Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS13335.roa
File:                     AS13335.roa (raw, json)
Hash identifier:          b7TcD1C+cAGcQk3WjnChPgVy1tjJ5MQfP8BCdhsaATM=
Subject key identifier:   9E:AC:EA:41:80:64:50:D5:08:C5:20:5C:83:A5:91:EF:89:11:25:8D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       61CFE0771029E3B7FABCBAB87DAAA4CD20B9A168
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS13335.roa
Signing time:             Tue 29 Oct 2024 15:43:25 +0000
ROA not before:           Tue 29 Oct 2024 15:38:25 +0000
ROA not after:            Tue 28 Oct 2025 15:43:25 +0000
asID:                     13335
IP address blocks:        141.11.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:cf:e0:77:10:29:e3:b7:fa:bc:ba:b8:7d:aa:a4:cd:20:b9:a1:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 15:38:25 2024 GMT
            Not After : Oct 28 15:43:25 2025 GMT
        Subject: CN=9EACEA41806450D508C5205C83A591EF8911258D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:75:03:71:1a:20:ef:1f:2b:d9:86:3a:8e:20:
                    64:99:af:22:2f:0e:49:3a:2b:0d:4d:48:e2:00:52:
                    07:c9:69:9c:fe:b0:7f:fe:d4:42:0d:de:f0:03:6c:
                    26:f4:14:a6:18:09:73:02:7c:4c:52:3b:44:a2:78:
                    2d:a8:b6:8e:26:d4:07:7c:96:50:2b:da:99:9e:6f:
                    a9:70:72:61:a0:1a:85:d3:aa:4c:9f:e5:2f:3f:79:
                    b2:84:5d:85:30:e1:81:82:49:c9:e9:a8:7d:4b:97:
                    d1:af:44:29:64:98:b6:83:42:69:e9:22:bc:b5:56:
                    65:a5:a9:fc:77:aa:d2:fd:e7:d7:2a:93:d8:db:c4:
                    6f:0e:3c:9a:35:28:ff:54:4a:d5:aa:4a:d7:f9:bc:
                    69:34:2b:b5:9c:a6:60:a2:26:e8:8f:88:95:1a:cf:
                    58:c3:01:b7:d3:95:f9:c1:c9:05:67:2a:d0:05:50:
                    10:2a:8f:29:b1:57:0d:04:4f:7d:25:3b:fd:43:30:
                    b5:f5:a4:4b:44:8d:6d:2a:fb:2b:54:f4:d3:af:d2:
                    40:57:26:21:27:82:00:66:22:98:63:30:d7:8e:83:
                    93:1c:80:58:c9:4f:0b:67:ea:dd:c5:24:e1:60:d5:
                    39:0e:a3:b9:bd:ad:64:54:4f:5a:a5:b3:1c:4f:20:
                    59:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:AC:EA:41:80:64:50:D5:08:C5:20:5C:83:A5:91:EF:89:11:25:8D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS13335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:46:27:42:f9:5b:ef:23:5e:d0:c8:ee:0a:a6:e0:b2:57:db:
         6d:84:bf:0e:38:cb:bb:b5:28:76:41:ee:27:79:db:80:13:6a:
         c1:80:98:d6:e5:1d:ae:59:f0:f8:c1:c3:93:80:a5:24:83:b7:
         40:84:c0:2c:5f:a6:da:87:79:b2:1c:00:8b:7d:75:37:ae:ef:
         09:c4:1a:13:17:ad:ad:e2:22:df:09:d7:56:28:c5:4f:ca:22:
         2b:80:73:31:a2:f7:72:0c:c5:ff:cd:e4:d3:f9:bc:fb:78:cf:
         89:d2:64:ce:9a:d6:aa:f8:3e:ab:cf:03:dd:67:38:fb:b1:e4:
         9e:7f:72:e9:8f:d1:92:81:18:aa:13:6b:39:85:cc:44:c6:05:
         51:13:54:b6:9a:cc:f4:b5:6e:71:bb:2d:3b:54:71:b0:0e:da:
         a2:82:9f:41:2e:c9:16:2f:e3:ba:f9:d9:51:78:ab:8c:b4:93:
         2e:89:ad:08:ca:52:1f:be:59:a9:7d:e1:0d:e5:fe:31:6b:2a:
         67:05:ad:bd:e8:a3:2f:69:e7:c3:74:32:e9:2f:8e:54:45:12:
         d6:8c:03:c1:bd:50:61:94:eb:a1:94:19:49:07:f3:01:1b:13:
         42:7e:10:82:08:09:4e:24:dd:bf:82:51:0d:86:69:56:93:ad:
         10:1c:a1:90
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUYc/gdxAp47f6vLq4faqkzSC5oWgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxNTM4MjVaFw0yNTEwMjgxNTQzMjVaMDMxMTAvBgNV
BAMTKDlFQUNFQTQxODA2NDUwRDUwOEM1MjA1QzgzQTU5MUVGODkxMTI1OEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOdQNxGiDvHyvZhjqOIGSZryIv
Dkk6Kw1NSOIAUgfJaZz+sH/+1EIN3vADbCb0FKYYCXMCfExSO0SieC2oto4m1Ad8
llAr2pmeb6lwcmGgGoXTqkyf5S8/ebKEXYUw4YGCScnpqH1Ll9GvRClkmLaDQmnp
Iry1VmWlqfx3qtL959cqk9jbxG8OPJo1KP9UStWqStf5vGk0K7WcpmCiJuiPiJUa
z1jDAbfTlfnByQVnKtAFUBAqjymxVw0ET30lO/1DMLX1pEtEjW0q+ytU9NOv0kBX
JiEnggBmIphjMNeOg5McgFjJTwtn6t3FJOFg1TkOo7m9rWRUT1qlsxxPIFkXAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUnqzqQYBkUNUIxSBcg6WR74kRJY0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC0cw
DQYJKoZIhvcNAQELBQADggEBAHdGJ0L5W+8jXtDI7gqm4LJX222Evw44y7u1KHZB
7id524ATasGAmNblHa5Z8PjBw5OApSSDt0CEwCxfptqHebIcAIt9dTeu7wnEGhMX
ra3iIt8J11YoxU/KIiuAczGi93IMxf/N5NP5vPt4z4nSZM6a1qr4PqvPA91nOPux
5J5/cumP0ZKBGKoTazmFzETGBVETVLaazPS1bnG7LTtUcbAO2qKCn0EuyRYv47r5
2VF4q4y0ky6JrQjKUh++Wal94Q3l/jFrKmcFrb3ooy9p58N0MukvjlRFEtaMA8G9
UGGU66GUGUkH8wEbE0J+EIIICU4k3b+CUQ2GaVaTrRAcoZA=
-----END CERTIFICATE-----