Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13335.roa
File:                     AS13335.roa (raw, json)
Hash identifier:          tBuGbTkFosPYRQqg2i6jvmCHyHi4JVbaOgFZx8ovWeE=
Subject key identifier:   C3:F3:83:55:ED:1C:B4:90:16:8E:9D:6B:E7:60:D6:E2:C2:EF:F1:04
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       73B2D68C5A5CE5643B6E578784DB6713846F23F5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13335.roa
Signing time:             Mon 10 Feb 2025 17:14:38 +0000
ROA not before:           Mon 10 Feb 2025 17:09:38 +0000
ROA not after:            Mon 09 Feb 2026 17:14:38 +0000
asID:                     13335
IP address blocks:        185.158.133.0/24 maxlen: 24
                          191.96.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:b2:d6:8c:5a:5c:e5:64:3b:6e:57:87:84:db:67:13:84:6f:23:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 10 17:09:38 2025 GMT
            Not After : Feb  9 17:14:38 2026 GMT
        Subject: CN=C3F38355ED1CB490168E9D6BE760D6E2C2EFF104
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2a:87:5b:02:b4:6a:d0:0b:4b:96:4b:74:29:
                    67:03:d2:ba:e4:7c:a5:b6:c2:38:74:42:a0:f7:47:
                    0d:04:0c:7c:34:fc:d0:eb:38:67:1a:6f:78:c5:05:
                    cf:84:2f:9a:06:c4:4a:95:24:3b:99:1a:66:e7:75:
                    ca:c4:f4:62:de:3a:fa:26:ab:3d:b6:20:99:fd:7b:
                    af:8e:53:46:fb:0e:2a:9c:b6:75:24:2c:63:f3:cc:
                    bf:54:f5:c0:49:d0:5c:62:1c:0d:97:62:d9:59:68:
                    76:b7:fa:08:9b:39:e9:aa:45:88:af:b8:10:02:1a:
                    23:ac:a1:a8:59:1f:b1:d9:ce:82:dd:95:b1:8a:d9:
                    23:3b:b7:cf:05:5c:72:60:b5:49:22:2b:e7:fb:88:
                    55:c8:f3:aa:28:cb:a0:d0:5e:eb:bb:43:9a:6b:85:
                    78:22:fc:b2:7f:ac:64:98:bc:f8:f1:4d:5b:8e:a8:
                    18:0c:c4:8c:61:a9:e2:2f:60:37:2e:96:6e:b0:f0:
                    ea:a2:72:41:e3:89:95:82:8e:75:c9:69:cf:b4:99:
                    df:39:84:d1:cf:0b:d3:bf:13:28:22:cb:07:09:45:
                    25:3e:9f:71:dd:bc:bc:e7:96:e3:46:c5:aa:c0:af:
                    19:3b:69:25:bc:49:f5:fd:2d:2c:9f:5f:4d:c5:e9:
                    94:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:F3:83:55:ED:1C:B4:90:16:8E:9D:6B:E7:60:D6:E2:C2:EF:F1:04
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.133.0/24
                  191.96.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:25:b4:5f:7f:ff:82:b4:3b:49:de:88:e9:82:58:92:a6:14:
         a9:c3:c4:22:50:af:59:df:c8:ac:3e:bc:63:78:c0:f7:91:51:
         f8:c3:08:a4:6a:e5:97:dd:4b:6a:d4:50:e5:81:3a:ec:60:ea:
         b6:88:95:e3:48:ad:81:14:a2:6e:52:03:b7:68:9d:54:68:6a:
         dd:2d:87:e2:17:3c:f1:5a:10:1c:27:16:ef:69:91:1d:45:df:
         95:2f:a7:97:e5:c8:04:ea:9e:52:4e:77:ed:b8:23:f4:54:ac:
         51:f8:81:a5:c1:84:16:a1:74:8f:49:68:ce:1a:d0:9f:1d:be:
         5e:f8:d9:f5:e3:5d:0c:71:a0:f5:61:45:73:e5:27:d3:39:e7:
         7c:64:44:49:25:d5:77:f6:a7:b2:d3:7b:48:be:1b:7f:e0:ee:
         a8:ff:ea:32:99:89:a6:f4:17:61:4e:59:aa:98:71:c3:c1:51:
         e7:e5:c2:92:56:33:f0:c6:cb:dd:cc:3f:a9:ee:fa:80:16:70:
         13:fe:8b:47:78:ff:2e:3d:3a:c0:56:83:4d:b9:3f:77:fc:5e:
         47:1d:49:ce:96:1a:d9:0b:0c:37:61:cc:4c:48:39:da:e1:53:
         69:e8:fc:5b:be:9d:89:5e:d6:e3:e7:92:39:9c:25:6e:6a:45:
         e6:9b:02:3a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUc7LWjFpc5WQ7bleHhNtnE4RvI/UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAyMTAxNzA5MzhaFw0yNjAyMDkxNzE0MzhaMDMxMTAvBgNV
BAMTKEMzRjM4MzU1RUQxQ0I0OTAxNjhFOUQ2QkU3NjBENkUyQzJFRkYxMDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIKodbArRq0AtLlkt0KWcD0rrk
fKW2wjh0QqD3Rw0EDHw0/NDrOGcab3jFBc+EL5oGxEqVJDuZGmbndcrE9GLeOvom
qz22IJn9e6+OU0b7DiqctnUkLGPzzL9U9cBJ0FxiHA2XYtlZaHa3+gibOemqRYiv
uBACGiOsoahZH7HZzoLdlbGK2SM7t88FXHJgtUkiK+f7iFXI86ooy6DQXuu7Q5pr
hXgi/LJ/rGSYvPjxTVuOqBgMxIxhqeIvYDculm6w8OqickHjiZWCjnXJac+0md85
hNHPC9O/EygiywcJRSU+n3HdvLznluNGxarArxk7aSW8SfX9LSyfX03F6ZTHAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUw/ODVe0ctJAWjp1r52DW4sLv8QQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC5noUD
BAC/YFEwDQYJKoZIhvcNAQELBQADggEBAIkltF9//4K0O0neiOmCWJKmFKnDxCJQ
r1nfyKw+vGN4wPeRUfjDCKRq5ZfdS2rUUOWBOuxg6raIleNIrYEUom5SA7donVRo
at0th+IXPPFaEBwnFu9pkR1F35Uvp5flyATqnlJOd+24I/RUrFH4gaXBhBahdI9J
aM4a0J8dvl742fXjXQxxoPVhRXPlJ9M553xkREkl1Xf2p7LTe0i+G3/g7qj/6jKZ
iab0F2FOWaqYccPBUeflwpJWM/DGy93MP6nu+oAWcBP+i0d4/y49OsBWg025P3f8
XkcdSc6WGtkLDDdhzExIOdrhU2no/Fu+nYle1uPnkjmcJW5qReabAjo=
-----END CERTIFICATE-----