Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS13335.roa
File:                     AS13335.roa (raw, json)
Hash identifier:          d1T4k2GKdCN6l2wTM8AzWL9EUnZokcmdFZNLtewAX9k=
Subject key identifier:   C9:27:6A:C5:06:39:1B:C3:3E:1D:D2:31:34:50:0F:08:DD:B5:73:6C
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       466806167AADA5505506A44EFF0C1B2686137251
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS13335.roa
Signing time:             Fri 10 Oct 2025 12:40:28 +0000
ROA not before:           Fri 10 Oct 2025 12:35:28 +0000
ROA not after:            Fri 09 Oct 2026 12:40:28 +0000
asID:                     13335
IP address blocks:        82.139.216.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:68:06:16:7a:ad:a5:50:55:06:a4:4e:ff:0c:1b:26:86:13:72:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Oct 10 12:35:28 2025 GMT
            Not After : Oct  9 12:40:28 2026 GMT
        Subject: CN=C9276AC506391BC33E1DD23134500F08DDB5736C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b3:77:1c:a0:1f:dd:ce:84:f6:df:6d:1c:8c:
                    c9:f6:37:95:8a:ab:aa:67:6f:e0:21:00:42:5a:ec:
                    79:12:71:2c:af:f8:1f:43:ff:80:b2:33:2e:5c:db:
                    5f:16:50:21:6f:88:ff:90:ae:64:87:fe:e3:13:fd:
                    44:77:dc:d5:f9:42:87:ee:0b:72:e7:f3:01:6d:ba:
                    10:6e:72:a2:81:b6:3d:66:01:14:d2:a1:34:09:72:
                    3e:f0:49:9c:d1:75:3b:6f:7c:49:31:62:85:09:89:
                    1c:95:c1:56:1a:fc:dc:5c:cf:96:68:a0:b8:4a:d0:
                    c8:3e:c9:2d:d5:ed:5c:df:10:bb:14:51:82:13:21:
                    1e:7e:44:b2:f9:7e:62:b1:28:2d:1c:0a:22:0f:95:
                    19:57:fe:97:09:b7:7b:51:6c:c7:93:3c:de:58:08:
                    8d:06:45:4b:96:f8:d9:92:76:65:38:b0:1d:25:62:
                    8e:1a:7e:f7:07:bc:e6:1f:c2:ea:f9:4e:41:fe:28:
                    e7:f5:d3:73:82:2e:2e:73:3d:78:87:bc:45:04:f6:
                    d6:26:3a:a9:95:01:6b:74:1c:67:32:6f:50:05:db:
                    1e:1b:bf:44:e0:82:2f:8b:31:93:9a:e7:57:95:7f:
                    bb:83:27:ed:c3:48:fb:a5:1a:e2:2b:52:2f:65:b3:
                    05:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:27:6A:C5:06:39:1B:C3:3E:1D:D2:31:34:50:0F:08:DD:B5:73:6C
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS13335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:3a:26:3e:8d:ff:eb:8e:0b:25:74:50:83:93:2d:a6:8f:5d:
         64:78:1e:3f:d4:0e:92:b1:cf:a0:c1:ad:bd:84:90:dd:f1:24:
         9c:cd:fc:8b:84:5d:69:3d:3b:6a:54:dc:b4:7a:14:a3:a5:eb:
         98:be:b7:74:c8:de:41:8d:4c:36:5f:40:24:ab:15:5e:35:ac:
         1d:de:8f:af:db:79:c3:b0:5e:71:3e:73:3b:87:97:69:5a:03:
         15:64:f3:3e:e6:36:b5:64:4c:f2:d9:d2:f6:48:99:bd:5c:5c:
         9e:7f:3b:cc:cd:4f:fe:7c:e7:56:e1:d5:a9:a1:e9:f4:11:e8:
         71:ee:3b:73:4b:bf:9a:0b:4d:43:13:a4:7c:fd:33:85:f0:9a:
         4d:48:37:64:80:e0:00:e1:aa:36:c6:61:7d:a0:54:e5:1b:3b:
         25:33:51:8e:29:07:5b:4a:e3:e1:c7:a5:95:ac:29:cf:f9:d4:
         e4:54:c8:9c:ee:e7:b1:9b:76:62:0c:bf:cd:e8:16:55:d2:0e:
         66:97:fe:11:62:3e:3b:2f:24:58:7a:c3:8a:28:34:12:d2:d4:
         38:7d:d8:77:d5:3c:50:dc:52:04:b8:ae:c3:e9:fe:3a:70:b5:
         b4:e8:c0:21:0c:f0:51:4b:23:80:92:4e:4c:eb:11:c7:c0:41:
         d7:4e:0c:18
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIURmgGFnqtpVBVBqRO/wwbJoYTclEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTEwMTAxMjM1MjhaFw0yNjEwMDkxMjQwMjhaMDMxMTAvBgNV
BAMTKEM5Mjc2QUM1MDYzOTFCQzMzRTFERDIzMTM0NTAwRjA4RERCNTczNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCos3ccoB/dzoT2320cjMn2N5WK
q6pnb+AhAEJa7HkScSyv+B9D/4CyMy5c218WUCFviP+QrmSH/uMT/UR33NX5Qofu
C3Ln8wFtuhBucqKBtj1mARTSoTQJcj7wSZzRdTtvfEkxYoUJiRyVwVYa/Nxcz5Zo
oLhK0Mg+yS3V7VzfELsUUYITIR5+RLL5fmKxKC0cCiIPlRlX/pcJt3tRbMeTPN5Y
CI0GRUuW+NmSdmU4sB0lYo4afvcHvOYfwur5TkH+KOf103OCLi5zPXiHvEUE9tYm
OqmVAWt0HGcyb1AF2x4bv0Tggi+LMZOa51eVf7uDJ+3DSPulGuIrUi9lswWLAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUySdqxQY5G8M+HdIxNFAPCN21c2wwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMTMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFSi9gw
DQYJKoZIhvcNAQELBQADggEBAJc6Jj6N/+uOCyV0UIOTLaaPXWR4Hj/UDpKxz6DB
rb2EkN3xJJzN/IuEXWk9O2pU3LR6FKOl65i+t3TI3kGNTDZfQCSrFV41rB3ej6/b
ecOwXnE+czuHl2laAxVk8z7mNrVkTPLZ0vZImb1cXJ5/O8zNT/5851bh1amh6fQR
6HHuO3NLv5oLTUMTpHz9M4Xwmk1IN2SA4ADhqjbGYX2gVOUbOyUzUY4pB1tK4+HH
pZWsKc/51ORUyJzu57GbdmIMv83oFlXSDmaX/hFiPjsvJFh6w4ooNBLS1Dh92HfV
PFDcUgS4rsPp/jpwtbTowCEM8FFLI4CSTkzrEcfAQddODBg=
-----END CERTIFICATE-----