Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          3kWz2xZkQ0j0Gq8tE0H6JZK5gSlSpsgG1Gs2fS7z9hs=
Subject key identifier:   E6:09:D8:82:BE:03:99:FA:10:01:EA:2D:B3:39:57:22:7E:95:68:A5
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6E910D6260436EE7DDB0956AE2554EE949CF1C0E
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
Signing time:             Wed 23 Jul 2025 11:40:48 +0000
ROA not before:           Wed 23 Jul 2025 11:35:48 +0000
ROA not after:            Wed 22 Jul 2026 11:40:48 +0000
asID:                     16276
IP address blocks:        45.149.185.0/24 maxlen: 24
                          193.111.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 00:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:91:0d:62:60:43:6e:e7:dd:b0:95:6a:e2:55:4e:e9:49:cf:1c:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jul 23 11:35:48 2025 GMT
            Not After : Jul 22 11:40:48 2026 GMT
        Subject: CN=E609D882BE0399FA1001EA2DB33957227E9568A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:5d:d4:15:f5:29:aa:57:e2:39:0b:91:02:59:
                    a7:f7:e0:a4:ef:cb:6d:41:00:7c:da:d1:55:37:f9:
                    a4:4a:7b:05:1f:14:da:ee:39:c2:9a:b2:e4:c4:5b:
                    60:f2:9e:97:f8:f6:88:83:e5:90:b8:b8:ce:97:80:
                    0e:90:37:a0:91:d1:06:eb:b5:38:5a:86:4e:2c:f2:
                    69:2b:f0:b0:ef:f8:0f:03:4b:55:ec:95:a0:5c:81:
                    5b:e6:83:30:b4:d0:eb:40:88:0e:f3:0a:e3:05:fc:
                    8a:e1:bb:4e:38:73:e5:9c:a6:72:9d:c5:a5:a0:d6:
                    ca:fb:f6:89:22:ba:57:cd:0d:a0:dd:3f:70:08:be:
                    fd:d7:ce:b2:67:47:ca:c7:5e:07:4b:cd:c9:f0:11:
                    f1:17:71:35:49:03:20:04:39:b2:7a:35:3b:de:cb:
                    86:a6:4c:2f:ee:1d:66:ee:23:1a:8b:ff:c7:92:92:
                    70:02:4b:b2:8f:cd:0e:bc:c2:a8:18:9f:93:2a:55:
                    10:85:cd:f5:30:cd:cc:ba:84:a2:23:b8:6c:e5:21:
                    15:7a:72:cd:fc:cb:d5:24:38:5b:e8:3c:bd:99:84:
                    3a:de:f1:5f:fa:5d:d3:c8:9f:9e:8d:9c:1e:05:03:
                    65:5c:24:0e:af:aa:45:95:b5:ad:7b:2d:88:48:1f:
                    ac:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:09:D8:82:BE:03:99:FA:10:01:EA:2D:B3:39:57:22:7E:95:68:A5
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.185.0/24
                  193.111.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:eb:3f:fa:8e:f5:ca:28:47:75:ae:c9:b8:b3:05:a1:11:88:
         24:b8:5a:34:63:66:8c:70:bc:81:ca:78:11:de:e4:eb:5f:3e:
         b9:0e:85:5b:1b:b3:03:62:fd:57:ae:7c:7c:33:1b:6d:08:6a:
         2f:3f:93:2f:eb:79:c7:87:25:9c:e0:d8:89:2b:fd:d8:33:73:
         8c:d8:bc:03:10:5d:f5:12:7e:c2:a9:c9:b9:b0:1d:40:df:95:
         72:31:bc:1f:e7:87:f6:0d:87:5c:99:c7:f2:6b:38:a6:28:35:
         66:e8:e2:cc:e0:f1:8b:6d:fb:8b:d8:84:29:fc:68:94:81:37:
         fe:93:7a:7a:2a:31:15:04:e5:d9:88:bc:4c:59:e4:72:38:37:
         b8:57:e8:88:cd:11:d5:88:ed:ce:2b:34:90:da:de:d2:d9:6f:
         82:0f:ec:74:92:9d:3d:ca:12:06:8e:8a:4b:51:ce:ed:a0:74:
         12:7c:bb:d7:05:04:10:c4:e9:e7:08:5c:99:a8:9b:05:00:b2:
         a4:a5:a3:cd:75:2c:dd:2a:64:91:5f:ac:e0:9c:79:60:0a:94:
         74:03:70:8c:24:16:a9:1d:a5:d3:0c:1c:e0:46:21:5c:64:e1:
         e4:0e:cd:24:5d:53:df:14:33:58:76:93:45:ab:b1:dc:6c:fb:
         66:65:54:c2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUbpENYmBDbufdsJVq4lVO6UnPHA4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA3MjMxMTM1NDhaFw0yNjA3MjIxMTQwNDhaMDMxMTAvBgNV
BAMTKEU2MDlEODgyQkUwMzk5RkExMDAxRUEyREIzMzk1NzIyN0U5NTY4QTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1XdQV9SmqV+I5C5ECWaf34KTv
y21BAHza0VU3+aRKewUfFNruOcKasuTEW2Dynpf49oiD5ZC4uM6XgA6QN6CR0Qbr
tThahk4s8mkr8LDv+A8DS1XslaBcgVvmgzC00OtAiA7zCuMF/Irhu044c+WcpnKd
xaWg1sr79okiulfNDaDdP3AIvv3XzrJnR8rHXgdLzcnwEfEXcTVJAyAEObJ6NTve
y4amTC/uHWbuIxqL/8eSknACS7KPzQ68wqgYn5MqVRCFzfUwzcy6hKIjuGzlIRV6
cs38y9UkOFvoPL2ZhDre8V/6XdPIn56NnB4FA2VcJA6vqkWVta17LYhIH6zZAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU5gnYgr4DmfoQAeotszlXIn6VaKUwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtlbkD
BADBb3UwDQYJKoZIhvcNAQELBQADggEBAK3rP/qO9cooR3WuybizBaERiCS4WjRj
ZoxwvIHKeBHe5OtfPrkOhVsbswNi/VeufHwzG20Iai8/ky/receHJZzg2Ikr/dgz
c4zYvAMQXfUSfsKpybmwHUDflXIxvB/nh/YNh1yZx/JrOKYoNWbo4szg8Ytt+4vY
hCn8aJSBN/6TenoqMRUE5dmIvExZ5HI4N7hX6IjNEdWI7c4rNJDa3tLZb4IP7HSS
nT3KEgaOiktRzu2gdBJ8u9cFBBDE6ecIXJmomwUAsqSlo811LN0qZJFfrOCceWAK
lHQDcIwkFqkdpdMMHOBGIVxk4eQOzSRdU98UM1h2k0Wrsdxs+2ZlVMI=
-----END CERTIFICATE-----