Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS13335.roa
File:                     AS13335.roa (raw, json)
Hash identifier:          T6i1MCbJUIcRRs8FnUgdMReRgJJFcS9sxslY0fzat1M=
Subject key identifier:   49:9F:B0:37:75:D1:91:F9:EE:66:89:72:66:A6:BA:86:71:02:4B:55
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3B7085D3AFF10E7D0AECA29833AE2DDB711A8091
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS13335.roa
Signing time:             Tue 03 Jun 2025 19:59:55 +0000
ROA not before:           Tue 03 Jun 2025 19:54:55 +0000
ROA not after:            Tue 02 Jun 2026 19:59:55 +0000
asID:                     13335
IP address blocks:        82.21.82.0/24 maxlen: 24
                          82.24.40.0/24 maxlen: 24
                          2a13:9500:3e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 10:57:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:70:85:d3:af:f1:0e:7d:0a:ec:a2:98:33:ae:2d:db:71:1a:80:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  3 19:54:55 2025 GMT
            Not After : Jun  2 19:59:55 2026 GMT
        Subject: CN=499FB03775D191F9EE66897266A6BA8671024B55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c3:2a:31:b0:73:6b:62:69:93:dc:6c:37:6b:
                    af:6d:9a:14:d3:51:cc:f5:3a:4e:fd:a8:ba:30:11:
                    03:9c:90:86:d5:61:c2:c9:1c:ae:60:e2:f5:df:dc:
                    80:52:2a:f9:5a:97:fe:8d:7a:82:78:8f:f1:49:63:
                    ad:ef:39:ff:ea:12:86:3b:9d:78:a3:01:e8:9d:0a:
                    88:ba:3e:c3:76:f1:ec:8d:c6:76:7c:02:f3:c0:a9:
                    a4:88:35:4d:12:26:56:a6:b1:4d:60:63:b8:89:55:
                    56:12:68:d8:66:2f:bc:6e:bb:de:c3:33:6f:d8:15:
                    86:4c:64:f4:9d:73:d1:c2:75:c5:64:2d:5f:50:2a:
                    42:85:aa:3d:48:29:94:97:91:41:00:4c:98:8c:43:
                    7d:81:bf:62:98:f1:69:8d:e3:5a:b3:94:b3:7b:42:
                    d5:57:6d:61:a4:00:94:dc:9d:9e:6b:de:9f:16:9b:
                    55:51:67:92:fd:b2:65:30:b1:c8:a3:62:d3:04:7a:
                    7e:0c:6a:69:92:62:42:cb:ce:5b:57:ea:8b:a2:81:
                    bb:d5:5a:d4:72:6f:90:3d:90:6d:71:b7:a6:d1:ca:
                    17:42:d0:55:bd:c3:9c:ab:22:c0:80:ab:db:14:9d:
                    b4:28:06:91:16:08:3b:84:55:c4:6e:80:bc:e4:ba:
                    9b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:9F:B0:37:75:D1:91:F9:EE:66:89:72:66:A6:BA:86:71:02:4B:55
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS13335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.82.0/24
                  82.24.40.0/24
                IPv6:
                  2a13:9500:3e::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:82:3a:25:14:85:7e:20:3d:83:78:ff:62:20:e2:25:6d:d3:
         84:87:ae:68:34:2c:ea:17:e8:f1:82:e2:da:bd:46:be:5b:6d:
         18:c3:5d:92:1b:33:1b:4d:26:e3:68:65:0a:ba:1d:97:88:7d:
         3d:bf:ae:8b:39:f7:34:b5:7d:91:30:a5:cf:ef:53:81:fb:0f:
         16:26:eb:80:54:c4:09:aa:ca:31:ff:cc:66:24:68:b0:4b:c8:
         1f:f6:f2:79:3e:9f:67:d1:72:e9:57:d7:37:83:19:33:40:40:
         8c:bc:cd:4d:28:dd:86:7e:d0:3e:07:01:c3:a6:63:98:71:26:
         f2:df:4d:56:64:72:f9:13:61:ce:00:c9:32:47:dd:7f:df:95:
         2b:a4:49:98:2f:86:53:e1:c2:10:ed:a8:df:55:1e:d1:2f:1d:
         1e:eb:78:4d:d1:e9:7b:12:35:2c:2c:ed:52:1f:05:83:1c:eb:
         31:b3:75:36:a6:a0:a0:b7:15:39:dd:30:d4:2a:b5:d8:e6:bf:
         14:10:25:7e:b7:da:b7:44:2a:12:08:88:89:18:2f:87:32:9d:
         2d:54:8b:1a:c3:6e:fc:73:0b:ed:9e:00:cd:e1:d9:2c:50:15:
         24:af:33:bc:b9:9f:7f:d9:a1:29:81:1b:c2:6e:97:4e:2b:35:
         d0:dc:b0:c6
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUO3CF06/xDn0K7KKYM64t23EagJEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MDMxOTU0NTVaFw0yNjA2MDIxOTU5NTVaMDMxMTAvBgNV
BAMTKDQ5OUZCMDM3NzVEMTkxRjlFRTY2ODk3MjY2QTZCQTg2NzEwMjRCNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClwyoxsHNrYmmT3Gw3a69tmhTT
Ucz1Ok79qLowEQOckIbVYcLJHK5g4vXf3IBSKvlal/6NeoJ4j/FJY63vOf/qEoY7
nXijAeidCoi6PsN28eyNxnZ8AvPAqaSINU0SJlamsU1gY7iJVVYSaNhmL7xuu97D
M2/YFYZMZPSdc9HCdcVkLV9QKkKFqj1IKZSXkUEATJiMQ32Bv2KY8WmN41qzlLN7
QtVXbWGkAJTcnZ5r3p8Wm1VRZ5L9smUwscijYtMEen4MammSYkLLzltX6ouigbvV
WtRyb5A9kG1xt6bRyhdC0FW9w5yrIsCAq9sUnbQoBpEWCDuEVcRugLzkupuDAgMB
AAGjggIgMIICHDAdBgNVHQ4EFgQUSZ+wN3XRkfnuZolyZqa6hnECS1UwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNgYIKwYBBQUHAQcBAf8EJzAlMBIEAgABMAwDBABSFVID
BABSGCgwDwQCAAIwCQMHACoTlQAAPjANBgkqhkiG9w0BAQsFAAOCAQEAYoI6JRSF
fiA9g3j/YiDiJW3ThIeuaDQs6hfo8YLi2r1GvlttGMNdkhszG00m42hlCrodl4h9
Pb+uizn3NLV9kTClz+9TgfsPFibrgFTECarKMf/MZiRosEvIH/byeT6fZ9Fy6VfX
N4MZM0BAjLzNTSjdhn7QPgcBw6ZjmHEm8t9NVmRy+RNhzgDJMkfdf9+VK6RJmC+G
U+HCEO2o31Ue0S8dHut4TdHpexI1LCztUh8FgxzrMbN1NqagoLcVOd0w1Cq12Oa/
FBAlfrfat0QqEgiIiRgvhzKdLVSLGsNu/HML7Z4AzeHZLFAVJK8zvLmff9mhKYEb
wm6XTis10Nywxg==
-----END CERTIFICATE-----