Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          cToAnPxak2L20YDXhg2/vnwIqeyMviDgUgZ6LsydFTY=
Subject key identifier:   2A:7B:DD:8D:2D:73:C2:84:6A:68:76:CF:4D:40:00:A1:E4:02:20:CB
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       15D6613D43712656DDE682363576ED4C4AFC33F0
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16276.roa
Signing time:             Thu 24 Jul 2025 08:09:41 +0000
ROA not before:           Thu 24 Jul 2025 08:04:41 +0000
ROA not after:            Thu 23 Jul 2026 08:09:41 +0000
asID:                     16276
IP address blocks:        82.22.118.0/24 maxlen: 24
                          82.24.96.0/22 maxlen: 24
                          82.27.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 08:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:d6:61:3d:43:71:26:56:dd:e6:82:36:35:76:ed:4c:4a:fc:33:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 24 08:04:41 2025 GMT
            Not After : Jul 23 08:09:41 2026 GMT
        Subject: CN=2A7BDD8D2D73C2846A6876CF4D4000A1E40220CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:50:40:ac:88:22:ee:e1:c6:82:68:22:75:27:
                    8d:1d:10:67:a6:84:b0:ac:29:29:61:7c:69:2a:2f:
                    eb:84:c7:fe:de:d0:a7:b7:30:22:6f:68:81:62:f4:
                    e0:c5:52:09:31:ae:a4:98:b2:ed:fb:e9:81:a6:b9:
                    17:03:22:5a:de:54:d2:01:e4:23:86:b3:8d:25:91:
                    9f:94:89:e4:71:80:3f:d7:ad:b0:ae:a3:8c:71:bd:
                    d8:e7:aa:4e:4a:99:bc:fa:98:3b:8a:f5:eb:2a:21:
                    66:85:00:8d:96:53:76:15:66:6f:98:49:2a:f4:12:
                    bf:6c:17:71:1a:01:7f:25:86:b3:9d:95:1d:31:d2:
                    ba:a9:fe:d1:95:65:3d:05:c3:ca:c2:86:0f:80:7a:
                    2b:97:a8:f8:f8:0c:e8:cc:08:b5:1a:5b:df:b6:50:
                    0a:18:bf:29:7c:38:db:f9:dc:fc:ae:11:bb:a2:16:
                    a7:03:af:c8:6a:f1:44:b0:fd:33:14:36:1d:f6:f0:
                    c8:c7:f1:a4:a0:b1:6a:21:a1:52:ac:05:61:06:6b:
                    b5:4c:27:4f:47:5b:24:f5:99:09:ff:45:c7:0f:0f:
                    8a:01:f5:d2:26:09:b3:f2:6e:8c:82:a2:70:12:7c:
                    d0:44:93:60:f3:4c:ee:c7:83:be:d6:01:5d:ac:bb:
                    f5:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:7B:DD:8D:2D:73:C2:84:6A:68:76:CF:4D:40:00:A1:E4:02:20:CB
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.118.0/24
                  82.24.96.0/22
                  82.27.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:b8:ad:a4:f2:89:c0:10:d6:73:59:fa:96:78:1e:7b:d6:d2:
         d3:dd:92:00:89:58:f3:d5:7d:2a:68:e0:a8:66:b7:83:02:2b:
         5c:19:3c:df:30:72:20:41:bc:cd:c0:e0:35:d1:d3:e0:59:d5:
         c3:95:42:5f:fb:d6:43:73:e9:96:bc:a9:3d:2e:44:57:fd:4b:
         d1:41:2b:4d:0c:bf:7f:f1:f4:ec:bc:51:79:07:19:b5:4a:61:
         1a:6a:4e:e9:94:fc:bb:3e:22:96:87:90:66:d4:e0:12:d9:d9:
         3a:9b:75:82:4f:b0:45:f9:bc:d9:a4:c2:a8:c5:e7:95:cf:64:
         73:06:12:99:61:fa:56:ff:a2:ef:a4:0b:f6:99:38:83:31:37:
         b7:34:07:4c:dd:ad:3a:69:eb:5b:df:c8:21:95:59:d7:1f:e6:
         d4:af:8b:76:2d:6f:d7:13:0f:ab:f1:3d:cd:01:a6:92:5d:05:
         ef:08:f5:3a:a1:65:68:ad:4a:c0:f6:46:6c:1b:13:b9:55:b3:
         9e:ac:9e:e1:78:bf:f5:ea:37:73:f1:a3:0e:7b:10:af:6f:47:
         aa:ed:92:2c:e4:6a:ee:0d:11:ad:62:45:ed:4a:68:fa:6d:c4:
         fb:0f:4f:1d:f0:e0:86:44:46:18:ca:1b:d0:bc:51:7f:89:18:
         1e:56:5b:8c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUFdZhPUNxJlbd5oI2NXbtTEr8M/AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MjQwODA0NDFaFw0yNjA3MjMwODA5NDFaMDMxMTAvBgNV
BAMTKDJBN0JERDhEMkQ3M0MyODQ2QTY4NzZDRjRENDAwMEExRTQwMjIwQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcUECsiCLu4caCaCJ1J40dEGem
hLCsKSlhfGkqL+uEx/7e0Ke3MCJvaIFi9ODFUgkxrqSYsu376YGmuRcDIlreVNIB
5COGs40lkZ+UieRxgD/XrbCuo4xxvdjnqk5Kmbz6mDuK9esqIWaFAI2WU3YVZm+Y
SSr0Er9sF3EaAX8lhrOdlR0x0rqp/tGVZT0Fw8rChg+AeiuXqPj4DOjMCLUaW9+2
UAoYvyl8ONv53PyuEbuiFqcDr8hq8USw/TMUNh328MjH8aSgsWohoVKsBWEGa7VM
J09HWyT1mQn/RccPD4oB9dImCbPyboyConASfNBEk2DzTO7Hg77WAV2su/XNAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUKnvdjS1zwoRqaHbPTUAAoeQCIMswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABSFnYD
BAJSGGADBABSG8UwDQYJKoZIhvcNAQELBQADggEBAHK4raTyicAQ1nNZ+pZ4HnvW
0tPdkgCJWPPVfSpo4Khmt4MCK1wZPN8wciBBvM3A4DXR0+BZ1cOVQl/71kNz6Za8
qT0uRFf9S9FBK00Mv3/x9Oy8UXkHGbVKYRpqTumU/Ls+IpaHkGbU4BLZ2TqbdYJP
sEX5vNmkwqjF55XPZHMGEplh+lb/ou+kC/aZOIMxN7c0B0zdrTpp61vfyCGVWdcf
5tSvi3Ytb9cTD6vxPc0BppJdBe8I9TqhZWitSsD2RmwbE7lVs56snuF4v/XqN3Px
ow57EK9vR6rtkizkau4NEa1iRe1KaPptxPsPTx3w4IZERhjKG9C8UX+JGB5WW4w=
-----END CERTIFICATE-----