Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS13852.roa
File:                     AS13852.roa (raw, json)
Hash identifier:          +jozhUGHKDV45NGGAGDExl5LjGMyJRm3Jc1GhdR0hgg=
Subject key identifier:   98:68:A2:D6:B1:FC:58:5B:96:23:F4:6D:E8:FB:CC:70:55:B6:D2:2C
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1C00FE876A11945B6417BF7A359BCB33957F92D6
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS13852.roa
Signing time:             Tue 03 Dec 2024 00:22:34 +0000
ROA not before:           Tue 03 Dec 2024 00:17:34 +0000
ROA not after:            Tue 02 Dec 2025 00:22:34 +0000
asID:                     13852
IP address blocks:        2a0f:85c1:b10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:00:fe:87:6a:11:94:5b:64:17:bf:7a:35:9b:cb:33:95:7f:92:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Dec  3 00:17:34 2024 GMT
            Not After : Dec  2 00:22:34 2025 GMT
        Subject: CN=9868A2D6B1FC585B9623F46DE8FBCC7055B6D22C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:81:ef:60:42:91:cb:50:7c:de:d3:58:13:44:
                    83:8b:b8:0c:c8:fe:0d:da:f7:4a:ab:d9:d9:83:19:
                    79:e3:42:ac:2b:9a:97:cb:57:0c:5f:06:b3:82:00:
                    0f:9b:61:a5:aa:8f:18:2c:f8:07:29:9b:2f:33:6a:
                    d1:98:21:50:84:dc:0e:36:2d:4a:5f:c6:44:86:59:
                    f5:31:27:0f:15:d1:ed:ac:36:44:61:2c:ba:15:8f:
                    0d:51:e2:99:57:43:59:65:13:c5:e7:32:0a:bb:63:
                    bd:ce:9a:1b:22:72:28:1e:fc:13:54:d8:ab:7b:50:
                    6b:2a:6c:fe:8b:b9:61:30:28:db:9e:68:26:9c:39:
                    a1:32:c7:a4:13:30:e7:2a:62:cc:71:2c:3d:c7:8c:
                    03:6c:08:0f:6c:0a:44:ce:50:b4:04:85:8f:25:86:
                    c9:10:21:62:16:28:72:84:bb:e9:46:df:97:27:30:
                    c6:58:6d:66:72:93:3b:b5:c1:b6:33:f2:7b:3f:84:
                    8d:7a:9a:79:ca:95:8e:49:f8:3e:2f:b2:fc:5c:92:
                    bf:f9:59:8e:c1:79:58:28:a1:82:8d:6d:36:d7:94:
                    f6:a1:07:56:5d:c8:42:ce:1e:62:d9:2e:88:de:45:
                    d3:2d:60:ce:5a:61:81:ca:f6:6e:e0:6c:3b:f8:2a:
                    01:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:68:A2:D6:B1:FC:58:5B:96:23:F4:6D:E8:FB:CC:70:55:B6:D2:2C
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS13852.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b10::/44

    Signature Algorithm: sha256WithRSAEncryption
         e4:b9:da:4f:31:18:d4:6f:7f:21:11:88:52:33:1e:a9:72:3c:
         b5:c4:5c:13:1b:4b:14:c1:a7:15:8c:9c:b4:dd:1c:52:26:85:
         ee:c5:ff:54:a8:75:9d:8d:d5:dc:44:af:a8:ed:81:3b:eb:d7:
         af:86:46:93:f3:1c:c4:25:9c:b0:23:34:94:29:11:d3:d1:7a:
         08:b7:f4:f6:6a:dd:0b:29:66:3e:9b:19:e0:1b:ff:26:a2:4a:
         5b:4f:74:ee:48:95:bd:c3:61:2a:60:08:f4:a3:f7:45:99:5e:
         3a:65:03:f5:2e:73:eb:84:84:94:c8:91:63:77:86:6e:74:01:
         6e:a6:47:a8:72:15:34:1f:95:55:3e:c5:e9:36:77:4c:43:12:
         de:08:d2:0d:c5:c3:07:c1:3b:60:ff:8e:61:ea:b1:ee:90:cf:
         58:62:76:37:ce:53:78:4f:dd:1f:0b:6b:d6:14:74:1e:bd:61:
         58:16:78:6f:39:36:ec:dc:4c:27:79:6a:a4:17:ea:4f:90:c0:
         34:11:4c:3d:5e:c8:79:c3:25:06:90:78:2a:52:28:a2:a9:76:
         d7:15:93:8a:89:9d:6d:24:be:2e:96:b1:87:2a:10:b2:46:20:
         73:c5:0a:34:a6:9d:ca:c5:9b:32:30:04:92:f8:dd:6c:d6:33:
         b7:ef:97:35
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUHAD+h2oRlFtkF796NZvLM5V/ktYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDEyMDMwMDE3MzRaFw0yNTEyMDIwMDIyMzRaMDMxMTAvBgNV
BAMTKDk4NjhBMkQ2QjFGQzU4NUI5NjIzRjQ2REU4RkJDQzcwNTVCNkQyMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrge9gQpHLUHze01gTRIOLuAzI
/g3a90qr2dmDGXnjQqwrmpfLVwxfBrOCAA+bYaWqjxgs+Acpmy8zatGYIVCE3A42
LUpfxkSGWfUxJw8V0e2sNkRhLLoVjw1R4plXQ1llE8XnMgq7Y73Omhsicige/BNU
2Kt7UGsqbP6LuWEwKNueaCacOaEyx6QTMOcqYsxxLD3HjANsCA9sCkTOULQEhY8l
hskQIWIWKHKEu+lG35cnMMZYbWZykzu1wbYz8ns/hI16mnnKlY5J+D4vsvxckr/5
WY7BeVgooYKNbTbXlPahB1ZdyELOHmLZLojeRdMtYM5aYYHK9m7gbDv4KgHLAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUmGii1rH8WFuWI/Rt6PvMcFW20iwwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMTM4NTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQqD4XB
CxAwDQYJKoZIhvcNAQELBQADggEBAOS52k8xGNRvfyERiFIzHqlyPLXEXBMbSxTB
pxWMnLTdHFImhe7F/1SodZ2N1dxEr6jtgTvr16+GRpPzHMQlnLAjNJQpEdPRegi3
9PZq3QspZj6bGeAb/yaiSltPdO5Ilb3DYSpgCPSj90WZXjplA/Uuc+uEhJTIkWN3
hm50AW6mR6hyFTQflVU+xek2d0xDEt4I0g3FwwfBO2D/jmHqse6Qz1hidjfOU3hP
3R8La9YUdB69YVgWeG85NuzcTCd5aqQX6k+QwDQRTD1eyHnDJQaQeCpSKKKpdtcV
k4qJnW0kvi6WsYcqELJGIHPFCjSmncrFmzIwBJL43WzWM7fvlzU=
-----END CERTIFICATE-----