Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS13335.roa
File:                     AS13335.roa (raw, json)
Hash identifier:          yVRenUaFnstXnqeAw0oqxOu6egE57z43wnIDee9QFvc=
Subject key identifier:   28:87:54:46:C6:78:41:F3:D1:C3:EA:F1:74:95:4C:EB:91:B0:0F:C9
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       462E839B2F4B5B28C9FC82ED9B725D59C9D8C33B
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS13335.roa
Signing time:             Tue 29 Jul 2025 06:09:25 +0000
ROA not before:           Tue 29 Jul 2025 06:04:25 +0000
ROA not after:            Tue 28 Jul 2026 06:09:25 +0000
asID:                     13335
IP address blocks:        143.14.176.0/22 maxlen: 24
                          143.14.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 18:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:2e:83:9b:2f:4b:5b:28:c9:fc:82:ed:9b:72:5d:59:c9:d8:c3:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 29 06:04:25 2025 GMT
            Not After : Jul 28 06:09:25 2026 GMT
        Subject: CN=28875446C67841F3D1C3EAF174954CEB91B00FC9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:04:5f:07:6f:fa:5e:8b:a9:28:9a:9f:b9:23:
                    2c:95:0e:7d:bf:25:2b:19:f6:3b:ff:16:f8:1f:e7:
                    e1:36:69:87:86:bf:0a:bf:1e:16:22:dd:13:90:82:
                    a9:06:47:9d:02:58:ed:ce:62:46:8a:b5:56:44:c5:
                    b2:92:2b:d9:4c:f8:50:c1:00:ea:d4:7f:e8:a7:88:
                    c7:c7:af:6d:a6:cd:e3:67:1f:58:a3:06:81:6f:1a:
                    20:d9:ee:29:0b:fd:21:70:98:fa:2a:99:d1:cb:7f:
                    4b:ee:f5:f3:bc:9f:f0:47:83:47:b0:73:70:d6:d8:
                    84:5a:c3:1f:17:df:0f:cb:50:ee:d4:b9:c0:68:53:
                    3b:48:81:9a:e5:49:6e:a5:a9:1a:15:8f:0a:93:16:
                    b1:00:a6:3b:64:f6:40:44:63:aa:93:e7:b0:59:26:
                    96:29:77:d4:8e:b5:c3:df:ef:bc:28:89:71:8b:12:
                    59:96:c1:2e:71:16:57:bf:cf:de:04:1c:2a:3c:13:
                    e5:9f:ea:69:be:80:1e:62:bb:06:df:f3:77:f9:cb:
                    08:78:ea:91:be:64:98:d3:c6:25:e8:4f:3c:5d:53:
                    53:e9:f2:e3:82:3e:b7:00:1a:3c:9e:7b:29:56:ee:
                    a1:18:5e:94:c6:97:12:43:17:59:ed:5d:2d:ff:d8:
                    81:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:87:54:46:C6:78:41:F3:D1:C3:EA:F1:74:95:4C:EB:91:B0:0F:C9
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS13335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.176.0/22
                  143.14.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:f9:f0:de:e1:98:a7:2e:a8:b9:bc:be:77:35:8e:ea:53:42:
         b7:27:d5:01:58:b6:71:95:6e:40:69:c7:35:dc:e9:1b:f8:14:
         08:c6:16:86:78:13:ed:84:bb:2e:15:a9:87:9d:24:e6:c5:61:
         01:a2:f0:cf:c3:50:ab:95:ca:98:c3:ed:79:ea:4c:a5:11:ac:
         7c:b3:af:82:9e:03:5f:ec:c6:6c:6d:25:f7:23:82:ca:44:41:
         7c:b3:8a:2a:70:a7:46:fe:ef:c2:b0:af:19:10:e8:1f:35:ab:
         a1:53:e6:ed:bc:6a:94:be:fc:7a:d8:58:d8:8f:66:07:ec:15:
         c3:9b:6c:d2:f5:6c:8d:64:67:07:9a:2c:af:43:c0:11:32:ba:
         1d:a4:33:56:69:bc:15:c3:fd:af:e6:9c:43:b4:e7:eb:d1:d0:
         4c:5c:71:c5:0f:52:c3:0d:53:05:ee:c0:51:9b:f1:8f:a8:34:
         24:4c:ff:fc:4f:63:92:46:7e:6f:5a:a8:1f:68:b4:c4:04:99:
         43:75:d3:40:34:d9:3b:71:d7:b0:5e:8b:ed:32:c2:06:64:0e:
         f8:c8:d3:29:ea:d0:c4:54:2d:16:b3:f1:cb:fb:a8:66:3d:b3:
         d6:39:14:3a:c4:36:80:64:3d:f1:2c:9d:56:a4:d1:22:52:82:
         e6:8e:1b:9a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIURi6Dmy9LWyjJ/ILtm3JdWcnYwzswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MjkwNjA0MjVaFw0yNjA3MjgwNjA5MjVaMDMxMTAvBgNV
BAMTKDI4ODc1NDQ2QzY3ODQxRjNEMUMzRUFGMTc0OTU0Q0VCOTFCMDBGQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYBF8Hb/pei6komp+5IyyVDn2/
JSsZ9jv/Fvgf5+E2aYeGvwq/HhYi3ROQgqkGR50CWO3OYkaKtVZExbKSK9lM+FDB
AOrUf+iniMfHr22mzeNnH1ijBoFvGiDZ7ikL/SFwmPoqmdHLf0vu9fO8n/BHg0ew
c3DW2IRawx8X3w/LUO7UucBoUztIgZrlSW6lqRoVjwqTFrEApjtk9kBEY6qT57BZ
JpYpd9SOtcPf77woiXGLElmWwS5xFle/z94EHCo8E+Wf6mm+gB5iuwbf83f5ywh4
6pG+ZJjTxiXoTzxdU1Pp8uOCPrcAGjyeeylW7qEYXpTGlxJDF1ntXS3/2IE/AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUKIdURsZ4QfPRw+rxdJVM65GwD8kwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAKPDrAD
BACPDvswDQYJKoZIhvcNAQELBQADggEBACX58N7hmKcuqLm8vnc1jupTQrcn1QFY
tnGVbkBpxzXc6Rv4FAjGFoZ4E+2Euy4VqYedJObFYQGi8M/DUKuVypjD7XnqTKUR
rHyzr4KeA1/sxmxtJfcjgspEQXyziipwp0b+78KwrxkQ6B81q6FT5u28apS+/HrY
WNiPZgfsFcObbNL1bI1kZweaLK9DwBEyuh2kM1ZpvBXD/a/mnEO05+vR0ExcccUP
UsMNUwXuwFGb8Y+oNCRM//xPY5JGfm9aqB9otMQEmUN100A02Ttx17Bei+0ywgZk
DvjI0ynq0MRULRaz8cv7qGY9s9Y5FDrENoBkPfEsnVak0SJSguaOG5o=
-----END CERTIFICATE-----