Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          yJ6zRlYRYTXhqRYX55AMWNltzscqgmvzDNTv2B/xros=
Subject key identifier:   04:A2:CD:C6:46:CC:9E:82:9B:E1:5E:6F:05:8C:DE:59:9B:57:DD:3C
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       39B6481235874C0805AFF612C21F8D4344D5198A
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS16276.roa
Signing time:             Wed 20 May 2026 09:36:19 +0000
ROA not before:           Wed 20 May 2026 09:31:19 +0000
ROA not after:            Wed 19 May 2027 09:36:19 +0000
asID:                     16276
IP address blocks:        176.53.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:b6:48:12:35:87:4c:08:05:af:f6:12:c2:1f:8d:43:44:d5:19:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: May 20 09:31:19 2026 GMT
            Not After : May 19 09:36:19 2027 GMT
        Subject: CN=04A2CDC646CC9E829BE15E6F058CDE599B57DD3C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d3:0c:2c:c2:80:f4:10:97:9e:53:fb:44:03:
                    01:b3:ed:dd:93:ad:ae:16:a2:f1:b4:3d:c4:dd:d8:
                    1f:eb:f7:8f:a4:06:50:85:8d:d9:43:de:bc:fc:5e:
                    84:9b:6f:af:97:1d:5a:4e:0a:1f:0e:ff:11:18:cc:
                    3e:b0:40:24:0b:52:09:3f:41:68:f1:60:4d:7d:85:
                    ac:4f:fe:f3:26:cf:17:91:0e:65:a9:c0:04:c4:bd:
                    0f:b6:22:af:f5:bf:59:cf:0a:40:fa:1c:59:63:a3:
                    81:d8:2c:e1:84:ab:5f:55:4d:ec:0f:27:71:28:e1:
                    96:37:a5:b4:50:20:dd:be:93:12:ed:5c:95:d5:b6:
                    fc:77:61:f7:9d:b5:05:4b:00:31:7c:99:92:44:54:
                    6a:b2:21:32:26:34:90:95:b6:e4:e4:79:ee:bf:32:
                    a8:6f:50:c1:c7:29:98:6c:cb:a8:cf:ea:2b:ab:21:
                    1c:41:35:01:de:d4:52:7f:66:d5:38:43:4c:52:3c:
                    3f:4b:71:cf:a8:8b:0c:f0:7f:34:0d:05:42:74:04:
                    57:62:c6:35:a1:89:3c:a9:49:d3:58:f9:c5:26:2f:
                    6a:d7:91:32:83:fe:cb:52:76:3a:b8:b8:6c:b7:79:
                    85:da:3f:a5:f5:f0:54:16:4c:1f:3f:fb:92:d5:66:
                    ea:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:A2:CD:C6:46:CC:9E:82:9B:E1:5E:6F:05:8C:DE:59:9B:57:DD:3C
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.53.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:d0:0f:a9:d5:ef:57:46:88:08:2b:3a:e6:4f:e0:4f:72:23:
         02:80:45:50:91:01:e2:1e:a0:bb:4d:9e:05:59:6e:e3:4f:1e:
         41:63:e3:36:cb:a4:ae:ec:2f:84:fa:1c:75:6f:ec:73:a5:2f:
         22:c9:77:5e:19:4c:d3:7c:a9:84:97:79:f5:ad:b5:40:30:dc:
         6f:12:e8:a2:01:f8:c2:0e:cc:30:ad:4a:fb:4e:bf:a8:07:ad:
         c9:7d:e6:95:b4:62:67:08:af:95:9b:6c:8f:a6:62:77:0c:d3:
         55:61:6a:50:fc:32:b3:cb:a5:ef:97:b3:9d:a8:47:d1:b9:1a:
         9c:86:47:54:70:cf:ec:19:3b:e3:53:b1:14:54:ba:ca:80:45:
         19:7b:aa:8b:85:a9:d2:57:9b:b1:22:0f:ac:26:de:71:57:11:
         02:f5:71:2e:35:14:42:e5:b4:92:9e:22:a0:a7:40:07:e9:90:
         9f:0a:29:6b:5c:08:a1:e2:59:1e:3f:af:df:55:34:f1:58:8f:
         6e:7d:99:1c:1e:14:7b:82:75:a4:b2:5b:46:8f:0e:55:10:a2:
         50:2c:b7:6e:c1:50:87:bc:3d:05:74:77:89:3f:52:93:61:69:
         7d:71:d9:c9:f9:1b:57:e8:37:7e:5c:65:25:d1:e9:45:aa:47:
         be:ee:44:5d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUObZIEjWHTAgFr/YSwh+NQ0TVGYowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjA1MjAwOTMxMTlaFw0yNzA1MTkwOTM2MTlaMDMxMTAvBgNV
BAMTKDA0QTJDREM2NDZDQzlFODI5QkUxNUU2RjA1OENERTU5OUI1N0REM0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX0wwswoD0EJeeU/tEAwGz7d2T
ra4WovG0PcTd2B/r94+kBlCFjdlD3rz8XoSbb6+XHVpOCh8O/xEYzD6wQCQLUgk/
QWjxYE19haxP/vMmzxeRDmWpwATEvQ+2Iq/1v1nPCkD6HFljo4HYLOGEq19VTewP
J3Eo4ZY3pbRQIN2+kxLtXJXVtvx3YfedtQVLADF8mZJEVGqyITImNJCVtuTkee6/
MqhvUMHHKZhsy6jP6iurIRxBNQHe1FJ/ZtU4Q0xSPD9Lcc+oiwzwfzQNBUJ0BFdi
xjWhiTypSdNY+cUmL2rXkTKD/stSdjq4uGy3eYXaP6X18FQWTB8/+5LVZupdAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUBKLNxkbMnoKb4V5vBYzeWZtX3TwwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACwNZ4w
DQYJKoZIhvcNAQELBQADggEBAJXQD6nV71dGiAgrOuZP4E9yIwKARVCRAeIeoLtN
ngVZbuNPHkFj4zbLpK7sL4T6HHVv7HOlLyLJd14ZTNN8qYSXefWttUAw3G8S6KIB
+MIOzDCtSvtOv6gHrcl95pW0YmcIr5WbbI+mYncM01VhalD8MrPLpe+Xs52oR9G5
GpyGR1Rwz+wZO+NTsRRUusqARRl7qouFqdJXm7EiD6wm3nFXEQL1cS41FELltJKe
IqCnQAfpkJ8KKWtcCKHiWR4/r99VNPFYj259mRweFHuCdaSyW0aPDlUQolAst27B
UIe8PQV0d4k/UpNhaX1x2cn5G1foN35cZSXR6UWqR77uRF0=
-----END CERTIFICATE-----