Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS7029.roa
File:                     AS7029.roa (raw, json)
Hash identifier:          cKYSj2lzZQM5apxU3xJyeKw5o+57CyfExFF3wA6BoUA=
Subject key identifier:   A6:7E:64:88:A5:88:3A:CA:58:57:E3:88:C9:EB:EF:13:3D:EC:39:43
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       0B2E4363BD6B41D54BA2E41C5B07F0A58EE07E59
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS7029.roa
Signing time:             Wed 28 Jan 2026 16:37:35 +0000
ROA not before:           Wed 28 Jan 2026 16:32:35 +0000
ROA not after:            Wed 27 Jan 2027 16:37:35 +0000
asID:                     7029
IP address blocks:        143.20.153.0/24 maxlen: 24
                          143.20.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:36:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:2e:43:63:bd:6b:41:d5:4b:a2:e4:1c:5b:07:f0:a5:8e:e0:7e:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jan 28 16:32:35 2026 GMT
            Not After : Jan 27 16:37:35 2027 GMT
        Subject: CN=A67E6488A5883ACA5857E388C9EBEF133DEC3943
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:7c:c2:3a:93:65:7a:98:22:c6:fb:46:4a:b5:
                    c0:36:66:98:15:07:22:30:a1:05:60:72:f5:7b:ed:
                    5c:64:43:fc:dc:a8:cb:ba:c7:da:7a:27:00:e6:65:
                    7f:fb:2d:d0:53:ed:cf:13:5b:49:88:5d:d4:4e:b9:
                    af:35:1a:0b:9b:21:e2:df:6c:9d:cb:cf:7c:cb:57:
                    13:e2:38:01:db:45:07:74:05:8d:d0:a3:af:fc:7f:
                    d1:03:04:1c:80:b0:a4:ac:5f:87:81:3a:cb:be:ca:
                    80:9d:dc:1c:a8:29:04:db:c6:ae:2a:ea:27:87:8c:
                    39:ef:3e:c1:1c:66:cb:ea:31:71:7a:a1:4d:f8:34:
                    19:c0:36:2b:ae:a6:8e:d9:78:bd:01:57:93:5d:d5:
                    83:2f:33:42:a2:df:ab:cb:49:3e:7d:24:d4:c2:03:
                    68:a9:44:9b:f9:44:b9:40:6b:9d:23:31:b5:8b:2f:
                    e0:ca:26:2a:68:5b:32:91:9c:c1:6d:41:9e:59:6d:
                    d6:cc:b2:cf:9c:63:38:35:82:93:08:2e:10:ca:f1:
                    e0:49:3d:ff:1a:ec:62:4e:07:fd:f8:06:71:37:96:
                    99:df:70:89:e8:e2:cc:0a:97:4d:57:59:6e:77:79:
                    91:3a:b5:68:4c:01:6e:89:48:9d:48:d2:be:91:02:
                    5e:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:7E:64:88:A5:88:3A:CA:58:57:E3:88:C9:EB:EF:13:3D:EC:39:43
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS7029.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.153.0/24
                  143.20.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:41:a5:a0:82:02:d7:a8:8a:89:14:07:f8:c7:d1:76:e2:ba:
         1e:a9:3c:13:ad:7d:de:9d:f6:38:3d:b2:2d:cb:fa:c7:3a:bb:
         c9:e1:13:83:99:55:cd:85:63:ac:a9:80:d7:62:40:30:cf:51:
         7b:90:ef:00:73:12:17:df:1b:df:ce:82:c1:6c:b5:6b:ff:6b:
         6f:fa:7e:40:2e:34:62:c0:ca:d8:04:9a:71:aa:9c:95:70:8f:
         81:25:40:ae:b0:e1:8d:8d:d6:a7:cb:14:4d:ff:8d:97:3e:6e:
         db:24:7c:29:e1:b3:5c:53:a8:3d:32:28:5e:9a:57:03:94:7d:
         fd:47:d4:f5:79:7f:8f:c1:c1:38:1d:cd:09:68:14:1d:4b:16:
         e4:61:72:de:fe:b1:a2:c3:13:67:de:44:bd:c1:72:55:7e:ee:
         bc:6c:6e:34:a5:45:60:ae:9f:5c:12:cd:ee:bb:28:bb:6e:ee:
         cd:c9:ed:50:78:80:93:80:fc:2e:18:f2:d0:76:ab:71:1c:2c:
         07:7a:28:d5:6f:11:4a:b5:dc:5f:02:c9:c7:6e:bf:ab:37:9b:
         cc:03:8b:37:eb:05:d8:0e:cd:45:88:12:af:87:b8:3e:87:c5:
         a4:d9:9c:30:6b:4b:bd:03:ac:50:c9:17:05:43:21:41:98:0a:
         36:35:6b:db
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUCy5DY71rQdVLouQcWwfwpY7gflkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAxMjgxNjMyMzVaFw0yNzAxMjcxNjM3MzVaMDMxMTAvBgNV
BAMTKEE2N0U2NDg4QTU4ODNBQ0E1ODU3RTM4OEM5RUJFRjEzM0RFQzM5NDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQfMI6k2V6mCLG+0ZKtcA2ZpgV
ByIwoQVgcvV77VxkQ/zcqMu6x9p6JwDmZX/7LdBT7c8TW0mIXdROua81GgubIeLf
bJ3Lz3zLVxPiOAHbRQd0BY3Qo6/8f9EDBByAsKSsX4eBOsu+yoCd3ByoKQTbxq4q
6ieHjDnvPsEcZsvqMXF6oU34NBnANiuupo7ZeL0BV5Nd1YMvM0Ki36vLST59JNTC
A2ipRJv5RLlAa50jMbWLL+DKJipoWzKRnMFtQZ5ZbdbMss+cYzg1gpMILhDK8eBJ
Pf8a7GJOB/34BnE3lpnfcIno4swKl01XWW53eZE6tWhMAW6JSJ1I0r6RAl6lAgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQUpn5kiKWIOspYV+OIyevvEz3sOUMwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNzAyOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAI8UmQME
AI8U2zANBgkqhkiG9w0BAQsFAAOCAQEAVUGloIIC16iKiRQH+MfRduK6Hqk8E619
3p32OD2yLcv6xzq7yeETg5lVzYVjrKmA12JAMM9Re5DvAHMSF98b386CwWy1a/9r
b/p+QC40YsDK2ASacaqclXCPgSVArrDhjY3Wp8sUTf+Nlz5u2yR8KeGzXFOoPTIo
XppXA5R9/UfU9Xl/j8HBOB3NCWgUHUsW5GFy3v6xosMTZ95EvcFyVX7uvGxuNKVF
YK6fXBLN7rsou27uzcntUHiAk4D8Lhjy0HarcRwsB3oo1W8RSrXcXwLJx26/qzeb
zAOLN+sF2A7NRYgSr4e4PofFpNmcMGtLvQOsUMkXBUMhQZgKNjVr2w==
-----END CERTIFICATE-----