Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          waMQko5aU49/MK6yOQqfXpvXwFlfgEihRqLdz8ujMN4=
Subject key identifier:   EA:D4:CE:AF:4D:14:F0:13:17:04:02:C5:1E:E1:01:09:62:53:11:F8
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0B824F1B82B3E595E598874DECF49753238ECA7F
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
Signing time:             Fri 12 Jun 2026 13:32:57 +0000
ROA not before:           Fri 12 Jun 2026 13:27:57 +0000
ROA not after:            Fri 11 Jun 2027 13:32:57 +0000
asID:                     16276
IP address blocks:        45.149.185.0/24 maxlen: 24
                          45.158.9.0/24 maxlen: 24
                          193.111.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 17:54:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:82:4f:1b:82:b3:e5:95:e5:98:87:4d:ec:f4:97:53:23:8e:ca:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 12 13:27:57 2026 GMT
            Not After : Jun 11 13:32:57 2027 GMT
        Subject: CN=EAD4CEAF4D14F013170402C51EE10109625311F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:62:41:1f:87:57:11:d4:bc:65:da:d0:b7:84:
                    33:b6:0b:0e:cc:1e:fb:30:c8:bb:3b:ff:5f:22:47:
                    58:0e:4a:9e:57:bc:d8:00:5b:0b:38:bf:25:a4:1f:
                    56:3e:a3:64:f7:f8:04:ae:4c:db:03:7d:b3:08:a6:
                    89:08:5f:49:fc:ed:75:e6:54:e9:08:d2:2a:7a:39:
                    3a:ec:0f:7f:cd:dd:f5:49:9b:ad:f6:40:30:e3:b8:
                    eb:6a:1a:9c:a1:41:1a:50:84:fa:80:08:70:c9:e0:
                    74:50:42:04:04:98:02:a3:69:5e:a7:e6:ee:97:1b:
                    42:4f:95:21:6d:89:1e:97:f2:a5:a2:e1:66:79:f5:
                    fe:58:c1:48:f2:dd:6e:cc:e5:f5:0a:1f:e2:32:54:
                    30:a7:47:3a:5a:68:57:fe:12:91:18:55:fa:63:38:
                    5a:f4:03:77:e1:1f:23:f5:e4:2c:43:5b:0e:29:a1:
                    18:24:7b:a2:06:dd:76:44:41:26:35:8e:81:73:bc:
                    8f:13:01:d6:bd:17:82:c1:d4:06:a3:43:4b:84:ad:
                    ac:ae:53:34:df:25:64:cf:8a:e7:c0:af:94:2d:df:
                    a7:56:bb:f0:f8:55:a1:48:d8:45:c2:4a:7d:91:82:
                    5d:fa:a9:83:27:2e:54:56:08:3c:7a:c6:6b:74:e4:
                    c3:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:D4:CE:AF:4D:14:F0:13:17:04:02:C5:1E:E1:01:09:62:53:11:F8
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.185.0/24
                  45.158.9.0/24
                  193.111.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:a0:fd:61:08:23:9a:36:3b:0d:ae:f8:41:b3:fb:bb:2c:e5:
         b1:9e:67:35:b6:2c:33:e6:e7:6f:af:87:ed:ff:09:c0:21:eb:
         be:73:16:a0:0c:55:35:0b:5a:bf:c2:ba:b1:c0:dc:88:74:0a:
         aa:b3:40:18:10:53:b3:48:d6:44:30:b3:14:ae:bb:f2:a1:86:
         d0:4c:11:e7:44:10:3c:a7:22:5d:eb:06:1d:fc:d7:e2:65:77:
         d1:47:a8:d0:67:65:6c:03:c4:0e:16:10:90:63:03:11:60:7b:
         e6:16:8e:59:2a:f7:d4:de:9a:b0:ef:e5:a9:fe:60:eb:41:ad:
         ce:71:f1:2b:75:0a:a3:ca:14:f8:84:6c:5f:5d:73:81:6c:03:
         25:8a:8c:15:e4:d4:4f:aa:ee:32:ce:3c:97:a6:2d:5c:25:45:
         76:a6:fc:23:c5:38:fe:c4:75:c4:fa:53:cb:7d:46:c3:07:4f:
         a1:39:0d:f8:d8:d4:c0:98:d6:5b:ef:d1:bb:60:b0:f6:ab:89:
         b5:41:28:29:9d:40:61:19:91:b3:6a:75:a2:31:17:58:5c:9b:
         ba:dd:c6:59:06:22:2d:2a:db:0a:ac:79:4b:52:6f:05:8c:f3:
         d3:82:cc:42:c9:ff:38:1e:e0:f2:f3:cf:3d:46:fe:2b:35:f6:
         ce:95:f2:c6
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUC4JPG4Kz5ZXlmIdN7PSXUyOOyn8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA2MTIxMzI3NTdaFw0yNzA2MTExMzMyNTdaMDMxMTAvBgNV
BAMTKEVBRDRDRUFGNEQxNEYwMTMxNzA0MDJDNTFFRTEwMTA5NjI1MzExRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0YkEfh1cR1Lxl2tC3hDO2Cw7M
HvswyLs7/18iR1gOSp5XvNgAWws4vyWkH1Y+o2T3+ASuTNsDfbMIpokIX0n87XXm
VOkI0ip6OTrsD3/N3fVJm632QDDjuOtqGpyhQRpQhPqACHDJ4HRQQgQEmAKjaV6n
5u6XG0JPlSFtiR6X8qWi4WZ59f5YwUjy3W7M5fUKH+IyVDCnRzpaaFf+EpEYVfpj
OFr0A3fhHyP15CxDWw4poRgke6IG3XZEQSY1joFzvI8TAda9F4LB1AajQ0uErayu
UzTfJWTPiufAr5Qt36dWu/D4VaFI2EXCSn2Rgl36qYMnLlRWCDx6xmt05MNBAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU6tTOr00U8BMXBALFHuEBCWJTEfgwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAAtlbkD
BAAtngkDBADBb3UwDQYJKoZIhvcNAQELBQADggEBAEug/WEII5o2Ow2u+EGz+7ss
5bGeZzW2LDPm52+vh+3/CcAh675zFqAMVTULWr/CurHA3Ih0CqqzQBgQU7NI1kQw
sxSuu/KhhtBMEedEEDynIl3rBh381+Jld9FHqNBnZWwDxA4WEJBjAxFge+YWjlkq
99TemrDv5an+YOtBrc5x8St1CqPKFPiEbF9dc4FsAyWKjBXk1E+q7jLOPJemLVwl
RXam/CPFOP7EdcT6U8t9RsMHT6E5DfjY1MCY1lvv0btgsParibVBKCmdQGEZkbNq
daIxF1hcm7rdxlkGIi0q2wqseUtSbwWM89OCzELJ/zge4PLzzz1G/is19s6V8sY=
-----END CERTIFICATE-----