Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS33387.roa
File:                     AS33387.roa (raw, json)
Hash identifier:          fjEQKx2y1lyKe0XbgeHJqGz0wZoUDFBWVwc+roDlXYY=
Subject key identifier:   36:B9:BD:28:33:6F:97:90:5A:2E:26:20:FD:1E:F1:FB:C6:93:B1:D2
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2B49F47C145E7A849AACF9036D9E46DFB2DF8578
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS33387.roa
Signing time:             Thu 30 Jan 2025 12:04:01 +0000
ROA not before:           Thu 30 Jan 2025 11:59:01 +0000
ROA not after:            Thu 29 Jan 2026 12:04:01 +0000
asID:                     33387
IP address blocks:        2a13:9500:32::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:49:f4:7c:14:5e:7a:84:9a:ac:f9:03:6d:9e:46:df:b2:df:85:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 30 11:59:01 2025 GMT
            Not After : Jan 29 12:04:01 2026 GMT
        Subject: CN=36B9BD28336F97905A2E2620FD1EF1FBC693B1D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ad:fb:96:b7:8b:fb:c6:f7:14:47:11:35:7d:
                    bc:a7:ba:d0:d5:dc:22:64:37:1f:b3:4c:e9:41:4b:
                    91:39:8e:52:9b:a8:d8:9f:02:87:13:85:61:23:a5:
                    bc:40:9a:d5:82:ff:1f:ae:8a:c6:04:96:98:87:d5:
                    c9:bc:f0:ff:16:eb:80:de:05:c6:f1:99:0c:6c:e2:
                    ed:7d:20:e3:00:9c:9b:6b:23:26:62:59:fa:f5:cc:
                    cf:69:59:4a:5c:eb:e5:93:3b:b3:e1:1e:8c:11:fe:
                    c4:1a:f3:a4:33:4c:6b:9d:ac:6d:8e:81:e8:b3:18:
                    31:d2:9a:e1:fa:83:16:fb:c4:3c:5f:7b:70:fc:b9:
                    b7:88:d5:d0:ab:3e:3e:9d:35:0b:96:f7:90:fe:8a:
                    e5:1d:29:0d:99:86:74:7a:9b:e7:2c:86:d5:98:1a:
                    09:82:14:6b:4c:93:f1:71:9a:b6:88:ef:c6:c8:16:
                    89:21:75:c7:e4:47:58:67:e5:86:82:b7:c8:50:f0:
                    1b:de:25:14:52:2e:1c:74:61:36:72:b6:fb:b1:58:
                    b2:2d:1d:06:e9:c4:66:7f:5f:1d:22:4d:1c:9f:e5:
                    7c:0d:97:31:34:2f:ab:ee:b9:42:89:e4:3a:e5:7b:
                    40:0c:02:ea:06:fe:fd:d6:f1:76:dc:c0:58:69:2b:
                    c1:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:B9:BD:28:33:6F:97:90:5A:2E:26:20:FD:1E:F1:FB:C6:93:B1:D2
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS33387.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:32::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:e4:14:6e:37:26:98:18:39:f7:90:84:2e:95:fd:c0:51:ef:
         a6:7a:2f:b5:43:40:38:16:41:b0:94:21:35:39:78:9e:47:a6:
         6e:e9:5c:80:b2:a1:5e:00:61:0d:04:e4:38:1e:e4:e9:90:f4:
         69:20:4f:3d:19:94:95:5d:7f:12:47:23:c2:0d:84:89:d4:60:
         9f:89:c3:88:c4:d4:f9:da:32:0d:6d:3d:d4:50:51:bf:93:07:
         65:9d:c5:7f:c4:0c:6d:a3:1c:45:6e:52:97:39:fe:99:37:62:
         b4:17:03:dd:10:5a:d5:8c:2e:48:34:e7:8a:5e:ff:26:d0:c4:
         08:b4:ec:20:c3:c4:35:f5:89:9b:5d:25:72:7e:00:9d:89:36:
         ba:c6:d1:08:dc:91:8f:77:51:e9:46:f5:56:0b:33:16:f7:6f:
         e3:f1:62:2d:a4:4a:ac:54:b1:7b:f0:0d:36:46:06:a0:05:7d:
         d3:0d:d9:25:26:7b:51:ff:80:77:75:65:6e:cc:a3:ee:67:9a:
         f5:73:39:39:6b:54:a0:da:93:2e:fa:9c:cb:68:c1:4e:72:9b:
         ba:23:f9:e6:45:53:25:7b:bd:fd:43:c0:d3:03:be:07:1f:c9:
         c9:96:0d:df:ad:ef:68:cc:8c:61:f8:90:3d:1f:e0:20:9f:e4:
         c3:1f:63:93
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUK0n0fBReeoSarPkDbZ5G37LfhXgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMzAxMTU5MDFaFw0yNjAxMjkxMjA0MDFaMDMxMTAvBgNV
BAMTKDM2QjlCRDI4MzM2Rjk3OTA1QTJFMjYyMEZEMUVGMUZCQzY5M0IxRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCHrfuWt4v7xvcURxE1fbynutDV
3CJkNx+zTOlBS5E5jlKbqNifAocThWEjpbxAmtWC/x+uisYElpiH1cm88P8W64De
BcbxmQxs4u19IOMAnJtrIyZiWfr1zM9pWUpc6+WTO7PhHowR/sQa86QzTGudrG2O
geizGDHSmuH6gxb7xDxfe3D8ubeI1dCrPj6dNQuW95D+iuUdKQ2ZhnR6m+cshtWY
GgmCFGtMk/FxmraI78bIFokhdcfkR1hn5YaCt8hQ8BveJRRSLhx0YTZytvuxWLIt
HQbpxGZ/Xx0iTRyf5XwNlzE0L6vuuUKJ5Drle0AMAuoG/v3W8XbcwFhpK8GPAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUNrm9KDNvl5BaLiYg/R7x+8aTsdIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzMzODcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE5UA
ADIwDQYJKoZIhvcNAQELBQADggEBAKbkFG43JpgYOfeQhC6V/cBR76Z6L7VDQDgW
QbCUITU5eJ5Hpm7pXICyoV4AYQ0E5Dge5OmQ9GkgTz0ZlJVdfxJHI8INhInUYJ+J
w4jE1PnaMg1tPdRQUb+TB2WdxX/EDG2jHEVuUpc5/pk3YrQXA90QWtWMLkg054pe
/ybQxAi07CDDxDX1iZtdJXJ+AJ2JNrrG0QjckY93UelG9VYLMxb3b+PxYi2kSqxU
sXvwDTZGBqAFfdMN2SUme1H/gHd1ZW7Mo+5nmvVzOTlrVKDaky76nMtowU5ym7oj
+eZFUyV7vf1DwNMDvgcfycmWDd+t72jMjGH4kD0f4CCf5MMfY5M=
-----END CERTIFICATE-----