Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS29802.roa
File:                     AS29802.roa (raw, json)
Hash identifier:          jEHtJiR+FA6+atkQdZouFm/QiTIlbkxnD9O0E5UR+Vc=
Subject key identifier:   68:F6:55:53:B9:B1:24:22:D3:41:0D:97:C3:96:40:15:BC:8B:88:16
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       32629D3DE2BFB1E838A964946C0EDF21111703D1
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS29802.roa
Signing time:             Fri 05 Jun 2026 05:20:03 +0000
ROA not before:           Fri 05 Jun 2026 05:15:03 +0000
ROA not after:            Fri 04 Jun 2027 05:20:03 +0000
asID:                     29802
IP address blocks:        143.20.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:39:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:62:9d:3d:e2:bf:b1:e8:38:a9:64:94:6c:0e:df:21:11:17:03:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 05:15:03 2026 GMT
            Not After : Jun  4 05:20:03 2027 GMT
        Subject: CN=68F65553B9B12422D3410D97C3964015BC8B8816
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:4d:f1:59:f1:0d:dc:e7:84:80:85:65:78:40:
                    81:7a:e0:39:ec:76:7a:70:28:b6:c1:9b:ee:18:59:
                    a0:71:cf:f5:73:f9:f0:9d:ce:d4:7d:c5:fd:87:aa:
                    f8:64:59:02:4c:5e:22:59:c3:d3:a1:cf:67:90:7d:
                    19:aa:1a:32:8f:89:c6:35:80:6c:36:2c:3f:7c:d6:
                    ef:b7:c1:04:4c:72:56:b7:31:92:1e:bb:cc:b2:47:
                    d8:2a:77:02:8d:ad:78:d2:02:ba:e1:cf:13:07:67:
                    31:10:1e:69:b4:d9:7d:84:72:8a:d1:16:74:fa:a7:
                    8e:28:02:d1:6b:62:93:3d:66:53:1f:92:4d:eb:87:
                    55:2b:5f:fd:01:6e:5b:c1:bd:af:16:32:8f:f5:1a:
                    19:af:cd:8d:9a:2f:63:c6:e5:db:a2:0e:57:1a:a0:
                    fd:fb:21:61:fa:86:fc:83:f4:e4:e9:64:7a:0f:58:
                    7a:bf:ee:38:76:1f:72:3c:19:21:a5:85:f4:3c:02:
                    a8:06:b7:86:55:1e:ab:9e:d8:57:fb:d9:7a:6e:7f:
                    57:14:4b:0e:fa:4c:fd:0b:42:86:aa:cc:48:64:40:
                    89:2c:c7:11:2d:ce:38:e4:b4:4c:e6:0c:b7:92:d2:
                    b0:92:de:df:4a:e0:fd:49:39:60:e0:b4:bf:b7:27:
                    26:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:F6:55:53:B9:B1:24:22:D3:41:0D:97:C3:96:40:15:BC:8B:88:16
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS29802.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:68:dd:df:35:14:f8:60:3f:64:0e:16:0e:19:f5:34:82:2b:
         43:a5:df:06:cf:71:7c:da:8b:e8:df:fa:fb:92:a5:56:f5:c2:
         27:d9:5e:8b:7b:8f:dd:6e:d6:6a:54:af:f8:56:cb:91:eb:b2:
         6e:13:92:a2:6b:15:c0:31:45:63:65:6c:ef:18:68:37:b5:61:
         b6:11:48:f8:c2:4b:4f:3c:6f:b5:b3:8e:13:e2:e1:22:b9:9c:
         c4:69:bb:58:dd:8e:62:d3:bf:dd:6f:9f:8c:7d:95:3a:a7:86:
         19:6a:fe:2a:e8:b6:75:0e:0a:4d:51:58:cf:5e:a9:c4:40:2e:
         6c:bb:ea:41:e7:1d:68:80:19:83:7f:9b:ac:70:74:ca:11:30:
         32:79:8f:bf:7a:ba:ed:29:db:c6:64:c1:02:a6:d1:56:88:a0:
         78:3e:a9:af:a9:15:59:6f:8f:37:d5:2e:d6:05:7d:71:c0:64:
         50:99:ad:36:05:c4:e7:ce:b0:ba:21:bd:53:90:9a:62:9d:91:
         7f:92:0d:6c:2b:df:bc:25:76:04:75:b8:de:76:1c:9f:ea:da:
         95:c9:33:9b:84:2d:0e:f9:b5:19:3e:06:7e:0d:5f:bb:db:e1:
         68:f5:a8:2e:5e:cc:1e:9b:30:f0:aa:88:1a:75:0d:c0:13:ee:
         a2:26:b5:04
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUMmKdPeK/seg4qWSUbA7fIREXA9EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA2MDUwNTE1MDNaFw0yNzA2MDQwNTIwMDNaMDMxMTAvBgNV
BAMTKDY4RjY1NTUzQjlCMTI0MjJEMzQxMEQ5N0MzOTY0MDE1QkM4Qjg4MTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNTfFZ8Q3c54SAhWV4QIF64Dns
dnpwKLbBm+4YWaBxz/Vz+fCdztR9xf2HqvhkWQJMXiJZw9Ohz2eQfRmqGjKPicY1
gGw2LD981u+3wQRMcla3MZIeu8yyR9gqdwKNrXjSArrhzxMHZzEQHmm02X2EcorR
FnT6p44oAtFrYpM9ZlMfkk3rh1UrX/0BblvBva8WMo/1GhmvzY2aL2PG5duiDlca
oP37IWH6hvyD9OTpZHoPWHq/7jh2H3I8GSGlhfQ8AqgGt4ZVHque2Ff72Xpuf1cU
Sw76TP0LQoaqzEhkQIksxxEtzjjktEzmDLeS0rCS3t9K4P1JOWDgtL+3Jya3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUaPZVU7mxJCLTQQ2Xw5ZAFbyLiBYwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjk4MDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFOIw
DQYJKoZIhvcNAQELBQADggEBADZo3d81FPhgP2QOFg4Z9TSCK0Ol3wbPcXzai+jf
+vuSpVb1wifZXot7j91u1mpUr/hWy5Hrsm4TkqJrFcAxRWNlbO8YaDe1YbYRSPjC
S088b7WzjhPi4SK5nMRpu1jdjmLTv91vn4x9lTqnhhlq/irotnUOCk1RWM9eqcRA
Lmy76kHnHWiAGYN/m6xwdMoRMDJ5j796uu0p28ZkwQKm0VaIoHg+qa+pFVlvjzfV
LtYFfXHAZFCZrTYFxOfOsLohvVOQmmKdkX+SDWwr37wldgR1uN52HJ/q2pXJM5uE
LQ75tRk+Bn4NX7vb4Wj1qC5ezB6bMPCqiBp1DcAT7qImtQQ=
-----END CERTIFICATE-----