Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS13335.roa
File:                     AS13335.roa (raw, json)
Hash identifier:          0oDvQPalPHk6N+X/URtSwfOR7wA6YxXG6kYZipIcnZ8=
Subject key identifier:   3A:BD:33:8B:32:3A:54:75:55:57:DB:12:5F:B1:CA:42:43:70:61:88
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       4A2B5BA35EB4874B0690386CA9CE16D1175242A6
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS13335.roa
Signing time:             Sun 26 Oct 2025 19:17:48 +0000
ROA not before:           Sun 26 Oct 2025 19:12:48 +0000
ROA not after:            Sun 25 Oct 2026 19:17:48 +0000
asID:                     13335
IP address blocks:        45.146.81.0/24 maxlen: 24
                          45.157.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:55:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:2b:5b:a3:5e:b4:87:4b:06:90:38:6c:a9:ce:16:d1:17:52:42:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 26 19:12:48 2025 GMT
            Not After : Oct 25 19:17:48 2026 GMT
        Subject: CN=3ABD338B323A54755557DB125FB1CA4243706188
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:66:92:8e:7c:1e:4b:3d:b0:e0:70:cd:06:de:
                    43:9e:03:01:9d:ac:ce:82:03:08:6b:d2:74:ec:27:
                    7d:7b:69:b1:af:25:3b:2e:2b:36:ad:72:0b:70:11:
                    d1:15:25:1a:2c:ef:d8:82:bb:be:77:fe:2e:aa:76:
                    79:d2:41:28:fb:6f:ac:34:80:e8:59:b4:04:0b:39:
                    1d:ac:e4:12:17:3f:68:f3:a0:bd:b7:e0:94:38:6a:
                    2e:49:b2:d5:99:35:c6:a9:07:07:8a:6b:ed:fc:5d:
                    63:29:51:5c:19:c8:98:7e:41:85:a6:e2:9b:0d:c6:
                    86:0c:35:87:c5:8c:0c:b5:44:5a:41:c0:24:1d:0d:
                    5f:73:9f:dc:8e:86:27:63:5b:5a:84:48:25:e1:69:
                    47:c7:f3:7d:ca:06:17:85:17:a0:22:31:2d:33:ba:
                    c2:e0:73:08:f8:93:10:71:a3:a5:5b:2c:c2:f8:fe:
                    9a:b8:49:d3:99:09:78:0c:d0:7c:f7:f2:79:66:72:
                    a5:40:93:f0:1b:34:99:3b:42:63:d5:8b:66:d6:b4:
                    f2:48:19:35:40:41:8c:fb:a1:fb:05:b5:7d:ad:db:
                    7b:2b:c5:7d:c8:56:cb:2f:e4:4e:3c:b5:18:72:cc:
                    4e:7d:d7:b2:c0:69:24:2b:40:45:35:5f:e5:6b:88:
                    24:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:BD:33:8B:32:3A:54:75:55:57:DB:12:5F:B1:CA:42:43:70:61:88
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS13335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.81.0/24
                  45.157.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:9b:25:b3:5c:a0:3f:b6:8f:53:dd:7a:28:2e:ed:72:70:55:
         2d:0b:2b:75:6f:db:8b:6e:a1:ea:1f:90:9f:a3:30:67:ae:d2:
         09:63:2c:22:37:f1:f2:6b:54:b9:ca:2c:dd:ea:13:ea:75:0a:
         a6:0f:e8:3b:5f:01:a6:86:22:47:d4:c2:29:d0:24:2a:1e:24:
         e9:2c:d0:83:08:fa:a3:5e:ce:99:b3:6f:06:33:25:a0:67:ca:
         ab:e7:d1:72:23:2a:af:5a:e4:2d:24:96:ba:dd:01:d8:d8:5c:
         74:c8:26:a9:a5:e6:79:14:39:e4:68:a7:f4:de:52:66:e4:7b:
         48:e5:90:9b:d3:27:ee:aa:66:5f:3e:4d:12:02:d4:06:fa:33:
         a1:b2:8f:a0:68:00:7d:d1:67:a3:b5:f2:a1:45:c3:8f:30:1b:
         bf:19:95:33:30:35:d6:c5:b9:59:e7:89:1b:13:69:2c:11:c8:
         22:c5:66:e0:aa:d6:60:46:c5:c2:20:fd:96:63:b8:27:67:65:
         68:1b:5a:4d:9e:cb:d3:75:e6:04:a5:03:ee:b7:a1:61:34:ad:
         25:64:2f:69:28:08:68:34:1f:0d:50:3a:5d:f4:41:bd:35:37:
         a6:63:7f:1d:06:f8:94:40:7c:15:88:7f:e4:dc:b9:98:15:f2:
         45:91:53:eb
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUSitbo160h0sGkDhsqc4W0RdSQqYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEwMjYxOTEyNDhaFw0yNjEwMjUxOTE3NDhaMDMxMTAvBgNV
BAMTKDNBQkQzMzhCMzIzQTU0NzU1NTU3REIxMjVGQjFDQTQyNDM3MDYxODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+ZpKOfB5LPbDgcM0G3kOeAwGd
rM6CAwhr0nTsJ317abGvJTsuKzatcgtwEdEVJRos79iCu753/i6qdnnSQSj7b6w0
gOhZtAQLOR2s5BIXP2jzoL234JQ4ai5JstWZNcapBweKa+38XWMpUVwZyJh+QYWm
4psNxoYMNYfFjAy1RFpBwCQdDV9zn9yOhidjW1qESCXhaUfH833KBheFF6AiMS0z
usLgcwj4kxBxo6VbLML4/pq4SdOZCXgM0Hz38nlmcqVAk/AbNJk7QmPVi2bWtPJI
GTVAQYz7ofsFtX2t23srxX3IVssv5E48tRhyzE5917LAaSQrQEU1X+VriCS1AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUOr0zizI6VHVVV9sSX7HKQkNwYYgwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtklED
BAAtnREwDQYJKoZIhvcNAQELBQADggEBACCbJbNcoD+2j1Pdeigu7XJwVS0LK3Vv
24tuoeofkJ+jMGeu0gljLCI38fJrVLnKLN3qE+p1CqYP6DtfAaaGIkfUwinQJCoe
JOks0IMI+qNezpmzbwYzJaBnyqvn0XIjKq9a5C0klrrdAdjYXHTIJqml5nkUOeRo
p/TeUmbke0jlkJvTJ+6qZl8+TRIC1Ab6M6Gyj6BoAH3RZ6O18qFFw48wG78ZlTMw
NdbFuVnniRsTaSwRyCLFZuCq1mBGxcIg/ZZjuCdnZWgbWk2ey9N15gSlA+63oWE0
rSVkL2koCGg0Hw1QOl30Qb01N6Zjfx0G+JRAfBWIf+TcuZgV8kWRU+s=
-----END CERTIFICATE-----