Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS33355.roa
File:                     AS33355.roa (raw, json)
Hash identifier:          8NhSl/hRmKHjlnpolJw1TBbYzb1MNjWtuL8KFI+nZNw=
Subject key identifier:   71:23:95:89:C1:47:B6:F9:1F:A5:7A:D1:DA:B2:E8:CF:62:83:C7:01
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7CA52D1ABE89DB326A55C72B1D5808D79AEEB3F8
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS33355.roa
Signing time:             Thu 19 Feb 2026 05:17:01 +0000
ROA not before:           Thu 19 Feb 2026 05:12:01 +0000
ROA not after:            Thu 18 Feb 2027 05:17:01 +0000
asID:                     33355
IP address blocks:        96.62.217.0/24 maxlen: 24
                          155.117.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:a5:2d:1a:be:89:db:32:6a:55:c7:2b:1d:58:08:d7:9a:ee:b3:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 19 05:12:01 2026 GMT
            Not After : Feb 18 05:17:01 2027 GMT
        Subject: CN=71239589C147B6F91FA57AD1DAB2E8CF6283C701
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:20:ee:92:04:38:c6:b9:ce:f6:54:dc:74:c6:
                    9f:44:5b:f2:21:8e:95:2d:38:70:bc:c7:4d:77:ea:
                    60:6f:77:7a:6e:ef:a5:31:67:a1:ff:49:3e:dc:00:
                    d0:b0:e7:fc:d0:d3:54:b4:00:52:75:bf:91:4b:a0:
                    10:79:0f:03:c6:5e:be:f8:ee:2e:cc:3d:1d:7e:a5:
                    1a:f8:2c:3e:6a:b6:4e:cc:39:8d:73:10:2c:d8:b6:
                    85:a0:1a:12:c3:38:53:63:c4:35:e2:5f:74:78:db:
                    51:30:ad:dd:06:11:3b:1e:f4:1f:d2:ac:97:65:4f:
                    4b:d6:3d:93:18:19:05:f6:01:06:db:47:86:ef:a1:
                    e1:7b:44:c0:43:8b:70:97:1d:aa:76:b6:f1:12:e6:
                    8e:8c:27:69:53:33:5d:c0:77:b1:dc:a9:27:fc:3b:
                    c9:d4:7c:95:2d:8d:3e:64:ac:bc:d1:4c:b0:6f:11:
                    00:01:29:1d:85:ea:b1:07:b2:92:01:b5:95:50:56:
                    e1:08:ee:f1:17:31:05:20:67:e8:4e:03:a1:bc:56:
                    b7:bc:a9:e0:db:6d:67:2d:43:a1:ce:33:4a:96:0b:
                    23:1e:ef:1c:99:0e:01:66:c2:6d:76:3a:08:66:83:
                    1f:da:f6:c4:bd:13:83:76:b5:85:a0:25:f2:03:e6:
                    fd:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:23:95:89:C1:47:B6:F9:1F:A5:7A:D1:DA:B2:E8:CF:62:83:C7:01
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS33355.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.217.0/24
                  155.117.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:1a:e1:ea:66:92:37:cf:22:0a:60:05:f3:61:22:01:59:ac:
         e6:ec:4f:60:9f:b7:55:19:08:4d:90:a4:1d:72:f4:5b:e3:01:
         d5:4b:30:01:7a:65:50:7b:33:98:0f:4c:9f:d4:96:a1:42:6a:
         e6:f6:d0:c3:05:bf:9d:50:1e:09:72:c7:03:14:ce:40:42:d8:
         5f:e1:fa:fc:25:02:39:54:2c:1b:9f:8b:fd:25:44:7a:d9:37:
         46:a4:94:7d:e3:8c:a7:9c:63:a3:69:cc:0d:33:c1:58:c5:72:
         60:b7:d8:a3:a3:b8:ad:29:9c:00:7e:a6:a6:e6:b9:6b:88:30:
         62:6c:23:21:4f:d0:f2:e2:02:6b:bc:87:01:3f:dc:ff:0e:1e:
         27:5a:96:a8:04:5e:b4:55:17:98:85:ce:f1:d2:3a:68:7c:f1:
         91:d1:64:52:6e:5c:d1:8c:6f:de:44:0e:41:0c:92:23:47:b7:
         f1:ad:1e:3f:11:5c:dc:95:40:7c:20:02:e2:f2:cd:fc:c8:52:
         9d:0f:47:96:15:e8:58:00:bd:f4:70:1a:3b:1d:02:04:b6:d8:
         7f:8d:59:e7:36:8b:6e:f2:a0:d6:b8:ea:d2:49:be:3c:3f:49:
         47:84:65:c8:c0:44:26:b0:50:2d:d5:73:c2:75:ef:f6:c5:2b:
         0f:1e:c3:03
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUfKUtGr6J2zJqVccrHVgI15rus/gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMTkwNTEyMDFaFw0yNzAyMTgwNTE3MDFaMDMxMTAvBgNV
BAMTKDcxMjM5NTg5QzE0N0I2RjkxRkE1N0FEMURBQjJFOENGNjI4M0M3MDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6IO6SBDjGuc72VNx0xp9EW/Ih
jpUtOHC8x0136mBvd3pu76UxZ6H/ST7cANCw5/zQ01S0AFJ1v5FLoBB5DwPGXr74
7i7MPR1+pRr4LD5qtk7MOY1zECzYtoWgGhLDOFNjxDXiX3R421Ewrd0GETse9B/S
rJdlT0vWPZMYGQX2AQbbR4bvoeF7RMBDi3CXHap2tvES5o6MJ2lTM13Ad7HcqSf8
O8nUfJUtjT5krLzRTLBvEQABKR2F6rEHspIBtZVQVuEI7vEXMQUgZ+hOA6G8Vre8
qeDbbWctQ6HOM0qWCyMe7xyZDgFmwm12Oghmgx/a9sS9E4N2tYWgJfID5v2vAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUcSOVicFHtvkfpXrR2rLoz2KDxwEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzMzNTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABgPtkD
BACbdRAwDQYJKoZIhvcNAQELBQADggEBAGQa4epmkjfPIgpgBfNhIgFZrObsT2Cf
t1UZCE2QpB1y9FvjAdVLMAF6ZVB7M5gPTJ/UlqFCaub20MMFv51QHglyxwMUzkBC
2F/h+vwlAjlULBufi/0lRHrZN0aklH3jjKecY6NpzA0zwVjFcmC32KOjuK0pnAB+
pqbmuWuIMGJsIyFP0PLiAmu8hwE/3P8OHidalqgEXrRVF5iFzvHSOmh88ZHRZFJu
XNGMb95EDkEMkiNHt/GtHj8RXNyVQHwgAuLyzfzIUp0PR5YV6FgAvfRwGjsdAgS2
2H+NWec2i27yoNa46tJJvjw/SUeEZcjARCawUC3Vc8J17/bFKw8ewwM=
-----END CERTIFICATE-----