Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16589.roa
File:                     AS16589.roa (raw, json)
Hash identifier:          c78ic2UgX6icR+yNFB4yYs9DedzWSv1VkjI08nQbmus=
Subject key identifier:   75:06:3B:23:D5:B7:B5:F8:75:A8:3C:D6:A9:D2:0F:A6:09:04:D5:49
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       793B227EC74CD780EA5BA422CEF8750C5EB57B6B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16589.roa
Signing time:             Thu 05 Feb 2026 21:55:37 +0000
ROA not before:           Thu 05 Feb 2026 21:50:37 +0000
ROA not after:            Thu 04 Feb 2027 21:55:37 +0000
asID:                     16589
IP address blocks:        82.23.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:3b:22:7e:c7:4c:d7:80:ea:5b:a4:22:ce:f8:75:0c:5e:b5:7b:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb  5 21:50:37 2026 GMT
            Not After : Feb  4 21:55:37 2027 GMT
        Subject: CN=75063B23D5B7B5F875A83CD6A9D20FA60904D549
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:8c:92:06:46:ce:bb:eb:1c:29:ba:61:aa:85:
                    01:1f:f2:58:05:1a:af:7b:81:38:b6:a9:18:7b:58:
                    3f:a3:68:3b:fd:82:5c:24:8e:e4:95:14:62:34:f6:
                    5a:54:8f:ee:60:9d:49:97:91:a8:68:5c:b3:12:ed:
                    bf:aa:07:b3:21:69:c7:3b:4b:09:9e:d4:93:26:a2:
                    08:1b:c7:bd:a3:18:bb:9a:60:e1:fa:39:d0:b5:e9:
                    70:57:d9:43:3f:6c:d7:68:38:4a:43:d8:5c:a7:27:
                    f6:93:2a:bc:0b:4f:dd:a4:62:18:8c:d5:20:62:69:
                    5a:85:8b:9c:d1:51:ff:fb:71:a6:93:3b:72:b0:81:
                    c3:75:ca:17:0a:e2:0a:d4:87:b8:dc:85:ce:f2:b0:
                    f8:83:04:0f:46:d4:08:98:b7:7f:75:19:ce:d3:c5:
                    2a:8d:af:79:8b:15:99:fe:c7:4b:dc:85:18:df:28:
                    85:16:c5:0b:1f:a8:e9:c5:3d:27:2d:15:a3:b0:b7:
                    95:47:7c:67:dc:45:34:59:05:8d:4b:3b:ad:f4:c7:
                    21:90:85:38:1f:91:84:db:49:f8:e1:4e:c0:41:92:
                    d2:92:97:6f:ee:5d:e2:1f:9d:5d:47:ca:d6:73:db:
                    57:e9:ea:c2:37:94:e6:f2:77:a9:1a:fd:51:b3:9e:
                    ff:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:06:3B:23:D5:B7:B5:F8:75:A8:3C:D6:A9:D2:0F:A6:09:04:D5:49
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16589.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:64:f4:98:ed:db:83:78:f5:53:a8:8a:e5:86:42:5e:0e:c6:
         42:b4:97:e3:40:bb:c5:b5:fa:43:9b:db:5f:c1:ac:5d:52:d4:
         cb:6e:7f:00:d5:84:30:53:92:18:57:0f:c8:c2:1b:7d:28:55:
         e1:e6:a7:85:39:5c:58:db:f5:86:14:b7:1f:01:2d:66:e7:d1:
         89:76:f5:c3:b8:55:44:d0:d2:7c:a1:bd:b6:32:fc:b8:53:f8:
         42:2b:54:80:5f:98:c7:af:ff:4c:b3:2f:11:84:ee:9b:bd:0c:
         a9:a0:82:2f:e5:41:1b:0f:3b:18:12:8b:27:8a:c8:40:9a:fc:
         9a:52:5b:bd:9f:ad:7b:b2:40:c3:f4:f1:31:b4:76:80:31:97:
         92:70:80:ad:70:ce:5b:af:d5:e5:87:4e:f4:af:0a:55:ed:77:
         60:f7:d6:63:41:05:1a:bd:70:75:8d:be:5b:ee:bd:05:1f:7b:
         37:9f:ff:39:53:4b:34:7e:58:27:2b:97:4c:1f:bc:61:fb:8d:
         5d:90:1c:b0:12:bf:85:f7:11:cc:10:3f:c8:44:dd:de:5c:97:
         c6:3f:60:db:c9:c5:2f:7f:03:9a:02:72:e4:d4:1c:20:84:e5:
         29:16:76:3e:c1:b6:85:27:f3:68:de:1d:0d:ff:7e:2d:89:63:
         3e:04:0c:28
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUeTsifsdM14DqW6Qizvh1DF61e2swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMDUyMTUwMzdaFw0yNzAyMDQyMTU1MzdaMDMxMTAvBgNV
BAMTKDc1MDYzQjIzRDVCN0I1Rjg3NUE4M0NENkE5RDIwRkE2MDkwNEQ1NDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/jJIGRs676xwpumGqhQEf8lgF
Gq97gTi2qRh7WD+jaDv9glwkjuSVFGI09lpUj+5gnUmXkahoXLMS7b+qB7Mhacc7
Swme1JMmoggbx72jGLuaYOH6OdC16XBX2UM/bNdoOEpD2FynJ/aTKrwLT92kYhiM
1SBiaVqFi5zRUf/7caaTO3KwgcN1yhcK4grUh7jchc7ysPiDBA9G1AiYt391Gc7T
xSqNr3mLFZn+x0vchRjfKIUWxQsfqOnFPSctFaOwt5VHfGfcRTRZBY1LO630xyGQ
hTgfkYTbSfjhTsBBktKSl2/uXeIfnV1HytZz21fp6sI3lObyd6ka/VGznv8zAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUdQY7I9W3tfh1qDzWqdIPpgkE1UkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTY1ODkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSF6gw
DQYJKoZIhvcNAQELBQADggEBABNk9Jjt24N49VOoiuWGQl4OxkK0l+NAu8W1+kOb
21/BrF1S1MtufwDVhDBTkhhXD8jCG30oVeHmp4U5XFjb9YYUtx8BLWbn0Yl29cO4
VUTQ0nyhvbYy/LhT+EIrVIBfmMev/0yzLxGE7pu9DKmggi/lQRsPOxgSiyeKyECa
/JpSW72frXuyQMP08TG0doAxl5JwgK1wzluv1eWHTvSvClXtd2D31mNBBRq9cHWN
vlvuvQUfezef/zlTSzR+WCcrl0wfvGH7jV2QHLASv4X3EcwQP8hE3d5cl8Y/YNvJ
xS9/A5oCcuTUHCCE5SkWdj7BtoUn82jeHQ3/fi2JYz4EDCg=
-----END CERTIFICATE-----