Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          Y9qJ1F3Nu6xIWj49pMEwGQSKOWK9ga1d5Ghx99HoOow=
Subject key identifier:   CF:CC:9B:D7:23:83:FC:C1:F8:CD:86:E2:97:04:00:B3:0E:97:44:5F
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       200FC97FDA527CC058802D90610EEC8CF96E7A91
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
Signing time:             Sat 01 Nov 2025 00:09:07 +0000
ROA not before:           Sat 01 Nov 2025 00:04:07 +0000
ROA not after:            Sat 31 Oct 2026 00:09:07 +0000
asID:                     16276
IP address blocks:        45.149.185.0/24 maxlen: 24
                          193.111.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 10:49:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:0f:c9:7f:da:52:7c:c0:58:80:2d:90:61:0e:ec:8c:f9:6e:7a:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov  1 00:04:07 2025 GMT
            Not After : Oct 31 00:09:07 2026 GMT
        Subject: CN=CFCC9BD72383FCC1F8CD86E2970400B30E97445F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:43:4a:33:a5:5c:52:75:83:c2:56:f8:8a:ce:
                    24:0f:63:5d:0b:67:15:5f:61:8b:3d:34:b6:9f:d9:
                    a3:4c:17:9f:13:2c:0d:4a:2f:26:b5:cd:8c:4c:90:
                    de:2b:87:d2:85:6c:d5:b3:9e:ac:87:30:df:eb:d7:
                    3d:72:47:05:93:21:c3:88:59:af:a2:18:a8:a3:02:
                    db:cd:38:e4:22:1f:f9:70:b5:ef:1e:5c:43:1c:73:
                    9c:1e:8a:fd:5f:42:b5:cc:8c:e7:d9:9c:23:93:44:
                    6e:9c:53:57:32:4b:15:79:db:3a:93:e0:74:ef:e3:
                    3b:de:50:b4:9c:ca:64:9f:39:ec:d1:d8:ae:2c:28:
                    ec:a6:6a:8e:11:bb:16:2d:9a:82:7f:ee:06:dc:df:
                    4a:1b:1e:36:3e:79:48:b9:3a:9b:ac:e7:b4:19:a1:
                    c1:8a:4f:b3:9d:a5:cb:32:1a:c0:a5:c8:10:e6:3e:
                    25:19:48:97:70:3f:80:67:81:69:f7:6b:ae:3a:a0:
                    4b:db:a0:75:db:8c:0d:8c:70:9b:ab:5f:9a:49:f3:
                    57:83:cd:41:84:bc:13:ad:30:fb:0b:f5:80:ba:29:
                    9e:7b:d0:51:fc:ce:e3:82:3f:b0:98:7f:0d:d9:57:
                    88:e5:ac:bf:5c:5a:9b:f3:e4:58:53:6d:ce:2b:25:
                    83:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:CC:9B:D7:23:83:FC:C1:F8:CD:86:E2:97:04:00:B3:0E:97:44:5F
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.185.0/24
                  193.111.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:14:46:90:97:c0:f6:1a:53:8e:1b:17:f1:48:2d:47:de:12:
         28:f2:96:01:0e:39:fb:67:e9:4e:4f:08:61:48:a1:65:c6:9d:
         c8:18:98:65:24:be:d3:65:ef:ff:50:9e:2f:a2:81:29:2d:1f:
         79:69:41:e8:bc:1c:33:9e:f4:83:59:9f:16:e0:5a:f0:4a:7f:
         0d:5a:e9:56:1f:5f:a8:c2:fe:cc:a9:88:24:38:15:81:aa:8c:
         a6:85:5b:36:4c:b9:e2:12:4d:e8:44:88:b5:24:64:0b:04:f0:
         8d:a5:3a:ec:10:5f:dd:6e:25:c1:77:2c:fd:0f:db:bb:30:aa:
         07:85:87:06:07:f0:8b:f8:3e:86:8f:a3:2d:56:ba:90:97:a5:
         3b:3a:3e:c8:ca:31:7e:3e:85:8e:60:e4:48:52:31:12:0a:7c:
         b0:6d:8f:be:ed:72:b3:12:c7:17:00:13:e7:61:0e:90:4c:9c:
         2c:f4:81:3e:75:77:ba:e7:3a:c6:5d:0f:36:af:dc:2a:1f:3d:
         f1:14:17:0f:cc:77:59:ba:3e:ca:b6:d2:5f:e1:ec:0a:1c:0c:
         c8:31:e4:fe:42:9f:46:ff:84:8a:52:f4:67:75:d0:f5:98:4d:
         21:98:79:12:08:3f:30:e0:e0:bd:73:f1:54:4c:ca:4f:92:ae:
         d1:55:27:fc
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUIA/Jf9pSfMBYgC2QYQ7sjPluepEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTExMDEwMDA0MDdaFw0yNjEwMzEwMDA5MDdaMDMxMTAvBgNV
BAMTKENGQ0M5QkQ3MjM4M0ZDQzFGOENEODZFMjk3MDQwMEIzMEU5NzQ0NUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxQ0ozpVxSdYPCVviKziQPY10L
ZxVfYYs9NLaf2aNMF58TLA1KLya1zYxMkN4rh9KFbNWznqyHMN/r1z1yRwWTIcOI
Wa+iGKijAtvNOOQiH/lwte8eXEMcc5weiv1fQrXMjOfZnCOTRG6cU1cySxV52zqT
4HTv4zveULScymSfOezR2K4sKOymao4RuxYtmoJ/7gbc30obHjY+eUi5Opus57QZ
ocGKT7OdpcsyGsClyBDmPiUZSJdwP4BngWn3a646oEvboHXbjA2McJurX5pJ81eD
zUGEvBOtMPsL9YC6KZ570FH8zuOCP7CYfw3ZV4jlrL9cWpvz5FhTbc4rJYMPAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUz8yb1yOD/MH4zYbilwQAsw6XRF8wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtlbkD
BADBb3UwDQYJKoZIhvcNAQELBQADggEBAGYURpCXwPYaU44bF/FILUfeEijylgEO
Oftn6U5PCGFIoWXGncgYmGUkvtNl7/9Qni+igSktH3lpQei8HDOe9INZnxbgWvBK
fw1a6VYfX6jC/sypiCQ4FYGqjKaFWzZMueISTehEiLUkZAsE8I2lOuwQX91uJcF3
LP0P27swqgeFhwYH8Iv4PoaPoy1WupCXpTs6PsjKMX4+hY5g5EhSMRIKfLBtj77t
crMSxxcAE+dhDpBMnCz0gT51d7rnOsZdDzav3CofPfEUFw/Md1m6Psq20l/h7Aoc
DMgx5P5Cn0b/hIpS9Gd10PWYTSGYeRIIPzDg4L1z8VRMyk+SrtFVJ/w=
-----END CERTIFICATE-----