Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          3IRLRCmV6L7wqxrpPFIjZd5tzKfUqMj96fOvmsEs0vU=
Subject key identifier:   48:75:44:3A:01:41:B9:92:DA:52:00:4B:52:36:9F:06:0F:38:C6:97
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       296456E17BBF1B07294603183506993853E8F78A
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS16509.roa
Signing time:             Sun 29 Mar 2026 13:36:53 +0000
ROA not before:           Sun 29 Mar 2026 13:31:53 +0000
ROA not after:            Sun 28 Mar 2027 13:36:53 +0000
asID:                     16509
IP address blocks:        2a14:7580:ff9f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 18:07:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:64:56:e1:7b:bf:1b:07:29:46:03:18:35:06:99:38:53:e8:f7:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Mar 29 13:31:53 2026 GMT
            Not After : Mar 28 13:36:53 2027 GMT
        Subject: CN=4875443A0141B992DA52004B52369F060F38C697
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:fd:aa:ce:5c:61:cc:77:9c:3c:b8:7a:a0:bf:
                    e5:39:60:14:4a:1a:8d:fa:35:76:bd:af:93:96:87:
                    61:5e:58:95:fe:c0:96:32:a9:4d:a1:b3:e3:e3:72:
                    46:de:8b:02:65:52:95:b7:ec:67:72:37:dd:aa:38:
                    41:be:cc:20:08:a0:df:b8:4d:9d:c7:97:09:5a:9a:
                    fe:87:bb:35:65:4f:f9:98:71:dd:85:46:36:9f:15:
                    3b:49:24:c3:12:80:a0:bf:e1:de:a0:46:b0:c0:f0:
                    ee:2a:de:99:21:dd:71:26:11:bd:f9:63:c7:4a:c0:
                    52:fa:95:a9:7b:4f:d7:53:f6:dd:79:c1:3c:e8:d3:
                    d8:4a:f3:25:f7:c6:e7:8f:32:30:e9:4c:ab:82:4d:
                    22:bf:2e:e7:e2:4c:ef:85:fb:60:70:59:f0:ca:36:
                    50:d0:e7:a0:f5:33:1a:f5:15:72:82:7d:27:46:c3:
                    48:07:ed:ed:0a:aa:95:63:f8:77:22:d6:66:6f:e9:
                    58:97:98:8b:e9:0b:6a:dc:49:61:c0:fe:bd:dd:79:
                    05:6a:4a:af:b6:88:f0:1b:ec:8d:e8:1b:12:e1:be:
                    46:ee:ea:06:03:9d:fd:91:f3:41:27:b5:c8:61:a2:
                    48:91:cd:2f:08:5b:63:95:8e:a3:1a:10:9f:c4:a9:
                    e2:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:75:44:3A:01:41:B9:92:DA:52:00:4B:52:36:9F:06:0F:38:C6:97
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:ff9f::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:67:8d:75:cc:7d:39:f6:47:04:37:5b:db:15:20:bc:d9:3e:
         97:0a:0f:0b:a5:f5:ef:e4:3e:74:35:f5:fc:ad:5f:fe:fb:dd:
         79:9d:59:95:a2:ba:c0:53:71:a8:90:50:a0:97:db:d8:84:b3:
         a1:67:24:52:a3:64:fc:37:d8:e3:11:97:e9:5e:6d:24:c2:36:
         b9:c4:9a:51:50:a6:60:9c:f6:cb:6e:61:8e:65:f9:2f:5b:b6:
         33:69:a1:60:98:93:9a:4e:5e:63:7a:4f:ce:a1:55:b7:9f:e4:
         a1:d9:04:6f:38:2c:a4:fc:bb:45:1f:57:20:6f:f6:09:20:99:
         7e:39:9c:19:82:68:5e:7e:23:24:4c:c6:fe:f1:25:2d:47:15:
         e9:5e:89:16:d5:35:e2:4e:bf:df:9e:04:02:d3:3d:61:d3:1c:
         83:7f:27:9d:bd:d3:ea:09:6c:ed:40:b1:a2:2c:ce:ad:87:42:
         15:d5:52:16:1b:95:a1:37:08:8b:d6:11:c3:43:82:87:12:21:
         e9:6d:37:81:76:ef:b4:fa:7c:80:dc:f7:29:9c:13:05:3e:2a:
         cb:68:a6:22:23:67:7c:48:e6:db:76:58:fb:78:78:da:ae:94:
         e7:d6:04:8c:d2:0a:15:1c:0d:42:72:d4:2a:fc:e2:b0:f8:64:
         0b:58:05:81
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUKWRW4Xu/GwcpRgMYNQaZOFPo94owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAzMjkxMzMxNTNaFw0yNzAzMjgxMzM2NTNaMDMxMTAvBgNV
BAMTKDQ4NzU0NDNBMDE0MUI5OTJEQTUyMDA0QjUyMzY5RjA2MEYzOEM2OTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf/arOXGHMd5w8uHqgv+U5YBRK
Go36NXa9r5OWh2FeWJX+wJYyqU2hs+PjckbeiwJlUpW37GdyN92qOEG+zCAIoN+4
TZ3Hlwlamv6HuzVlT/mYcd2FRjafFTtJJMMSgKC/4d6gRrDA8O4q3pkh3XEmEb35
Y8dKwFL6lal7T9dT9t15wTzo09hK8yX3xuePMjDpTKuCTSK/LufiTO+F+2BwWfDK
NlDQ56D1Mxr1FXKCfSdGw0gH7e0KqpVj+Hci1mZv6ViXmIvpC2rcSWHA/r3deQVq
Sq+2iPAb7I3oGxLhvkbu6gYDnf2R80EntchhokiRzS8IW2OVjqMaEJ/EqeIrAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUSHVEOgFBuZLaUgBLUjafBg84xpcwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqFHWA
/58wDQYJKoZIhvcNAQELBQADggEBAFBnjXXMfTn2RwQ3W9sVILzZPpcKDwul9e/k
PnQ19fytX/773XmdWZWiusBTcaiQUKCX29iEs6FnJFKjZPw32OMRl+lebSTCNrnE
mlFQpmCc9stuYY5l+S9btjNpoWCYk5pOXmN6T86hVbef5KHZBG84LKT8u0UfVyBv
9gkgmX45nBmCaF5+IyRMxv7xJS1HFeleiRbVNeJOv9+eBALTPWHTHIN/J5290+oJ
bO1AsaIszq2HQhXVUhYblaE3CIvWEcNDgocSIeltN4F277T6fIDc9ymcEwU+Ksto
piIjZ3xI5tt2WPt4eNqulOfWBIzSChUcDUJy1Cr84rD4ZAtYBYE=
-----END CERTIFICATE-----