Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS33387.roa
File:                     AS33387.roa (raw, json)
Hash identifier:          L2GjfZeQcdlEm76DWo7Q82REqou5Z7nOAs3iVLqCze0=
Subject key identifier:   8D:AD:3D:C4:89:AA:1D:56:85:B2:0D:57:DB:2A:93:11:14:E1:3A:BE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4C979A0132BA5040587A949A783DEA1C0D91D5E3
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS33387.roa
Signing time:             Thu 01 Jan 2026 12:55:33 +0000
ROA not before:           Thu 01 Jan 2026 12:50:33 +0000
ROA not after:            Thu 31 Dec 2026 12:55:33 +0000
asID:                     33387
IP address blocks:        2a13:9500:32::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:97:9a:01:32:ba:50:40:58:7a:94:9a:78:3d:ea:1c:0d:91:d5:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan  1 12:50:33 2026 GMT
            Not After : Dec 31 12:55:33 2026 GMT
        Subject: CN=8DAD3DC489AA1D5685B20D57DB2A931114E13ABE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:de:c0:91:ea:c3:40:06:4a:8b:bc:3b:d0:b1:
                    39:94:df:f6:3b:88:d6:fa:78:5e:3c:58:48:4b:cb:
                    a0:b9:77:1f:05:7c:cc:c6:dc:77:0e:14:76:cf:e6:
                    69:7e:99:77:5d:14:91:e2:07:b9:2a:76:5e:e0:63:
                    07:6e:f1:3f:6c:48:3c:db:ed:ff:d9:a4:de:01:4d:
                    91:58:e3:7f:9a:b1:99:87:05:06:20:12:4d:c9:69:
                    1a:8a:eb:9a:f0:d7:e0:12:1e:c2:f1:d0:43:f5:43:
                    af:73:77:a1:c3:74:4f:dd:1a:fc:74:f7:5b:10:72:
                    89:2b:16:1e:3c:29:d2:a5:13:71:69:a6:92:d2:cb:
                    b9:67:95:9a:73:67:5a:43:e2:81:7d:e3:be:88:d1:
                    d6:33:af:cf:f9:48:e7:13:40:15:76:55:05:3d:99:
                    fb:c1:b4:d2:4f:b0:9e:79:02:d5:72:7c:ae:81:c4:
                    ac:34:ad:64:e9:a9:8b:0f:93:dd:31:a7:a8:f5:e1:
                    9a:52:2d:71:a9:e8:8e:da:83:2b:79:d1:0a:1a:05:
                    3f:2e:47:95:05:e0:fa:2b:ae:13:f2:4d:e5:54:05:
                    d4:f1:e7:d5:1d:7a:4b:95:36:d9:1a:c9:4e:80:10:
                    4a:21:8f:5f:61:fc:21:d3:f8:91:08:b6:97:55:c0:
                    a2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:AD:3D:C4:89:AA:1D:56:85:B2:0D:57:DB:2A:93:11:14:E1:3A:BE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS33387.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:32::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:b1:14:8c:ad:b4:39:99:1b:d8:a7:e7:e4:35:61:7b:c2:cb:
         a3:2e:ab:6f:29:f5:5c:26:c4:0d:40:4c:07:a0:3c:16:78:02:
         11:75:46:47:c8:c1:cf:d0:96:f1:02:ad:db:02:32:be:99:c2:
         8c:5c:76:43:6d:a3:b4:1c:31:bc:e5:d5:98:3b:2d:2b:86:0d:
         d8:f3:8a:b0:83:8a:14:2c:53:50:a8:5c:e4:fc:c3:cd:39:1e:
         4d:a5:b1:6d:3b:f2:1d:4e:e9:01:c6:b4:8f:7c:78:2c:c6:8f:
         75:b9:73:6e:1e:c7:dd:06:06:94:27:d5:e6:58:60:f2:25:c9:
         1f:b3:e3:21:8e:e2:13:09:26:63:18:6c:3e:c6:90:65:bc:c5:
         b2:32:96:2f:38:4c:91:0d:65:86:64:fd:62:a7:d1:b2:2c:29:
         d3:b0:f7:66:51:f7:1a:ad:f1:1a:b1:41:be:60:71:47:35:7c:
         86:59:d6:2a:06:58:80:05:25:07:73:c0:42:62:6e:87:32:ba:
         3e:9d:fa:25:78:81:0d:99:88:30:3c:c2:97:15:a3:6e:3f:29:
         97:31:9c:2f:5a:42:65:99:70:bb:66:20:43:61:98:22:be:69:
         0a:80:d9:d2:5d:3d:79:0b:58:cd:a9:d4:cc:32:ff:b0:5d:76:
         de:eb:5c:6b
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUTJeaATK6UEBYepSaeD3qHA2R1eMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAxMDExMjUwMzNaFw0yNjEyMzExMjU1MzNaMDMxMTAvBgNV
BAMTKDhEQUQzREM0ODlBQTFENTY4NUIyMEQ1N0RCMkE5MzExMTRFMTNBQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY3sCR6sNABkqLvDvQsTmU3/Y7
iNb6eF48WEhLy6C5dx8FfMzG3HcOFHbP5ml+mXddFJHiB7kqdl7gYwdu8T9sSDzb
7f/ZpN4BTZFY43+asZmHBQYgEk3JaRqK65rw1+ASHsLx0EP1Q69zd6HDdE/dGvx0
91sQcokrFh48KdKlE3FpppLSy7lnlZpzZ1pD4oF9476I0dYzr8/5SOcTQBV2VQU9
mfvBtNJPsJ55AtVyfK6BxKw0rWTpqYsPk90xp6j14ZpSLXGp6I7agyt50QoaBT8u
R5UF4PorrhPyTeVUBdTx59UdekuVNtkayU6AEEohj19h/CHT+JEItpdVwKL5AgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUja09xImqHVaFsg1X2yqTERThOr4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzMzODcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE5UA
ADIwDQYJKoZIhvcNAQELBQADggEBAGCxFIyttDmZG9in5+Q1YXvCy6Muq28p9Vwm
xA1ATAegPBZ4AhF1RkfIwc/QlvECrdsCMr6ZwoxcdkNto7QcMbzl1Zg7LSuGDdjz
irCDihQsU1CoXOT8w805Hk2lsW078h1O6QHGtI98eCzGj3W5c24ex90GBpQn1eZY
YPIlyR+z4yGO4hMJJmMYbD7GkGW8xbIyli84TJENZYZk/WKn0bIsKdOw92ZR9xqt
8RqxQb5gcUc1fIZZ1ioGWIAFJQdzwEJibocyuj6d+iV4gQ2ZiDA8wpcVo24/KZcx
nC9aQmWZcLtmIENhmCK+aQqA2dJdPXkLWM2p1Mwy/7Bddt7rXGs=
-----END CERTIFICATE-----