Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS13335.roa
File:                     AS13335.roa (raw, json)
Hash identifier:          BHdc+4DLSogVHsHLwA/i0sy+Rr5CMK/io3rN1OwJQFQ=
Subject key identifier:   58:52:60:1C:0B:A3:52:3B:A7:2A:63:9A:2A:8F:9F:F6:D4:AE:F5:20
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       291347449D981714BB3F9A03D29BA1EB008C427D
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS13335.roa
Signing time:             Tue 30 Sep 2025 15:55:07 +0000
ROA not before:           Tue 30 Sep 2025 15:50:07 +0000
ROA not after:            Tue 29 Sep 2026 15:55:07 +0000
asID:                     13335
IP address blocks:        141.11.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:13:47:44:9d:98:17:14:bb:3f:9a:03:d2:9b:a1:eb:00:8c:42:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep 30 15:50:07 2025 GMT
            Not After : Sep 29 15:55:07 2026 GMT
        Subject: CN=5852601C0BA3523BA72A639A2A8F9FF6D4AEF520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:49:1d:80:a9:f4:5d:78:a4:14:00:8f:32:9b:
                    4b:8a:69:59:94:ca:60:a1:25:5c:1c:98:ad:26:ba:
                    60:01:5e:a1:73:b8:77:91:73:17:9e:2f:d2:af:f0:
                    b9:0f:01:0a:73:22:20:0f:2a:e4:50:c0:c5:48:5c:
                    7a:b6:7c:83:15:89:95:05:8b:9d:0f:d7:89:90:61:
                    07:2f:79:99:13:92:f9:b2:9d:05:e3:c5:20:e4:1f:
                    7e:06:1c:bc:e7:ea:eb:f7:ef:c2:d8:eb:01:48:ea:
                    ab:96:9c:73:20:d4:6e:08:59:20:44:ef:79:2e:5e:
                    c1:9a:79:a7:a9:ed:13:08:d7:0d:62:c0:4e:8e:a0:
                    ac:3d:d9:56:6a:61:c5:f5:ad:cb:b2:f8:0e:80:59:
                    1d:22:ac:fb:90:d3:61:00:77:13:b5:f1:35:c0:6c:
                    09:f9:f0:9d:32:79:51:09:63:b9:51:f6:ad:4e:93:
                    2e:97:59:43:4f:c4:49:70:59:45:ae:6f:d4:4d:3c:
                    94:26:27:3d:b5:8a:51:30:f9:71:2a:ba:cd:49:df:
                    cb:f9:56:66:62:aa:b6:98:a5:e9:5c:36:8c:dc:8c:
                    dc:a5:98:fa:25:8c:e8:7a:3a:1e:57:99:4b:b2:62:
                    2e:47:a3:ea:31:ec:7e:1f:77:fb:92:57:41:99:e3:
                    c8:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:52:60:1C:0B:A3:52:3B:A7:2A:63:9A:2A:8F:9F:F6:D4:AE:F5:20
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS13335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:75:13:13:ed:86:8d:40:1a:0f:3b:34:b9:26:20:c6:d9:77:
         c0:9f:7f:2e:ad:18:a4:11:45:e5:99:31:83:5e:1b:da:50:af:
         ac:79:a0:46:19:e9:3b:87:f9:94:84:66:1d:c8:2e:e0:c7:3d:
         7d:34:c7:32:e1:f9:04:76:f7:a7:e0:e1:3c:73:cf:02:a2:e5:
         05:35:f3:a7:93:42:bb:ac:f2:76:b5:66:54:c8:21:0a:9a:7b:
         0d:5c:ad:33:64:ac:ec:2f:78:20:85:6f:eb:cd:0f:78:db:a7:
         61:e6:db:47:7c:1d:28:bf:08:75:88:eb:b6:81:72:38:88:b1:
         ff:da:36:7b:de:49:13:4f:75:2c:cf:68:6d:d2:0a:70:63:b2:
         4a:5e:26:a1:e6:ef:c1:22:36:f5:8b:c1:7f:c9:51:a2:9c:e1:
         94:5d:54:ee:18:09:13:b3:91:14:2b:d6:ae:1b:25:6b:34:ab:
         6d:6b:b5:9d:c3:82:de:82:f7:75:ae:d7:07:59:1f:1f:c5:76:
         58:43:5f:8e:92:f9:37:11:b0:f5:f7:84:8c:4f:a0:cf:79:34:
         58:b3:60:cb:69:a8:a1:13:c0:ae:e9:f3:5f:52:11:e1:e8:b4:
         c4:2f:9c:57:51:33:54:f4:7e:e5:49:47:0e:32:8b:eb:30:5e:
         48:2b:55:82
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUKRNHRJ2YFxS7P5oD0puh6wCMQn0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA5MzAxNTUwMDdaFw0yNjA5MjkxNTU1MDdaMDMxMTAvBgNV
BAMTKDU4NTI2MDFDMEJBMzUyM0JBNzJBNjM5QTJBOEY5RkY2RDRBRUY1MjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPSR2AqfRdeKQUAI8ym0uKaVmU
ymChJVwcmK0mumABXqFzuHeRcxeeL9Kv8LkPAQpzIiAPKuRQwMVIXHq2fIMViZUF
i50P14mQYQcveZkTkvmynQXjxSDkH34GHLzn6uv378LY6wFI6quWnHMg1G4IWSBE
73kuXsGaeaep7RMI1w1iwE6OoKw92VZqYcX1rcuy+A6AWR0irPuQ02EAdxO18TXA
bAn58J0yeVEJY7lR9q1Oky6XWUNPxElwWUWub9RNPJQmJz21ilEw+XEqus1J38v5
VmZiqraYpelcNozcjNylmPoljOh6Oh5XmUuyYi5Ho+ox7H4fd/uSV0GZ48jFAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUWFJgHAujUjunKmOaKo+f9tSu9SAwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC0cw
DQYJKoZIhvcNAQELBQADggEBANd1ExPtho1AGg87NLkmIMbZd8Cffy6tGKQRReWZ
MYNeG9pQr6x5oEYZ6TuH+ZSEZh3ILuDHPX00xzLh+QR296fg4TxzzwKi5QU186eT
Qrus8na1ZlTIIQqaew1crTNkrOwveCCFb+vND3jbp2Hm20d8HSi/CHWI67aBcjiI
sf/aNnveSRNPdSzPaG3SCnBjskpeJqHm78EiNvWLwX/JUaKc4ZRdVO4YCROzkRQr
1q4bJWs0q21rtZ3Dgt6C93Wu1wdZHx/FdlhDX46S+TcRsPX3hIxPoM95NFizYMtp
qKETwK7p819SEeHotMQvnFdRM1T0fuVJRw4yi+swXkgrVYI=
-----END CERTIFICATE-----