Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS13347.roa
File:                     AS13347.roa (raw, json)
Hash identifier:          UXkv4L4WF/rzZZHGbvYpwaN9Adg7AkO1z9xX/bPHATo=
Subject key identifier:   40:29:86:B9:9E:EF:BF:6E:C0:7F:CD:AA:4A:E2:26:4D:29:85:A0:76
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       25E65D54F3984934940E5D381A55C6822EC2485F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS13347.roa
Signing time:             Wed 28 May 2025 04:02:21 +0000
ROA not before:           Wed 28 May 2025 03:57:21 +0000
ROA not after:            Wed 27 May 2026 04:02:21 +0000
asID:                     13347
IP address blocks:        162.141.124.0/22 maxlen: 24
                          167.148.216.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:e6:5d:54:f3:98:49:34:94:0e:5d:38:1a:55:c6:82:2e:c2:48:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 28 03:57:21 2025 GMT
            Not After : May 27 04:02:21 2026 GMT
        Subject: CN=402986B99EEFBF6EC07FCDAA4AE2264D2985A076
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c2:2d:64:e6:29:d5:99:27:df:0b:06:52:96:
                    eb:82:01:2c:0d:bf:55:31:e8:92:11:c1:20:d6:ca:
                    b5:2e:b4:9d:0a:ba:f9:e5:d6:01:2c:d3:f7:44:96:
                    e2:34:a3:cc:ba:45:31:37:a7:1a:d7:d1:d8:37:4a:
                    30:1b:59:c6:bb:c7:26:cd:66:d6:9e:0f:d7:b3:35:
                    49:f6:2c:60:b0:67:9c:9d:21:cb:84:ec:42:a9:61:
                    b5:a3:09:8f:c6:60:c5:f1:02:ef:8b:46:81:bc:07:
                    82:3f:30:3a:cd:a4:89:2b:6e:d2:40:e4:0f:db:e5:
                    39:e3:c9:dd:15:31:3f:71:a7:cc:8f:1b:96:1b:19:
                    e7:58:07:e5:1d:56:4b:0c:1f:8b:b5:59:24:f6:b5:
                    24:c0:98:84:57:e2:1a:11:42:51:03:32:4a:46:4d:
                    be:2f:56:92:22:b6:43:19:9b:c4:ab:57:f3:f8:43:
                    d5:fb:89:f2:07:d5:51:ad:bf:cd:e4:da:c9:11:36:
                    c9:fe:af:18:cb:e8:8b:a1:bb:29:db:6d:1a:b6:74:
                    4a:50:ed:03:cb:07:49:a3:3a:c9:7f:5a:4a:5d:ae:
                    f5:ab:6b:c4:64:70:53:f1:ad:d2:fa:5a:6f:33:32:
                    7d:3d:56:fa:95:c2:4b:04:8a:ac:72:bb:27:3a:a2:
                    ac:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:29:86:B9:9E:EF:BF:6E:C0:7F:CD:AA:4A:E2:26:4D:29:85:A0:76
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS13347.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.124.0/22
                  167.148.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:b3:ad:81:65:51:0f:cd:af:52:e0:5a:b3:cf:4c:54:24:b4:
         cf:1a:7a:3a:df:5a:39:84:3c:7f:5a:c2:96:a4:b9:c8:d4:4f:
         38:78:19:db:16:f4:bd:57:83:01:d4:5a:1f:dd:01:a5:87:95:
         62:a0:c0:54:b4:3d:e4:23:c5:05:6b:25:bb:c3:41:a1:7e:f0:
         7d:6f:32:78:c9:82:49:98:57:b1:73:fb:6d:97:b1:20:16:5f:
         d0:48:3c:99:10:54:44:f1:86:8d:17:a0:ce:5a:49:a5:02:d2:
         15:fd:91:8f:00:13:3a:30:03:e0:de:8c:3f:75:7d:12:85:5e:
         e3:2a:54:8e:45:aa:a8:be:8c:c5:d5:5a:37:75:7e:08:11:05:
         54:91:3f:cb:4f:f9:c2:50:49:16:b9:6b:ed:c9:c3:ec:4a:5f:
         71:88:58:34:f0:ab:ca:23:28:d3:44:f6:d2:ec:37:08:0d:69:
         47:c0:8b:02:e5:12:e0:f8:1a:86:17:a3:2b:c4:f0:ef:2e:ec:
         0c:8a:7f:ae:8f:f7:3c:55:06:cd:6d:a1:09:9a:8a:01:95:9e:
         14:0f:7c:65:00:3a:87:cb:b9:f6:b5:fe:4a:3c:ba:df:e7:81:
         90:1e:17:86:8f:70:19:48:0e:de:57:5e:89:3a:7d:0a:b9:1a:
         51:83:59:c2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUJeZdVPOYSTSUDl04GlXGgi7CSF8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MjgwMzU3MjFaFw0yNjA1MjcwNDAyMjFaMDMxMTAvBgNV
BAMTKDQwMjk4NkI5OUVFRkJGNkVDMDdGQ0RBQTRBRTIyNjREMjk4NUEwNzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0wi1k5inVmSffCwZSluuCASwN
v1Ux6JIRwSDWyrUutJ0Kuvnl1gEs0/dEluI0o8y6RTE3pxrX0dg3SjAbWca7xybN
ZtaeD9ezNUn2LGCwZ5ydIcuE7EKpYbWjCY/GYMXxAu+LRoG8B4I/MDrNpIkrbtJA
5A/b5Tnjyd0VMT9xp8yPG5YbGedYB+UdVksMH4u1WST2tSTAmIRX4hoRQlEDMkpG
Tb4vVpIitkMZm8SrV/P4Q9X7ifIH1VGtv83k2skRNsn+rxjL6IuhuynbbRq2dEpQ
7QPLB0mjOsl/WkpdrvWra8RkcFPxrdL6Wm8zMn09VvqVwksEiqxyuyc6oqzZAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUQCmGuZ7vv27Af82qSuImTSmFoHYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTMzNDcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAKijXwD
BAKnlNgwDQYJKoZIhvcNAQELBQADggEBAJizrYFlUQ/Nr1LgWrPPTFQktM8aejrf
WjmEPH9awpakucjUTzh4GdsW9L1XgwHUWh/dAaWHlWKgwFS0PeQjxQVrJbvDQaF+
8H1vMnjJgkmYV7Fz+22XsSAWX9BIPJkQVETxho0XoM5aSaUC0hX9kY8AEzowA+De
jD91fRKFXuMqVI5Fqqi+jMXVWjd1fggRBVSRP8tP+cJQSRa5a+3Jw+xKX3GIWDTw
q8ojKNNE9tLsNwgNaUfAiwLlEuD4GoYXoyvE8O8u7AyKf66P9zxVBs1toQmaigGV
nhQPfGUAOofLufa1/ko8ut/ngZAeF4aPcBlIDt5XXok6fQq5GlGDWcI=
-----END CERTIFICATE-----