Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS32613.roa
File:                     AS32613.roa (raw, json)
Hash identifier:          ceSwv9eUWwSHDVavzEVIPbrbWkho/qVdrQR1FrogZK0=
Subject key identifier:   9D:17:B2:0C:35:15:EF:07:C0:CD:A5:A9:A4:5C:D4:E4:39:F1:BB:14
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2B0D95C5488D57C42A7ED70A8E97D86DEFF31884
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS32613.roa
Signing time:             Thu 12 Mar 2026 19:46:48 +0000
ROA not before:           Thu 12 Mar 2026 19:41:48 +0000
ROA not after:            Thu 11 Mar 2027 19:46:48 +0000
asID:                     32613
IP address blocks:        141.11.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 04:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:0d:95:c5:48:8d:57:c4:2a:7e:d7:0a:8e:97:d8:6d:ef:f3:18:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar 12 19:41:48 2026 GMT
            Not After : Mar 11 19:46:48 2027 GMT
        Subject: CN=9D17B20C3515EF07C0CDA5A9A45CD4E439F1BB14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:6a:a7:5f:f4:6a:8e:86:f8:b2:1e:2f:99:4a:
                    d2:11:da:f9:d6:98:c8:32:ad:03:cb:62:90:67:73:
                    64:ec:eb:13:a7:31:32:f8:f7:23:fc:40:db:7f:bc:
                    89:28:ea:6a:86:83:39:b9:9b:a6:e2:29:77:0d:04:
                    28:74:ba:d4:1e:f1:05:2c:7d:13:4f:9f:04:81:90:
                    e0:f9:99:7a:74:ae:12:42:fe:77:2c:f3:ff:ae:a4:
                    59:0b:3f:21:89:9e:fa:e3:bf:a2:ca:f7:c5:59:6f:
                    74:7e:05:fd:78:fc:bb:a8:fd:b7:cc:7f:73:c5:56:
                    da:f2:b1:0d:7d:9d:d5:c2:3e:53:66:65:bf:84:18:
                    1f:a6:10:42:a8:2e:2f:20:00:2b:d0:4c:ff:81:07:
                    33:23:18:4c:37:2e:e3:a3:25:03:75:5c:12:c6:28:
                    d6:92:39:d4:91:8d:b6:0f:eb:bc:ae:47:9b:a3:a3:
                    db:f4:6a:6e:bd:c3:b0:26:da:b8:2a:87:5b:d3:be:
                    9c:56:d1:49:32:2b:b6:2a:97:14:9a:41:ab:1f:03:
                    fc:c3:8c:71:f6:99:c7:4b:1a:25:77:3a:c1:57:14:
                    6e:a3:30:ac:06:36:49:91:01:8b:e8:b2:d0:43:2f:
                    6f:cd:16:c8:40:11:b4:5f:ff:3c:ac:46:b9:80:4f:
                    2c:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:17:B2:0C:35:15:EF:07:C0:CD:A5:A9:A4:5C:D4:E4:39:F1:BB:14
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS32613.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:18:00:31:dc:71:92:cf:7f:a8:b3:fa:ac:79:6b:9e:87:48:
         16:c8:1d:84:36:4d:0b:2f:bf:32:c5:9f:ca:39:24:40:61:66:
         98:a8:82:c8:c8:3a:9c:ae:c6:3f:33:58:07:53:56:4f:4e:23:
         b5:82:eb:a0:c8:c2:6d:7b:7d:f5:f4:b0:be:8c:96:37:c1:ac:
         3a:d5:c4:13:6f:37:b3:d9:7d:bf:e7:70:68:fe:26:da:a6:d3:
         dd:98:1f:32:69:ec:4a:6c:a8:10:ff:91:4b:87:f1:59:6f:49:
         78:40:ef:1c:fb:40:c9:71:e0:aa:04:cd:f2:f3:4a:59:41:b9:
         97:b3:1b:a3:09:20:20:66:0c:f5:42:80:15:54:45:e0:7d:9c:
         db:79:55:71:bf:d6:03:2c:a7:2c:83:9d:11:19:76:c6:85:79:
         dc:08:dc:c8:d6:13:69:2f:88:f3:56:ae:78:e6:37:4a:59:a2:
         cb:97:0f:69:69:2e:34:53:f3:b3:42:91:2e:bb:02:70:ef:4d:
         8f:ca:34:0c:da:66:a2:49:63:71:d0:d3:8b:48:f9:33:e9:ec:
         7a:30:e0:d1:30:85:a2:d4:dc:fd:6e:a2:8a:a2:0e:45:1c:c9:
         18:44:92:68:f8:88:9f:6e:a1:24:89:09:e3:79:81:50:a7:6e:
         a5:5c:71:ce
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUKw2VxUiNV8QqftcKjpfYbe/zGIQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMTIxOTQxNDhaFw0yNzAzMTExOTQ2NDhaMDMxMTAvBgNV
BAMTKDlEMTdCMjBDMzUxNUVGMDdDMENEQTVBOUE0NUNENEU0MzlGMUJCMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzaqdf9GqOhviyHi+ZStIR2vnW
mMgyrQPLYpBnc2Ts6xOnMTL49yP8QNt/vIko6mqGgzm5m6biKXcNBCh0utQe8QUs
fRNPnwSBkOD5mXp0rhJC/ncs8/+upFkLPyGJnvrjv6LK98VZb3R+Bf14/Luo/bfM
f3PFVtrysQ19ndXCPlNmZb+EGB+mEEKoLi8gACvQTP+BBzMjGEw3LuOjJQN1XBLG
KNaSOdSRjbYP67yuR5ujo9v0am69w7Am2rgqh1vTvpxW0UkyK7YqlxSaQasfA/zD
jHH2mcdLGiV3OsFXFG6jMKwGNkmRAYvostBDL2/NFshAEbRf/zysRrmATyzDAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUnReyDDUV7wfAzaWppFzU5DnxuxQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzI2MTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC3Yw
DQYJKoZIhvcNAQELBQADggEBAGcYADHccZLPf6iz+qx5a56HSBbIHYQ2TQsvvzLF
n8o5JEBhZpiogsjIOpyuxj8zWAdTVk9OI7WC66DIwm17ffX0sL6MljfBrDrVxBNv
N7PZfb/ncGj+Jtqm092YHzJp7EpsqBD/kUuH8VlvSXhA7xz7QMlx4KoEzfLzSllB
uZezG6MJICBmDPVCgBVUReB9nNt5VXG/1gMspyyDnREZdsaFedwI3MjWE2kviPNW
rnjmN0pZosuXD2lpLjRT87NCkS67AnDvTY/KNAzaZqJJY3HQ04tI+TPp7How4NEw
haLU3P1uooqiDkUcyRhEkmj4iJ9uoSSJCeN5gVCnbqVccc4=
-----END CERTIFICATE-----