Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13335.roa
File:                     AS13335.roa (raw, json)
Hash identifier:          o3BJDDBbzPIG1Xc+TEv+B3o0HTiJnaiF5+oTPfy0Iis=
Subject key identifier:   FE:51:85:92:F0:59:BB:A0:47:01:05:86:F1:D5:DC:E1:3D:57:8B:E1
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       292FEC6F3E6724A3C3E7F96B9718F08E88BBF38B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13335.roa
Signing time:             Mon 13 Jul 2026 10:45:26 +0000
ROA not before:           Mon 13 Jul 2026 10:40:26 +0000
ROA not after:            Mon 12 Jul 2027 10:45:26 +0000
asID:                     13335
IP address blocks:        5.252.81.0/24 maxlen: 24
                          181.215.196.0/24 maxlen: 24
                          185.158.133.0/24 maxlen: 24
                          191.96.81.0/24 maxlen: 24
                          191.101.212.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 17:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:2f:ec:6f:3e:67:24:a3:c3:e7:f9:6b:97:18:f0:8e:88:bb:f3:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 13 10:40:26 2026 GMT
            Not After : Jul 12 10:45:26 2027 GMT
        Subject: CN=FE518592F059BBA047010586F1D5DCE13D578BE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ff:68:4a:8d:d2:d3:52:1f:6b:de:90:d3:35:
                    39:98:76:0a:61:2a:3a:58:fb:23:0d:c1:32:dc:df:
                    c8:21:ed:5d:a2:6f:1a:5e:77:e2:6e:7e:2d:68:eb:
                    f9:fe:c3:6a:b1:b1:97:52:81:40:7f:da:d9:e3:7c:
                    31:93:57:b8:02:2d:08:04:47:68:6e:4e:4f:07:ba:
                    97:dd:4c:d6:37:2e:33:63:4a:66:77:95:7d:55:80:
                    1d:32:2f:81:5e:6e:c5:23:6f:5f:51:99:38:9f:57:
                    ea:6b:b8:48:09:27:ce:fc:4c:35:77:23:ff:71:e0:
                    9f:1f:22:77:c3:d1:8b:94:15:94:59:ea:6a:7e:8c:
                    70:45:82:72:1b:cc:1b:3c:ce:51:d7:53:b8:a0:03:
                    ac:ac:12:7e:84:c9:16:3e:d5:82:58:79:fc:58:4f:
                    02:7a:1f:6f:75:86:35:de:b2:79:d7:1d:05:50:c4:
                    44:0b:e1:69:ad:36:49:c4:be:89:e5:a5:09:73:37:
                    89:9e:d3:c7:b7:0f:77:3f:d5:e3:ab:5e:39:73:b5:
                    7a:57:26:00:37:15:32:1f:7a:1f:f0:eb:9e:94:b4:
                    f7:e2:46:da:d1:50:f3:19:5d:f6:df:d6:2f:6d:82:
                    a9:ea:9e:fe:68:ff:5b:92:b4:5c:49:f4:d8:be:a3:
                    47:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:51:85:92:F0:59:BB:A0:47:01:05:86:F1:D5:DC:E1:3D:57:8B:E1
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.81.0/24
                  181.215.196.0/24
                  185.158.133.0/24
                  191.96.81.0/24
                  191.101.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:e4:7f:9e:4b:b9:4f:24:45:1d:3c:36:15:f1:6f:41:89:32:
         31:0d:22:8a:e2:be:17:2e:88:13:de:85:09:90:e7:2b:8a:eb:
         ca:f6:93:88:67:03:41:5b:2d:44:e4:98:94:37:ac:3b:0f:0f:
         6c:3b:ee:eb:60:6f:eb:9a:bd:99:17:73:d0:d7:9f:ab:5e:5c:
         23:b1:9c:48:d7:21:ac:89:33:d2:b1:6b:50:1e:06:11:f0:35:
         67:92:6e:44:b1:bf:f5:5f:93:6a:d7:2a:db:c2:30:31:05:0c:
         3e:55:e1:3d:4d:56:ae:2d:99:c6:47:07:cd:86:9f:6e:30:17:
         24:af:53:97:47:33:1e:1f:a1:f8:0f:81:89:08:a5:95:06:21:
         99:7a:df:1e:fe:a7:68:e1:23:0e:40:ce:d2:6b:67:46:c8:1c:
         98:7a:81:29:7a:33:28:88:6a:1e:83:06:28:8b:e5:ee:64:47:
         74:f9:87:24:7d:82:cf:38:39:97:2d:0c:e8:dc:da:89:c5:37:
         2d:21:24:91:81:dc:b1:b1:44:d2:1b:a9:45:83:e9:a4:44:7c:
         4b:91:69:18:43:6d:ed:c9:f5:72:1b:af:34:9e:a6:45:b7:34:
         8d:3b:36:c7:35:64:19:19:2d:af:76:3e:c5:9e:14:62:47:02:
         85:1b:b3:fc
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIUKS/sbz5nJKPD5/lrlxjwjoi784swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA3MTMxMDQwMjZaFw0yNzA3MTIxMDQ1MjZaMDMxMTAvBgNV
BAMTKEZFNTE4NTkyRjA1OUJCQTA0NzAxMDU4NkYxRDVEQ0UxM0Q1NzhCRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb/2hKjdLTUh9r3pDTNTmYdgph
KjpY+yMNwTLc38gh7V2ibxped+Jufi1o6/n+w2qxsZdSgUB/2tnjfDGTV7gCLQgE
R2huTk8HupfdTNY3LjNjSmZ3lX1VgB0yL4FebsUjb19RmTifV+pruEgJJ878TDV3
I/9x4J8fInfD0YuUFZRZ6mp+jHBFgnIbzBs8zlHXU7igA6ysEn6EyRY+1YJYefxY
TwJ6H291hjXesnnXHQVQxEQL4WmtNknEvonlpQlzN4me08e3D3c/1eOrXjlztXpX
JgA3FTIfeh/w656UtPfiRtrRUPMZXfbf1i9tgqnqnv5o/1uStFxJ9Ni+o0ejAgMB
AAGjggIhMIICHTAdBgNVHQ4EFgQU/lGFkvBZu6BHAQWG8dXc4T1Xi+EwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNwYIKwYBBQUHAQcBAf8EKDAmMCQEAgABMB4DBAAF/FED
BAC118QDBAC5noUDBAC/YFEDBAK/ZdQwDQYJKoZIhvcNAQELBQADggEBABXkf55L
uU8kRR08NhXxb0GJMjENIorivhcuiBPehQmQ5yuK68r2k4hnA0FbLUTkmJQ3rDsP
D2w77utgb+uavZkXc9DXn6teXCOxnEjXIayJM9Kxa1AeBhHwNWeSbkSxv/Vfk2rX
KtvCMDEFDD5V4T1NVq4tmcZHB82Gn24wFySvU5dHMx4fofgPgYkIpZUGIZl63x7+
p2jhIw5AztJrZ0bIHJh6gSl6MyiIah6DBiiL5e5kR3T5hyR9gs84OZctDOjc2onF
Ny0hJJGB3LGxRNIbqUWD6aREfEuRaRhDbe3J9XIbrzSepkW3NI07Nsc1ZBkZLa92
PsWeFGJHAoUbs/w=
-----END CERTIFICATE-----
Generated at Sat Jul 18 01:48:43 2026 by rpki-client