Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          mAxwXJ2mA5FILlpb/Ctch5cA/ruBN2kANClbRkT/ZuQ=
Subject key identifier:   AA:72:D3:59:91:03:BA:FC:44:4F:B1:BB:F9:46:68:39:5A:61:56:50
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       3372D9E568BF596248AB4D1EDBED96D0C00B74BB
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
Signing time:             Wed 11 Jun 2025 20:26:37 +0000
ROA not before:           Wed 11 Jun 2025 20:21:37 +0000
ROA not after:            Wed 10 Jun 2026 20:26:37 +0000
asID:                     16276
IP address blocks:        193.111.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:72:d9:e5:68:bf:59:62:48:ab:4d:1e:db:ed:96:d0:c0:0b:74:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 11 20:21:37 2025 GMT
            Not After : Jun 10 20:26:37 2026 GMT
        Subject: CN=AA72D3599103BAFC444FB1BBF94668395A615650
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:14:3f:3c:41:41:b9:0b:3f:28:c3:12:6f:30:
                    b1:95:3d:1a:8f:c9:58:4c:3e:e8:90:3e:81:82:91:
                    76:8d:66:e8:b0:73:b3:4e:87:85:d3:51:dd:af:ab:
                    41:c2:20:cc:e3:14:18:2c:88:ca:a3:93:f0:8a:2a:
                    ad:dc:de:3f:78:ed:08:54:c7:d0:64:fe:f9:a0:5b:
                    83:c0:4c:25:d1:33:62:c9:54:12:c1:72:97:86:da:
                    03:09:74:c5:15:2a:ea:6e:cf:a7:2e:4c:ac:11:a9:
                    49:5f:7e:ba:db:9b:e4:43:6a:1e:30:f0:47:ef:81:
                    d8:f9:f1:a7:60:a5:a9:4b:68:de:7a:40:11:6b:1a:
                    1c:72:16:a9:b9:c6:48:6b:23:5d:c3:ec:19:b1:16:
                    c6:43:0d:cd:03:ca:d0:25:06:8d:3a:ad:a7:60:d6:
                    ea:20:bf:20:4f:cb:f1:1d:7d:9d:05:da:38:c4:b9:
                    fc:df:5c:3e:c5:37:98:21:48:86:10:13:db:02:11:
                    53:6a:3b:b6:76:1a:b9:6a:1c:77:e9:7e:c8:ed:bf:
                    89:63:fa:76:ad:91:4a:32:f3:0c:be:6a:ba:04:ac:
                    f7:88:c3:bf:63:a7:64:67:77:de:d3:72:22:25:0a:
                    c2:90:cf:0d:ad:0a:ea:a6:93:22:57:26:36:8d:08:
                    94:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:72:D3:59:91:03:BA:FC:44:4F:B1:BB:F9:46:68:39:5A:61:56:50
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:1d:74:65:a4:1b:e6:93:85:90:91:46:ac:32:0a:f8:c5:f3:
         87:a0:eb:e7:2a:89:bd:1d:1c:5b:88:ec:1a:80:51:dc:b6:6b:
         6f:58:cb:97:59:a3:99:39:e5:c0:72:ae:18:d9:5a:c5:75:4c:
         70:f3:b5:16:e5:cd:d8:d5:cd:35:39:57:02:75:42:b0:89:e9:
         b2:be:eb:f0:a7:bc:a8:57:d1:ff:26:33:41:5a:0c:54:76:b2:
         76:3b:20:39:2f:b8:4f:b0:de:e9:ed:f4:ea:b9:ac:bb:32:e1:
         6a:10:73:82:ca:76:8f:fe:c6:23:db:9a:69:9d:5c:1a:8d:25:
         ba:e3:22:24:69:06:2f:7b:a7:6a:8a:d4:f4:0b:97:29:ce:59:
         74:98:33:76:b6:d0:18:fe:f9:26:31:1d:49:07:9a:6a:e2:bf:
         de:df:c8:b5:0e:b4:71:28:32:42:3a:05:da:12:94:4b:25:e8:
         6e:6b:9b:cc:10:04:cc:c4:ed:7c:09:f5:86:45:43:7e:4c:99:
         0c:e1:10:64:3c:ab:fd:ce:23:e4:d6:02:57:da:b4:31:36:5a:
         bd:27:bc:99:d6:89:87:33:a7:fc:a3:14:67:46:39:7e:ab:24:
         06:ab:4b:e6:59:50:7e:10:36:fe:1e:12:d3:1a:d9:c8:30:60:
         46:27:90:72
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUM3LZ5Wi/WWJIq00e2+2W0MALdLswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA2MTEyMDIxMzdaFw0yNjA2MTAyMDI2MzdaMDMxMTAvBgNV
BAMTKEFBNzJEMzU5OTEwM0JBRkM0NDRGQjFCQkY5NDY2ODM5NUE2MTU2NTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSFD88QUG5Cz8owxJvMLGVPRqP
yVhMPuiQPoGCkXaNZuiwc7NOh4XTUd2vq0HCIMzjFBgsiMqjk/CKKq3c3j947QhU
x9Bk/vmgW4PATCXRM2LJVBLBcpeG2gMJdMUVKupuz6cuTKwRqUlffrrbm+RDah4w
8Efvgdj58adgpalLaN56QBFrGhxyFqm5xkhrI13D7BmxFsZDDc0DytAlBo06radg
1uogvyBPy/EdfZ0F2jjEufzfXD7FN5ghSIYQE9sCEVNqO7Z2GrlqHHfpfsjtv4lj
+natkUoy8wy+aroErPeIw79jp2Rnd97TciIlCsKQzw2tCuqmkyJXJjaNCJTNAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUqnLTWZEDuvxET7G7+UZoOVphVlAwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBb3Uw
DQYJKoZIhvcNAQELBQADggEBABMddGWkG+aThZCRRqwyCvjF84eg6+cqib0dHFuI
7BqAUdy2a29Yy5dZo5k55cByrhjZWsV1THDztRblzdjVzTU5VwJ1QrCJ6bK+6/Cn
vKhX0f8mM0FaDFR2snY7IDkvuE+w3unt9Oq5rLsy4WoQc4LKdo/+xiPbmmmdXBqN
JbrjIiRpBi97p2qK1PQLlynOWXSYM3a20Bj++SYxHUkHmmriv97fyLUOtHEoMkI6
BdoSlEsl6G5rm8wQBMzE7XwJ9YZFQ35MmQzhEGQ8q/3OI+TWAlfatDE2Wr0nvJnW
iYczp/yjFGdGOX6rJAarS+ZZUH4QNv4eEtMa2cgwYEYnkHI=
-----END CERTIFICATE-----