Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS13335.roa
File:                     AS13335.roa (raw, json)
Hash identifier:          pOj/eGYhpf6y+oOasMNESHMcApWplCL1QvSR9z7NNYQ=
Subject key identifier:   2D:45:03:B7:7C:08:0A:57:5C:ED:87:9B:46:4D:72:CF:F9:64:16:AC
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       28617F32674958F7C5B993E65DC366837F1073B5
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS13335.roa
Signing time:             Sat 12 Jul 2025 13:30:46 +0000
ROA not before:           Sat 12 Jul 2025 13:25:46 +0000
ROA not after:            Sat 11 Jul 2026 13:30:46 +0000
asID:                     13335
IP address blocks:        143.20.0.0/24 maxlen: 24
                          143.20.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:23:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:61:7f:32:67:49:58:f7:c5:b9:93:e6:5d:c3:66:83:7f:10:73:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 12 13:25:46 2025 GMT
            Not After : Jul 11 13:30:46 2026 GMT
        Subject: CN=2D4503B77C080A575CED879B464D72CFF96416AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:89:33:d4:7a:aa:5f:b1:80:09:39:f8:13:6f:
                    c9:78:a4:c4:1e:1f:25:2e:7c:ab:63:dc:1f:23:a5:
                    a3:0e:06:68:f8:20:f9:13:b1:dd:e4:b6:81:52:04:
                    e9:fb:fb:71:8c:fd:32:c0:36:e2:b6:32:61:b8:d0:
                    63:27:6c:92:76:80:11:45:1c:21:5a:a4:13:5b:5b:
                    9d:51:01:ea:04:3b:bc:a3:c7:84:6d:0d:d4:6a:f7:
                    12:f8:70:c2:f6:22:cd:db:35:f0:96:c1:14:27:15:
                    4d:43:ad:94:c2:44:44:42:a1:f6:27:a6:26:e3:f6:
                    b6:d2:15:91:c8:77:2b:4f:f3:f4:50:b6:0c:58:42:
                    6e:15:b7:32:48:b2:11:ac:a1:3b:e0:0e:21:e9:27:
                    fa:69:97:4a:31:3f:15:53:2a:c0:79:b6:6b:23:4a:
                    dc:91:8a:2c:0b:79:f8:b5:a7:a6:1c:cd:a4:73:2b:
                    68:2e:e3:45:4d:8b:1c:7c:48:a2:55:ca:ac:cd:d0:
                    9a:b1:04:aa:b7:d4:27:a2:cb:d8:57:ad:1a:35:47:
                    96:2b:69:35:14:67:7f:7a:47:1d:0f:d7:92:c1:64:
                    04:fc:c5:81:fa:b7:d8:90:bc:3a:3b:81:87:71:44:
                    4b:44:c3:25:e6:dd:a5:f0:78:f1:4c:bf:c2:ab:45:
                    00:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:45:03:B7:7C:08:0A:57:5C:ED:87:9B:46:4D:72:CF:F9:64:16:AC
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS13335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.0.0/24
                  143.20.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:52:f9:de:a3:3a:6a:af:ee:6e:b5:3a:d4:ab:fc:02:e2:17:
         d0:cf:49:d2:75:ac:b3:1e:7c:84:4d:99:31:8f:c7:3f:c6:39:
         bf:84:fe:09:04:b4:f1:8e:92:ff:8c:4b:9b:20:6b:19:69:ab:
         15:a9:f9:31:9f:5f:eb:42:57:47:fb:60:6b:ad:ac:86:28:df:
         b6:2b:81:99:17:88:d0:d3:54:e3:d8:46:2b:45:44:02:52:8c:
         fe:7e:c7:f4:f0:af:33:5a:ce:af:75:02:94:5c:d1:a2:78:af:
         f1:e5:a3:a4:f2:15:e8:ca:12:1a:e9:0b:50:d8:e8:f5:a3:65:
         ac:2f:0e:da:14:54:6b:83:1d:f3:17:c1:f5:a9:3d:1a:16:48:
         d5:85:e0:35:bb:76:9f:d3:cd:65:84:58:99:53:47:1f:a4:b2:
         d6:be:32:bd:8f:02:ec:a7:62:e1:39:81:c3:c7:a9:d9:27:ad:
         ab:d5:9d:ff:9e:88:f0:04:b2:c9:04:f5:f6:64:4d:43:59:11:
         0c:81:38:96:2c:f7:d2:0f:04:36:78:db:dc:0d:39:8d:32:6b:
         26:63:67:a6:52:cc:3a:33:cf:ad:a8:e7:68:a1:07:b4:1e:f0:
         8a:b7:b7:85:a4:c4:97:e2:09:00:06:45:55:57:3f:44:37:0e:
         90:09:58:d3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUKGF/MmdJWPfFuZPmXcNmg38Qc7UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTIxMzI1NDZaFw0yNjA3MTExMzMwNDZaMDMxMTAvBgNV
BAMTKDJENDUwM0I3N0MwODBBNTc1Q0VEODc5QjQ2NEQ3MkNGRjk2NDE2QUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyiTPUeqpfsYAJOfgTb8l4pMQe
HyUufKtj3B8jpaMOBmj4IPkTsd3ktoFSBOn7+3GM/TLANuK2MmG40GMnbJJ2gBFF
HCFapBNbW51RAeoEO7yjx4RtDdRq9xL4cML2Is3bNfCWwRQnFU1DrZTCRERCofYn
pibj9rbSFZHIdytP8/RQtgxYQm4VtzJIshGsoTvgDiHpJ/ppl0oxPxVTKsB5tmsj
StyRiiwLefi1p6YczaRzK2gu40VNixx8SKJVyqzN0JqxBKq31Ceiy9hXrRo1R5Yr
aTUUZ396Rx0P15LBZAT8xYH6t9iQvDo7gYdxREtEwyXm3aXwePFMv8KrRQDZAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQULUUDt3wICldc7YebRk1yz/lkFqwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACPFAAD
BACPFPcwDQYJKoZIhvcNAQELBQADggEBAINS+d6jOmqv7m61OtSr/ALiF9DPSdJ1
rLMefIRNmTGPxz/GOb+E/gkEtPGOkv+MS5sgaxlpqxWp+TGfX+tCV0f7YGutrIYo
37YrgZkXiNDTVOPYRitFRAJSjP5+x/TwrzNazq91ApRc0aJ4r/Hlo6TyFejKEhrp
C1DY6PWjZawvDtoUVGuDHfMXwfWpPRoWSNWF4DW7dp/TzWWEWJlTRx+ksta+Mr2P
AuynYuE5gcPHqdknravVnf+eiPAEsskE9fZkTUNZEQyBOJYs99IPBDZ429wNOY0y
ayZjZ6ZSzDozz62o52ihB7Qe8Iq3t4WkxJfiCQAGRVVXP0Q3DpAJWNM=
-----END CERTIFICATE-----