Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS7029.roa
File:                     AS7029.roa (raw, json)
Hash identifier:          xfiFH/12KkS9ULUecG3bPfZVgAKJ6svAvpDP0z7vS8A=
Subject key identifier:   FE:BB:B1:36:5E:75:28:4C:24:03:1E:26:7B:F4:B4:0E:78:DB:DC:4F
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       332A371AF5358C622825017C0EA42EB22393874C
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS7029.roa
Signing time:             Sun 26 Oct 2025 00:09:55 +0000
ROA not before:           Sun 26 Oct 2025 00:04:55 +0000
ROA not after:            Sun 25 Oct 2026 00:09:55 +0000
asID:                     7029
IP address blocks:        143.20.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:2a:37:1a:f5:35:8c:62:28:25:01:7c:0e:a4:2e:b2:23:93:87:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 26 00:04:55 2025 GMT
            Not After : Oct 25 00:09:55 2026 GMT
        Subject: CN=FEBBB1365E75284C24031E267BF4B40E78DBDC4F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fb:21:0d:e0:94:a7:ac:dd:75:46:9e:6e:4c:
                    f3:5f:c9:19:fa:02:04:05:7b:70:1f:2c:ba:3e:45:
                    f0:f9:df:1e:f2:f7:b4:86:46:08:1e:2d:07:3f:e5:
                    9c:7d:59:c1:09:c9:fc:94:8c:83:1e:a8:18:5f:14:
                    b0:82:4f:1b:0c:96:01:ed:9f:44:cf:2e:a0:18:6b:
                    eb:a5:17:dc:f2:01:d6:48:aa:67:0a:f7:c6:76:f8:
                    19:0d:8c:d4:45:bf:a3:0a:16:db:fd:ad:59:de:d8:
                    6a:30:26:e3:fa:b1:43:60:d8:5b:69:3c:5c:b2:fe:
                    05:cf:f0:ea:6c:79:cd:d5:08:5d:fb:f7:ec:b5:24:
                    c4:51:56:5d:d4:29:09:cd:15:4b:20:55:17:00:f8:
                    37:09:9c:0e:0e:e6:b8:fa:6c:04:c3:4b:9d:52:aa:
                    45:d0:d6:42:f3:f3:12:eb:17:e5:31:fe:f0:78:19:
                    4d:d6:34:7c:12:ac:ec:16:d4:e4:95:2f:ce:76:44:
                    ff:9e:20:82:b2:98:73:6f:5f:f9:59:76:25:b8:4a:
                    0b:d2:5c:68:e7:e3:08:a6:0d:d0:7a:11:9f:e9:5f:
                    c5:33:92:d3:14:1f:7e:e1:5a:53:aa:95:8a:32:12:
                    7e:69:8e:3b:df:1f:62:76:37:d8:d0:46:d6:32:df:
                    7d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:BB:B1:36:5E:75:28:4C:24:03:1E:26:7B:F4:B4:0E:78:DB:DC:4F
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS7029.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:44:61:e3:67:87:97:78:06:cd:70:0f:54:10:bd:6e:5b:30:
         a5:92:60:81:ca:af:1d:85:35:13:a7:80:34:f3:aa:67:78:2b:
         21:62:33:6c:f6:ee:14:41:94:0c:af:b7:91:48:2c:1d:95:61:
         d6:84:36:d8:99:43:b8:ef:7d:87:84:d7:1b:63:8b:ed:c0:e1:
         d8:b7:25:c1:8c:b0:ea:cb:b6:15:b2:c9:8a:c0:9a:03:5a:0f:
         2e:0c:29:ef:3a:5f:60:3a:79:d1:02:49:f4:72:af:de:1d:57:
         88:67:9c:89:db:33:fc:48:6f:f0:7b:d5:51:68:3d:68:35:3a:
         37:1c:88:01:2f:07:44:47:b7:2a:bf:f4:a9:04:56:fb:2f:d1:
         06:bc:cf:96:99:25:2c:81:82:5d:c9:c4:56:b1:2c:41:bf:67:
         b6:ca:46:52:01:e7:b6:c7:d0:5d:4f:e8:03:c7:4c:03:50:b4:
         8b:68:ac:f5:9b:51:f8:13:bb:b0:ba:55:75:59:1c:5b:a8:54:
         10:92:c4:45:d3:53:b7:c4:a8:12:90:4a:0b:b4:3e:eb:c0:b1:
         9b:22:58:07:72:0e:55:c8:2b:68:bf:b0:2e:cc:ec:82:4d:f1:
         64:be:4a:ec:f9:7a:36:ee:50:3f:49:c6:b3:94:b2:c5:8f:72:
         ac:73:dc:7e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUMyo3GvU1jGIoJQF8DqQusiOTh0wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjYwMDA0NTVaFw0yNjEwMjUwMDA5NTVaMDMxMTAvBgNV
BAMTKEZFQkJCMTM2NUU3NTI4NEMyNDAzMUUyNjdCRjRCNDBFNzhEQkRDNEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm+yEN4JSnrN11Rp5uTPNfyRn6
AgQFe3AfLLo+RfD53x7y97SGRggeLQc/5Zx9WcEJyfyUjIMeqBhfFLCCTxsMlgHt
n0TPLqAYa+ulF9zyAdZIqmcK98Z2+BkNjNRFv6MKFtv9rVne2GowJuP6sUNg2Ftp
PFyy/gXP8Opsec3VCF379+y1JMRRVl3UKQnNFUsgVRcA+DcJnA4O5rj6bATDS51S
qkXQ1kLz8xLrF+Ux/vB4GU3WNHwSrOwW1OSVL852RP+eIIKymHNvX/lZdiW4SgvS
XGjn4wimDdB6EZ/pX8UzktMUH37hWlOqlYoyEn5pjjvfH2J2N9jQRtYy330zAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU/ruxNl51KEwkAx4me/S0Dnjb3E8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNzAyOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8UmTAN
BgkqhkiG9w0BAQsFAAOCAQEAS0Rh42eHl3gGzXAPVBC9blswpZJggcqvHYU1E6eA
NPOqZ3grIWIzbPbuFEGUDK+3kUgsHZVh1oQ22JlDuO99h4TXG2OL7cDh2LclwYyw
6su2FbLJisCaA1oPLgwp7zpfYDp50QJJ9HKv3h1XiGecidsz/Ehv8HvVUWg9aDU6
NxyIAS8HREe3Kr/0qQRW+y/RBrzPlpklLIGCXcnEVrEsQb9ntspGUgHntsfQXU/o
A8dMA1C0i2is9ZtR+BO7sLpVdVkcW6hUEJLERdNTt8SoEpBKC7Q+68CxmyJYB3IO
VcgraL+wLszsgk3xZL5K7Pl6Nu5QP0nGs5SyxY9yrHPcfg==
-----END CERTIFICATE-----