMTKENGMEUyNkM3QjgzNDFEQzIxQURDQzlERkMxMzgzQkY4MEMzNkFBN0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCztLqxn0GY3kNplHSUnZun4vHm
F6b6vqZHK9lLlGVYe0UwIbnNW/ZZEB7dykuncBR/vRF8A8T5lR7M+0/hrAmFaM6k
FNNEkuYGoPKkizB8nvnyQM/F8s3JFqILEW1iQFffabu31hR6xnYyY8yv1NV9us2Z
Y9NKQJLj0AVFepoMdqrSMbZ3e+sn8nl9yP+lhzHBpLABpDqfNRG4HhqDNQw9yHVC
wqO348X3WMP3A4ZYTQ51lgndjMdDMaPUluZ/vAUiUU5JnIfXTTvE1S0D6uclRXaT
KTG+lKnnHDZZGskfJWgcqfu+5/aJANipx1vBrzOvhX/AaRwzpxd7kkoqWt+JAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUzw4mx7g0HcIa3MnfwTg7+Aw2qn0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjk4MDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAGPFIYD
BACPFJMwDQYJKoZIhvcNAQELBQADggEBAGvxV+4ZZwqnJUve5I+ikiLJrOsz1A/+
OoRdlWKW+MmoaFGiUvazBpyrI4gZUPe898glGLLYqU8Lwt832nWyHSpbtcMY/IJp
XsfQY7p6/GWjFuMOv3eVr7cFYcrmB4LIf9dyE07s5fjFgcTNcSrHPsn2JkSGKuZA
wm57gRX5EhJ1Rm2+uhevpkPuEJfq8BCnhQZmc1NAXT+kTZcbvwOnf9zU4X7JzZgG
oO2uduQfVo/UOMKhBeiTeWcP97p2kJJbLCz2mcoH8W1qyx5+kx2kMc5OunlZgPRa
+FljT92DKZsHd0q3vRA6hrMZUiZN12ufPB1Y1QivJcre+K0U0M2+XC4=
-----END CERTIFICATE-----