Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS13335.roa
File:                     AS13335.roa (raw, json)
Hash identifier:          pTZY4YGU1q9za/UNTPjqnmJ4OFljgOOvQyPmvVhT/Zs=
Subject key identifier:   BD:95:BD:FD:60:E2:11:BC:4D:B7:B5:0F:BF:C5:09:30:48:81:7B:C2
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       196B2F7BC139B6221E8E273C4EACCC77A7AD0E98
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS13335.roa
Signing time:             Wed 25 Jun 2025 19:32:29 +0000
ROA not before:           Wed 25 Jun 2025 19:27:29 +0000
ROA not after:            Wed 24 Jun 2026 19:32:29 +0000
asID:                     13335
IP address blocks:        143.14.176.0/22 maxlen: 24
                          143.14.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:6b:2f:7b:c1:39:b6:22:1e:8e:27:3c:4e:ac:cc:77:a7:ad:0e:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 25 19:27:29 2025 GMT
            Not After : Jun 24 19:32:29 2026 GMT
        Subject: CN=BD95BDFD60E211BC4DB7B50FBFC5093048817BC2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:75:c1:e5:94:6a:71:cc:a4:04:7c:af:0d:d9:
                    b1:c3:46:2f:90:58:01:a0:62:bb:30:d2:cc:b8:6d:
                    aa:ac:08:03:87:a9:36:43:48:c0:5a:43:ba:1f:82:
                    0e:0f:e9:3b:4f:fc:89:96:32:6b:e3:69:ce:25:96:
                    2e:ef:42:af:0d:03:02:39:bf:35:ea:c3:41:36:cb:
                    9c:7f:0d:73:24:b3:0c:6c:9f:02:12:ab:dc:68:82:
                    38:16:8e:3b:87:11:61:34:e6:55:6b:41:0f:03:5e:
                    fc:c1:26:a8:2a:8e:69:bb:f5:d0:ec:eb:4f:ed:30:
                    12:b1:92:19:a8:05:0a:ce:80:76:26:65:85:ea:49:
                    bd:b3:50:6b:51:03:46:fc:1a:c1:27:36:76:b2:2e:
                    7c:8e:59:6a:94:e1:eb:9c:35:4e:20:57:b2:97:8b:
                    f6:14:1f:03:f3:f4:46:b2:3e:81:4e:04:a4:77:bf:
                    71:a3:89:b2:59:c2:fe:cd:3d:0f:a9:fa:3e:eb:3e:
                    62:e7:5d:c7:54:4a:85:b4:ee:96:52:e3:ac:82:67:
                    e4:11:e2:e6:35:f3:5d:57:ef:f9:c0:7b:4d:7e:e2:
                    4f:b0:ed:f5:9e:2e:09:85:81:d9:dc:39:9c:8e:11:
                    4f:7c:be:9e:35:e5:e2:0d:31:38:8d:c3:9b:b7:2f:
                    fc:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:95:BD:FD:60:E2:11:BC:4D:B7:B5:0F:BF:C5:09:30:48:81:7B:C2
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS13335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.176.0/22
                  143.14.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:85:f7:87:5a:42:f1:9a:50:4b:a3:20:7a:6c:1d:d4:fa:4f:
         99:75:97:35:bb:94:6a:ec:ea:9d:79:a2:6f:5a:73:fa:2b:03:
         70:94:81:89:72:a0:7d:21:0d:32:14:1b:7b:ff:7b:23:5d:66:
         b5:2c:8e:35:a5:01:8f:fd:67:3c:ed:68:13:37:44:d8:b6:2a:
         fb:ba:6a:6d:8f:01:fb:be:d9:7c:c3:47:26:bd:ec:c7:97:63:
         3c:ee:8f:3e:17:e8:ff:99:81:2f:9e:65:6b:cd:ec:b9:3b:76:
         5d:5d:13:db:47:60:64:e2:fa:3f:e8:f3:f0:b5:76:a6:3b:ef:
         a7:70:91:9c:1c:10:01:5d:ad:b6:24:3b:9d:b7:af:8e:e1:43:
         b2:43:f3:72:69:43:ae:c8:84:b3:b0:00:52:3a:bc:f0:3e:37:
         9d:c6:e5:00:02:f4:c7:8e:32:87:37:f0:59:85:68:87:f6:3f:
         0c:8c:28:37:06:d8:3a:0b:ab:72:27:e6:17:7f:43:6b:60:b0:
         80:32:b8:ac:9e:e8:8d:ad:a3:1c:e7:45:f3:66:ee:ee:3b:f1:
         1d:b6:c5:a6:82:d0:88:26:bc:b7:2a:54:5b:04:5d:0a:a6:8b:
         8b:15:02:7d:ed:d5:a3:b7:78:45:ba:16:4a:7f:f4:40:25:cc:
         68:a9:f9:db
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUGWsve8E5tiIejic8TqzMd6etDpgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MjUxOTI3MjlaFw0yNjA2MjQxOTMyMjlaMDMxMTAvBgNV
BAMTKEJEOTVCREZENjBFMjExQkM0REI3QjUwRkJGQzUwOTMwNDg4MTdCQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLdcHllGpxzKQEfK8N2bHDRi+Q
WAGgYrsw0sy4baqsCAOHqTZDSMBaQ7ofgg4P6TtP/ImWMmvjac4lli7vQq8NAwI5
vzXqw0E2y5x/DXMkswxsnwISq9xogjgWjjuHEWE05lVrQQ8DXvzBJqgqjmm79dDs
60/tMBKxkhmoBQrOgHYmZYXqSb2zUGtRA0b8GsEnNnayLnyOWWqU4eucNU4gV7KX
i/YUHwPz9EayPoFOBKR3v3GjibJZwv7NPQ+p+j7rPmLnXcdUSoW07pZS46yCZ+QR
4uY1811X7/nAe01+4k+w7fWeLgmFgdncOZyOEU98vp415eINMTiNw5u3L/yzAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUvZW9/WDiEbxNt7UPv8UJMEiBe8IwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAKPDrAD
BACPDvswDQYJKoZIhvcNAQELBQADggEBABSF94daQvGaUEujIHpsHdT6T5l1lzW7
lGrs6p15om9ac/orA3CUgYlyoH0hDTIUG3v/eyNdZrUsjjWlAY/9ZzztaBM3RNi2
Kvu6am2PAfu+2XzDRya97MeXYzzujz4X6P+ZgS+eZWvN7Lk7dl1dE9tHYGTi+j/o
8/C1dqY776dwkZwcEAFdrbYkO523r47hQ7JD83JpQ67IhLOwAFI6vPA+N53G5QAC
9MeOMoc38FmFaIf2PwyMKDcG2DoLq3In5hd/Q2tgsIAyuKye6I2toxznRfNm7u47
8R22xaaC0IgmvLcqVFsEXQqmi4sVAn3t1aO3eEW6Fkp/9EAlzGip+ds=
-----END CERTIFICATE-----