Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          y920OJHT8r/aqJCf/S9/JxAAmmpz5dCgBvhGa9qNfXE=
Subject key identifier:   39:55:44:73:30:28:F1:54:6D:F3:DC:2A:F8:AB:EC:8F:0E:95:55:78
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       5923FCA28171F56CC8352F7E9994E1EE84C9ACAE
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS16276.roa
Signing time:             Sun 12 Apr 2026 11:17:49 +0000
ROA not before:           Sun 12 Apr 2026 11:12:49 +0000
ROA not after:            Sun 11 Apr 2027 11:17:49 +0000
asID:                     16276
IP address blocks:        5.133.101.0/24 maxlen: 24
                          92.249.62.0/24 maxlen: 24
                          176.53.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:23:fc:a2:81:71:f5:6c:c8:35:2f:7e:99:94:e1:ee:84:c9:ac:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Apr 12 11:12:49 2026 GMT
            Not After : Apr 11 11:17:49 2027 GMT
        Subject: CN=395544733028F1546DF3DC2AF8ABEC8F0E955578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c4:3d:9b:30:66:f7:9f:c4:34:68:21:d7:e9:
                    df:17:6e:66:51:dc:dc:03:97:42:96:87:14:34:56:
                    b2:c5:f6:08:56:e1:c9:e7:81:c8:bd:82:b9:08:c5:
                    82:71:a1:76:9d:0a:f0:43:6f:4d:d7:44:38:57:7a:
                    35:c6:8c:51:a8:67:b6:63:7a:24:11:6b:13:76:52:
                    8f:46:6d:42:98:81:99:51:21:d1:b8:7c:a1:d3:a6:
                    f5:cc:99:08:23:5c:10:d3:1e:c1:31:c7:7a:9a:a6:
                    b1:fe:e4:85:3e:f3:93:3e:51:cb:c0:05:f6:0a:ef:
                    79:17:f8:d8:5c:80:bb:1d:ac:4e:c0:56:b0:93:65:
                    f0:b7:5d:da:94:f7:87:45:29:d5:30:02:8a:78:09:
                    21:9b:50:6d:ec:70:4c:7b:7d:c0:6c:c7:c4:4a:02:
                    3c:8f:bb:80:31:36:30:9c:e1:28:f1:1d:17:98:c9:
                    64:a2:e5:14:03:08:a6:2a:e9:fd:04:fd:24:04:e0:
                    37:01:bf:ba:9e:82:30:2f:dd:92:71:2e:fc:f4:8a:
                    a4:98:2e:cc:ed:ac:7d:09:ea:8a:57:d3:c5:f7:7c:
                    35:84:ca:39:bb:99:9b:49:b1:ad:9d:c8:1c:30:47:
                    3a:79:9e:b4:e7:c5:13:c9:6a:91:a1:8e:99:b1:91:
                    b5:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:55:44:73:30:28:F1:54:6D:F3:DC:2A:F8:AB:EC:8F:0E:95:55:78
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.101.0/24
                  92.249.62.0/24
                  176.53.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:3d:bb:90:73:53:6e:fd:38:db:9c:1c:e4:69:7f:d8:c2:f7:
         69:13:ce:4f:6d:f2:3d:13:c1:ea:48:46:42:f5:f6:7a:13:d8:
         b9:bc:f0:1f:c0:72:c5:51:7d:23:bb:1f:81:e4:34:68:42:23:
         80:be:be:c5:ab:7d:b7:8e:1c:43:f7:45:1f:b9:67:a5:59:cf:
         a5:7e:35:c9:77:86:de:d0:ff:70:eb:05:c2:26:73:a8:34:ee:
         7e:c5:b7:cb:ab:cc:cd:5a:ae:dc:c2:e6:0f:af:f5:c9:b4:37:
         78:c1:29:fc:4a:a4:3f:db:03:25:08:7f:fa:48:0c:55:44:fc:
         04:2a:82:d3:f9:97:37:2a:6a:c3:6d:80:60:3a:bc:dd:8b:e1:
         fb:a7:10:82:5f:23:19:a0:24:bd:79:fb:21:d6:bb:f3:03:67:
         e8:8f:24:08:e1:9e:69:1a:8f:c7:d2:25:22:b7:d5:34:01:c7:
         cf:f1:27:61:e5:a3:66:60:b5:3b:1a:c5:90:3f:c5:40:a6:01:
         30:8a:a9:f0:43:b5:49:e2:e0:1f:1e:d9:44:d7:b9:af:be:77:
         4f:ec:95:6f:95:7a:9d:22:8a:7f:d4:96:69:72:d1:c8:e4:2e:
         6e:5e:06:33:55:70:8b:c5:26:73:06:d7:49:99:66:39:ca:ed:
         5c:69:9c:b4
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUWSP8ooFx9WzINS9+mZTh7oTJrK4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjA0MTIxMTEyNDlaFw0yNzA0MTExMTE3NDlaMDMxMTAvBgNV
BAMTKDM5NTU0NDczMzAyOEYxNTQ2REYzREMyQUY4QUJFQzhGMEU5NTU1NzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvxD2bMGb3n8Q0aCHX6d8XbmZR
3NwDl0KWhxQ0VrLF9ghW4cnngci9grkIxYJxoXadCvBDb03XRDhXejXGjFGoZ7Zj
eiQRaxN2Uo9GbUKYgZlRIdG4fKHTpvXMmQgjXBDTHsExx3qaprH+5IU+85M+UcvA
BfYK73kX+NhcgLsdrE7AVrCTZfC3XdqU94dFKdUwAop4CSGbUG3scEx7fcBsx8RK
AjyPu4AxNjCc4SjxHReYyWSi5RQDCKYq6f0E/SQE4DcBv7qegjAv3ZJxLvz0iqSY
LsztrH0J6opX08X3fDWEyjm7mZtJsa2dyBwwRzp5nrTnxRPJapGhjpmxkbUfAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUOVVEczAo8VRt89wq+Kvsjw6VVXgwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAAFhWUD
BABc+T4DBACwNZ4wDQYJKoZIhvcNAQELBQADggEBAJE9u5BzU279ONucHORpf9jC
92kTzk9t8j0TwepIRkL19noT2Lm88B/AcsVRfSO7H4HkNGhCI4C+vsWrfbeOHEP3
RR+5Z6VZz6V+Ncl3ht7Q/3DrBcImc6g07n7Ft8urzM1artzC5g+v9cm0N3jBKfxK
pD/bAyUIf/pIDFVE/AQqgtP5lzcqasNtgGA6vN2L4funEIJfIxmgJL15+yHWu/MD
Z+iPJAjhnmkaj8fSJSK31TQBx8/xJ2Hlo2ZgtTsaxZA/xUCmATCKqfBDtUni4B8e
2UTXua++d0/slW+Vep0iin/Ulmly0cjkLm5eBjNVcIvFJnMG10mZZjnK7VxpnLQ=
-----END CERTIFICATE-----