Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS13335.roa
File:                     AS13335.roa (raw, json)
Hash identifier:          zjkvHL24+sNZTk5b/THUzumd/ZFYCKjcS6m+9sxn+FA=
Subject key identifier:   82:DF:B1:24:36:57:DE:2C:D8:A1:3B:87:3B:25:EA:73:66:BE:98:F0
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       680FE2AD9C9B30DDAE9E84E4B83F2E8DC3AA01E7
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS13335.roa
Signing time:             Thu 12 Feb 2026 00:00:09 +0000
ROA not before:           Wed 11 Feb 2026 23:55:09 +0000
ROA not after:            Thu 11 Feb 2027 00:00:09 +0000
asID:                     13335
IP address blocks:        143.20.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:0f:e2:ad:9c:9b:30:dd:ae:9e:84:e4:b8:3f:2e:8d:c3:aa:01:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Feb 11 23:55:09 2026 GMT
            Not After : Feb 11 00:00:09 2027 GMT
        Subject: CN=82DFB1243657DE2CD8A13B873B25EA7366BE98F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:aa:43:29:02:6a:9e:ae:94:77:08:38:a2:08:
                    db:8b:c2:8e:4b:13:13:e0:a4:6b:77:8b:27:b6:cc:
                    54:9d:49:78:7b:49:b5:81:4b:d2:62:7a:09:9a:8e:
                    a1:27:60:7f:8f:d1:c8:90:43:48:f1:09:2b:ca:bb:
                    8e:20:2f:e8:5a:8c:fd:10:20:78:ec:57:53:53:c2:
                    e5:88:e6:3b:8b:df:99:c3:63:e3:78:02:ac:20:24:
                    33:b8:92:42:6e:a1:b0:cc:9a:e8:58:c1:d9:25:ba:
                    b6:01:4c:aa:c7:0c:a3:4e:b9:b5:bd:24:d1:1d:38:
                    bf:41:89:4c:74:eb:51:a6:64:f8:c8:42:e7:5c:b2:
                    a1:48:f3:2f:96:2b:b3:e1:50:d3:4d:74:1c:7f:39:
                    2b:29:39:8b:10:ef:3a:68:93:be:f2:6a:d0:53:98:
                    2c:55:2d:c4:84:6b:fa:72:03:17:88:cd:41:c0:51:
                    f3:b7:60:95:eb:c2:12:cc:4a:f5:db:ae:b9:0c:d9:
                    1a:07:58:37:58:bc:97:4e:00:35:1b:8d:91:05:1e:
                    8e:30:2b:46:13:2c:95:2f:e0:83:e4:f4:d5:0b:7e:
                    57:f0:a9:48:6c:e2:eb:14:d7:6e:a9:f7:45:96:74:
                    ec:13:77:69:4e:7a:de:9f:47:0c:76:f4:3f:54:19:
                    19:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:DF:B1:24:36:57:DE:2C:D8:A1:3B:87:3B:25:EA:73:66:BE:98:F0
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS13335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:85:98:53:bf:48:e7:d5:d5:48:ca:fe:6e:5c:d7:92:f6:ad:
         a6:28:19:37:b3:0e:23:e4:73:83:c6:65:43:75:51:4b:8c:dc:
         82:23:36:0a:fd:1c:6a:6c:ad:7c:2e:76:ee:55:7a:b8:cd:9c:
         e1:e4:63:82:36:82:bc:0e:fc:3d:38:af:65:54:7c:e6:ce:fc:
         7a:7e:24:cf:90:d3:bc:55:2f:0b:ec:bd:33:fa:e1:01:1d:bc:
         e4:24:d1:aa:79:d8:e0:c7:2d:c2:0e:e4:cf:75:af:1b:68:b7:
         a5:b3:68:6a:e1:d0:29:b8:bf:10:6a:97:af:8b:a9:32:5f:a8:
         9d:dd:1e:5a:e1:f1:ec:c8:a6:bf:03:16:83:4c:73:04:c6:b7:
         bb:a0:40:41:4f:fe:8c:51:21:58:f3:04:2a:22:76:9b:64:3a:
         6b:b7:61:d6:23:76:ae:50:78:47:33:88:5e:92:ec:c4:c1:21:
         cc:c5:41:3d:a9:d5:ad:f5:c0:0d:e6:c3:12:48:fb:17:0d:15:
         71:da:05:5d:20:4a:2d:16:71:77:f5:0b:39:18:64:f0:80:2d:
         82:58:47:fa:df:7e:eb:49:b4:d8:6d:ee:7a:d4:ca:c3:46:20:
         20:8a:64:f6:45:5c:af:b3:fb:4b:1d:b2:55:13:f9:61:77:8d:
         f2:96:19:a4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUaA/irZybMN2unoTkuD8ujcOqAecwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAyMTEyMzU1MDlaFw0yNzAyMTEwMDAwMDlaMDMxMTAvBgNV
BAMTKDgyREZCMTI0MzY1N0RFMkNEOEExM0I4NzNCMjVFQTczNjZCRTk4RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMqkMpAmqerpR3CDiiCNuLwo5L
ExPgpGt3iye2zFSdSXh7SbWBS9JiegmajqEnYH+P0ciQQ0jxCSvKu44gL+hajP0Q
IHjsV1NTwuWI5juL35nDY+N4AqwgJDO4kkJuobDMmuhYwdklurYBTKrHDKNOubW9
JNEdOL9BiUx061GmZPjIQudcsqFI8y+WK7PhUNNNdBx/OSspOYsQ7zpok77yatBT
mCxVLcSEa/pyAxeIzUHAUfO3YJXrwhLMSvXbrrkM2RoHWDdYvJdOADUbjZEFHo4w
K0YTLJUv4IPk9NULflfwqUhs4usU126p90WWdOwTd2lOet6fRwx29D9UGRn5AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUgt+xJDZX3izYoTuHOyXqc2a+mPAwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFAAw
DQYJKoZIhvcNAQELBQADggEBAJqFmFO/SOfV1UjK/m5c15L2raYoGTezDiPkc4PG
ZUN1UUuM3IIjNgr9HGpsrXwudu5VerjNnOHkY4I2grwO/D04r2VUfObO/Hp+JM+Q
07xVLwvsvTP64QEdvOQk0ap52ODHLcIO5M91rxtot6WzaGrh0Cm4vxBql6+LqTJf
qJ3dHlrh8ezIpr8DFoNMcwTGt7ugQEFP/oxRIVjzBCoidptkOmu3YdYjdq5QeEcz
iF6S7MTBIczFQT2p1a31wA3mwxJI+xcNFXHaBV0gSi0WcXf1CzkYZPCALYJYR/rf
futJtNht7nrUysNGICCKZPZFXK+z+0sdslUT+WF3jfKWGaQ=
-----END CERTIFICATE-----