Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS13347.roa
File:                     AS13347.roa (raw, json)
Hash identifier:          Vcr6EeUXObLLwMTr/P281IyX4fwZYhwUt1AVEFcBuD4=
Subject key identifier:   12:60:16:49:FC:20:1B:2B:6C:7C:0A:87:91:ED:3E:30:CD:11:7B:C5
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       2C453C0F85F7BB583497D494765E6B8F560DE60D
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS13347.roa
Signing time:             Tue 30 Sep 2025 10:03:14 +0000
ROA not before:           Tue 30 Sep 2025 09:58:14 +0000
ROA not after:            Tue 29 Sep 2026 10:03:14 +0000
asID:                     13347
IP address blocks:        46.236.244.0/22 maxlen: 24
                          46.236.248.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:45:3c:0f:85:f7:bb:58:34:97:d4:94:76:5e:6b:8f:56:0d:e6:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:14 2025 GMT
            Not After : Sep 29 10:03:14 2026 GMT
        Subject: CN=12601649FC201B2B6C7C0A8791ED3E30CD117BC5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:07:c2:10:19:1a:a0:47:3e:9a:83:31:3c:85:
                    55:92:a9:35:01:cc:e0:df:3e:bf:71:37:e5:1b:0a:
                    96:47:0b:fa:66:f0:a1:88:e2:2f:c3:2f:2d:27:d3:
                    2f:65:be:87:a0:68:53:ce:ce:be:5e:e7:d5:a8:90:
                    1b:b7:6d:1c:35:1f:df:9f:50:ae:87:2d:f1:13:84:
                    3f:f2:7a:94:e0:54:77:01:f6:15:b0:74:7b:49:e0:
                    a1:60:12:1c:0f:c1:1a:31:41:d7:e1:ca:a5:f8:56:
                    b1:f6:d8:f6:4b:9e:ed:77:b0:8f:f8:ee:04:8f:2e:
                    c5:e5:a2:32:d4:ce:c1:b0:1c:65:b5:18:bc:50:4b:
                    93:92:ca:0b:91:fa:cf:f1:e7:a2:f7:89:a2:0c:b7:
                    11:64:69:95:bf:1a:7d:f9:25:e7:9a:db:2c:b3:a8:
                    eb:9a:60:00:01:55:e7:66:dd:5e:1f:f1:df:aa:37:
                    8d:a1:c8:72:ef:ff:82:19:92:2f:0d:34:63:32:c3:
                    5c:d4:3e:77:78:e5:d3:4a:a9:b1:24:cb:ac:4b:19:
                    34:69:0a:31:7f:ba:6d:ea:bf:d5:3c:68:4b:c4:93:
                    30:41:f4:9c:08:41:fc:61:2c:58:09:9e:11:d4:b9:
                    bc:9f:94:3f:30:d9:32:11:ab:06:17:25:3b:6b:a3:
                    81:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:60:16:49:FC:20:1B:2B:6C:7C:0A:87:91:ED:3E:30:CD:11:7B:C5
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS13347.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.244.0-46.236.251.255

    Signature Algorithm: sha256WithRSAEncryption
         43:bb:f4:56:11:f1:a4:62:f5:bc:aa:03:37:52:1e:60:82:19:
         a2:bd:db:47:f3:32:3f:e5:de:da:37:90:2a:98:0d:23:28:b9:
         85:a9:20:5a:93:0f:11:8f:57:a8:05:a4:8f:c3:54:8b:16:20:
         6e:f4:90:97:40:da:b7:7a:47:1c:52:3b:a2:12:a9:c5:0f:28:
         47:74:1c:b7:4b:07:96:38:6d:f2:dd:f4:f5:3e:e4:8a:80:26:
         7c:f1:50:be:2a:50:41:28:46:f9:9b:82:9d:ee:79:ef:92:6a:
         c7:7e:66:36:0c:54:fa:90:b0:f9:25:46:4e:31:0f:83:99:89:
         d5:fb:08:35:87:d0:b5:e3:f1:e5:c4:2f:58:d6:b8:e2:29:cc:
         09:d3:6d:57:ca:48:4b:72:8c:c5:4c:14:99:b3:c6:38:d9:eb:
         95:0c:91:d7:1b:80:ba:67:66:2f:c5:ed:34:ec:a6:18:ab:09:
         50:04:8e:4a:95:09:c1:b2:b9:62:16:d0:8a:8f:6d:32:d0:ae:
         29:3f:41:4c:1b:22:15:a5:27:75:6b:4f:17:66:7b:62:4c:c7:
         83:1c:76:11:78:75:2c:c8:b6:72:87:15:7c:8c:fa:c8:dd:f6:
         cc:ef:54:4a:36:45:53:39:05:8a:a3:9a:ef:16:16:a2:b5:75:
         d8:e9:88:9d
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIULEU8D4X3u1g0l9SUdl5rj1YN5g0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTRaFw0yNjA5MjkxMDAzMTRaMDMxMTAvBgNV
BAMTKDEyNjAxNjQ5RkMyMDFCMkI2QzdDMEE4NzkxRUQzRTMwQ0QxMTdCQzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBB8IQGRqgRz6agzE8hVWSqTUB
zODfPr9xN+UbCpZHC/pm8KGI4i/DLy0n0y9lvoegaFPOzr5e59WokBu3bRw1H9+f
UK6HLfEThD/yepTgVHcB9hWwdHtJ4KFgEhwPwRoxQdfhyqX4VrH22PZLnu13sI/4
7gSPLsXlojLUzsGwHGW1GLxQS5OSyguR+s/x56L3iaIMtxFkaZW/Gn35Jeea2yyz
qOuaYAABVedm3V4f8d+qN42hyHLv/4IZki8NNGMyw1zUPnd45dNKqbEky6xLGTRp
CjF/um3qv9U8aEvEkzBB9JwIQfxhLFgJnhHUubyflD8w2TIRqwYXJTtro4GXAgMB
AAGjggIRMIICDTAdBgNVHQ4EFgQUEmAWSfwgGytsfAqHke0+MM0Re8UwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMTMzNDcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJwYIKwYBBQUHAQcBAf8EGDAWMBQEAgABMA4wDAMEAi7s
9AMEAi7s+DANBgkqhkiG9w0BAQsFAAOCAQEAQ7v0VhHxpGL1vKoDN1IeYIIZor3b
R/MyP+Xe2jeQKpgNIyi5hakgWpMPEY9XqAWkj8NUixYgbvSQl0Dat3pHHFI7ohKp
xQ8oR3Qct0sHljht8t309T7kioAmfPFQvipQQShG+ZuCne5575Jqx35mNgxU+pCw
+SVGTjEPg5mJ1fsINYfQtePx5cQvWNa44inMCdNtV8pIS3KMxUwUmbPGONnrlQyR
1xuAumdmL8XtNOymGKsJUASOSpUJwbK5YhbQio9tMtCuKT9BTBsiFaUndWtPF2Z7
YkzHgxx2EXh1LMi2cocVfIz6yN32zO9USjZFUzkFiqOa7xYWorV12OmInQ==
-----END CERTIFICATE-----