Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS13335.roa
File:                     AS13335.roa (raw, json)
Hash identifier:          IzG+G61Swq+ptlxT+thzs6O+627LRXu4YHwM8wDNCsY=
Subject key identifier:   0C:DC:9A:65:37:F8:76:C9:19:B1:B6:B3:62:AF:A6:86:CC:D2:E5:13
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       49BED75EE6BF87F236B8922F24E8ACEA908E2CA1
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS13335.roa
Signing time:             Mon 20 Jan 2025 07:34:29 +0000
ROA not before:           Mon 20 Jan 2025 07:29:29 +0000
ROA not after:            Mon 19 Jan 2026 07:34:29 +0000
asID:                     13335
IP address blocks:        82.21.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:be:d7:5e:e6:bf:87:f2:36:b8:92:2f:24:e8:ac:ea:90:8e:2c:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 20 07:29:29 2025 GMT
            Not After : Jan 19 07:34:29 2026 GMT
        Subject: CN=0CDC9A6537F876C919B1B6B362AFA686CCD2E513
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:00:af:f5:a7:84:b9:3d:fa:1b:78:8a:28:6e:
                    47:98:bc:4c:06:15:65:d7:c2:7c:61:08:a2:d5:c4:
                    66:c1:3c:d5:2e:17:5f:69:77:75:e9:ad:35:e0:24:
                    3d:a7:7f:9a:a5:8d:18:92:eb:b8:ce:47:03:f5:5b:
                    78:ac:60:d1:58:a1:32:af:46:34:61:6b:c1:e4:67:
                    8d:93:ea:73:b1:5e:1f:34:b8:ac:57:c6:44:58:89:
                    92:6e:d2:25:d3:70:42:62:8f:96:81:a1:f2:bd:7f:
                    fb:31:a9:9e:42:e9:57:de:0e:7a:8f:1f:fd:df:ce:
                    e4:6a:ae:5f:43:f6:f1:2b:94:ea:7f:70:92:be:33:
                    a4:e4:e7:60:1d:6e:b8:e8:c3:76:b1:15:6a:5d:43:
                    b3:0d:a4:0f:89:b0:a5:e5:5a:24:8a:9d:cb:97:a7:
                    13:05:f8:d0:ed:d4:e8:bc:b8:68:cc:71:6a:39:7f:
                    fc:70:b5:4d:8c:16:b4:e4:3d:43:39:8c:ba:29:89:
                    04:d4:e0:1f:f5:83:7d:28:9d:a9:28:62:d6:48:25:
                    64:ca:75:8c:82:b0:6f:91:bf:78:cc:a1:97:13:6c:
                    e6:4f:fc:f3:4a:18:4c:a5:c7:4e:26:2f:2e:ba:65:
                    64:0b:c0:8a:09:d6:b5:ba:ca:c5:02:bd:43:79:81:
                    ce:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:DC:9A:65:37:F8:76:C9:19:B1:B6:B3:62:AF:A6:86:CC:D2:E5:13
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS13335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:05:7e:79:82:52:3b:94:35:0f:07:32:11:ac:6d:08:9e:46:
         4e:8e:88:42:47:91:52:9c:cd:92:d4:53:05:c8:c5:a0:75:45:
         f7:be:67:60:f2:c9:7f:31:76:22:cc:d0:75:bd:2e:cc:b7:ec:
         4f:50:26:f7:01:4b:6d:78:75:31:61:4b:44:73:06:1f:74:00:
         83:f2:da:87:a5:b2:7f:9b:3d:7d:34:70:f1:88:fc:75:7f:d9:
         f9:1b:5f:8f:0c:67:c9:77:29:fe:09:f5:6c:b0:84:54:5e:fb:
         b7:e6:f7:bc:aa:40:fe:3d:9f:fa:17:bb:1a:ae:14:0a:a6:0c:
         96:a3:d1:56:56:11:e1:17:91:a1:16:1e:67:0c:29:1c:63:95:
         0e:78:1e:5b:82:0d:9c:b0:16:4a:30:0b:d8:25:04:35:76:8b:
         1c:41:2f:b8:b4:ad:7c:bd:e1:24:0a:ec:22:f5:78:dc:04:64:
         d7:11:c4:3c:f3:d5:4b:79:8d:83:e1:a3:b6:94:08:7b:49:9d:
         fd:c3:d4:02:14:a5:0a:da:1f:b2:1a:be:0c:02:8f:f6:84:b6:
         7b:c7:fc:8b:8d:59:f7:ed:2a:c4:fc:dc:e2:cd:c2:ba:2e:30:
         50:52:7d:e1:21:63:3a:07:18:0e:be:08:58:3c:4d:41:61:d7:
         80:88:16:a1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUSb7XXua/h/I2uJIvJOis6pCOLKEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMjAwNzI5MjlaFw0yNjAxMTkwNzM0MjlaMDMxMTAvBgNV
BAMTKDBDREM5QTY1MzdGODc2QzkxOUIxQjZCMzYyQUZBNjg2Q0NEMkU1MTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxAK/1p4S5PfobeIoobkeYvEwG
FWXXwnxhCKLVxGbBPNUuF19pd3XprTXgJD2nf5qljRiS67jORwP1W3isYNFYoTKv
RjRha8HkZ42T6nOxXh80uKxXxkRYiZJu0iXTcEJij5aBofK9f/sxqZ5C6VfeDnqP
H/3fzuRqrl9D9vErlOp/cJK+M6Tk52Adbrjow3axFWpdQ7MNpA+JsKXlWiSKncuX
pxMF+NDt1Oi8uGjMcWo5f/xwtU2MFrTkPUM5jLopiQTU4B/1g30onakoYtZIJWTK
dYyCsG+Rv3jMoZcTbOZP/PNKGEylx04mLy66ZWQLwIoJ1rW6ysUCvUN5gc7ZAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUDNyaZTf4dskZsbazYq+mhszS5RMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSFVIw
DQYJKoZIhvcNAQELBQADggEBAEMFfnmCUjuUNQ8HMhGsbQieRk6OiEJHkVKczZLU
UwXIxaB1Rfe+Z2DyyX8xdiLM0HW9Lsy37E9QJvcBS214dTFhS0RzBh90AIPy2oel
sn+bPX00cPGI/HV/2fkbX48MZ8l3Kf4J9WywhFRe+7fm97yqQP49n/oXuxquFAqm
DJaj0VZWEeEXkaEWHmcMKRxjlQ54HluCDZywFkowC9glBDV2ixxBL7i0rXy94SQK
7CL1eNwEZNcRxDzz1Ut5jYPho7aUCHtJnf3D1AIUpQraH7IavgwCj/aEtnvH/IuN
WfftKsT83OLNwrouMFBSfeEhYzoHGA6+CFg8TUFh14CIFqE=
-----END CERTIFICATE-----