Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS13335.roa
File:                     AS13335.roa (raw, json)
Hash identifier:          +AGSmC8vvCsi7rlnjiKT7Hnz+opZnseyk2l2QFIYNnU=
Subject key identifier:   D6:7D:A8:8C:E9:58:FA:22:2D:AD:E7:61:92:E4:B4:A1:FD:06:F0:F5
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       71D0082CE3FF76F1ED7F4256F3995A2CC9388DA4
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS13335.roa
Signing time:             Tue 25 Mar 2025 10:04:37 +0000
ROA not before:           Tue 25 Mar 2025 09:59:37 +0000
ROA not after:            Tue 24 Mar 2026 10:04:37 +0000
asID:                     13335
IP address blocks:        82.21.82.0/24 maxlen: 24
                          82.24.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:d0:08:2c:e3:ff:76:f1:ed:7f:42:56:f3:99:5a:2c:c9:38:8d:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 25 09:59:37 2025 GMT
            Not After : Mar 24 10:04:37 2026 GMT
        Subject: CN=D67DA88CE958FA222DADE76192E4B4A1FD06F0F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:13:0e:24:98:b3:a0:ff:fa:ec:c0:c8:ee:eb:
                    32:e4:f4:25:60:a0:2f:02:42:68:30:20:20:6a:1d:
                    33:85:d7:d9:0b:e7:b1:7d:3e:25:db:2d:5d:cf:75:
                    66:87:ff:09:93:52:d5:58:aa:90:07:4e:b7:73:59:
                    1d:62:ff:28:7d:a9:90:69:bf:88:21:db:58:5c:19:
                    a1:f4:8b:96:4a:d2:f5:6b:64:6c:7c:61:d0:73:77:
                    20:3c:f8:16:df:14:9f:55:61:a4:25:e2:b3:25:e9:
                    ce:97:71:e6:0c:f3:da:bb:2a:56:30:42:69:c8:bf:
                    37:ef:4d:be:f3:00:04:48:d2:d4:01:5b:bc:4e:c9:
                    aa:3e:51:3a:83:3a:c1:b5:41:8b:ba:b0:ff:8e:db:
                    13:26:95:e0:95:73:d9:06:fd:4f:d6:bd:7d:41:8b:
                    2c:a8:c9:ba:66:66:cd:29:b9:53:d9:3a:74:b5:13:
                    16:68:d8:d8:fe:d6:17:a2:a5:5a:b8:1f:37:c0:ad:
                    63:4d:56:c5:73:59:e4:6b:5c:dd:74:0b:db:0a:c7:
                    d7:0f:96:30:09:ad:ad:cb:8a:95:fd:03:69:e9:ea:
                    be:53:6c:ae:12:c5:1c:09:10:8c:e5:78:88:f1:bd:
                    15:8b:6f:0e:c9:63:22:af:84:0d:68:d7:dc:11:65:
                    aa:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:7D:A8:8C:E9:58:FA:22:2D:AD:E7:61:92:E4:B4:A1:FD:06:F0:F5
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS13335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.82.0/24
                  82.24.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:09:ed:14:fa:5f:a7:fc:2e:8b:ba:64:76:a3:11:ec:96:12:
         e2:a7:d3:6e:9a:1e:73:0c:b2:00:7e:36:e2:66:12:0e:a6:3f:
         1e:f9:f0:d6:00:b9:d4:be:ae:4c:60:7b:86:43:64:3a:aa:43:
         c5:63:74:cc:71:ab:6e:c4:0f:53:89:84:b0:6b:50:5d:53:27:
         c8:ca:4d:a9:54:20:61:8f:20:84:26:1f:69:df:16:20:09:10:
         49:27:b6:50:75:1c:f7:a4:5a:0f:64:3a:5b:fa:8a:06:c4:3c:
         54:c2:60:9b:f0:85:9c:8e:bd:78:b3:27:2f:55:0c:9f:5d:a0:
         60:89:e3:fe:5c:1a:e8:58:c0:34:59:02:0d:86:fc:4f:4b:99:
         94:5a:ac:27:f7:2d:9e:f4:f8:7f:cb:b1:0e:0d:00:a5:0b:91:
         c9:fb:ae:1f:d3:5d:7d:ea:d4:af:64:cb:a9:fa:f6:3e:36:3d:
         84:3b:ef:82:eb:a3:3a:35:2e:8f:7a:42:53:11:bb:a6:e4:a4:
         a0:07:56:78:14:aa:ca:51:7e:8b:a9:ec:d3:96:14:4d:ad:3b:
         6c:b5:34:9a:13:5f:87:06:c2:a3:5d:ba:90:bc:8c:ea:c1:3d:
         99:c5:44:b6:1b:38:49:be:20:a5:32:9b:1a:a0:15:98:bf:08:
         52:5c:e1:ac
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUcdAILOP/dvHtf0JW85laLMk4jaQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAzMjUwOTU5MzdaFw0yNjAzMjQxMDA0MzdaMDMxMTAvBgNV
BAMTKEQ2N0RBODhDRTk1OEZBMjIyREFERTc2MTkyRTRCNEExRkQwNkYwRjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxEw4kmLOg//rswMju6zLk9CVg
oC8CQmgwICBqHTOF19kL57F9PiXbLV3PdWaH/wmTUtVYqpAHTrdzWR1i/yh9qZBp
v4gh21hcGaH0i5ZK0vVrZGx8YdBzdyA8+BbfFJ9VYaQl4rMl6c6XceYM89q7KlYw
QmnIvzfvTb7zAARI0tQBW7xOyao+UTqDOsG1QYu6sP+O2xMmleCVc9kG/U/WvX1B
iyyoybpmZs0puVPZOnS1ExZo2Nj+1heipVq4HzfArWNNVsVzWeRrXN10C9sKx9cP
ljAJra3LipX9A2np6r5TbK4SxRwJEIzleIjxvRWLbw7JYyKvhA1o19wRZaqpAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU1n2ojOlY+iItredhkuS0of0G8PUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABSFVID
BABSGMAwDQYJKoZIhvcNAQELBQADggEBAHEJ7RT6X6f8Lou6ZHajEeyWEuKn026a
HnMMsgB+NuJmEg6mPx758NYAudS+rkxge4ZDZDqqQ8VjdMxxq27ED1OJhLBrUF1T
J8jKTalUIGGPIIQmH2nfFiAJEEkntlB1HPekWg9kOlv6igbEPFTCYJvwhZyOvXiz
Jy9VDJ9doGCJ4/5cGuhYwDRZAg2G/E9LmZRarCf3LZ70+H/LsQ4NAKULkcn7rh/T
XX3q1K9ky6n69j42PYQ774Lrozo1Lo96QlMRu6bkpKAHVngUqspRfoup7NOWFE2t
O2y1NJoTX4cGwqNdupC8jOrBPZnFRLYbOEm+IKUymxqgFZi/CFJc4aw=
-----END CERTIFICATE-----