Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          57waVz1fsOw122EuX+20fOstNB3iiplSjciyK4EdDoI=
Subject key identifier:   77:2F:2B:9B:B6:5D:38:97:C2:FF:0C:0A:55:56:71:3B:39:56:67:17
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       21C7CE331F9A902061C603C762BAD6C70380454D
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS16509.roa
Signing time:             Wed 03 Jun 2026 12:25:54 +0000
ROA not before:           Wed 03 Jun 2026 12:20:54 +0000
ROA not after:            Wed 02 Jun 2027 12:25:54 +0000
asID:                     16509
IP address blocks:        188.220.80.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:c7:ce:33:1f:9a:90:20:61:c6:03:c7:62:ba:d6:c7:03:80:45:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  3 12:20:54 2026 GMT
            Not After : Jun  2 12:25:54 2027 GMT
        Subject: CN=772F2B9BB65D3897C2FF0C0A5556713B39566717
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:05:49:9d:a1:6e:fc:01:9a:d6:64:37:d3:ac:
                    b5:57:84:f8:16:b2:a2:89:8e:cc:77:3a:d7:e6:5c:
                    55:3e:99:34:a4:15:9c:76:ae:84:99:62:d7:3e:bf:
                    7b:fe:eb:5e:80:ed:ed:aa:fa:74:20:12:4e:10:55:
                    69:6b:6d:3f:fa:d9:61:c7:c7:1c:7b:e2:b9:a0:ba:
                    84:d1:35:f9:0f:95:c7:fd:db:86:51:b7:42:10:b3:
                    9f:b2:81:86:53:9c:dd:64:5b:3d:bd:a2:2b:ac:cb:
                    be:a0:fb:4a:66:65:61:fa:a7:47:60:b3:ae:bd:d3:
                    ee:32:86:9d:53:95:1c:bd:c1:95:8f:dd:32:b7:dd:
                    90:9f:51:4d:2b:99:20:e5:77:27:be:69:17:77:36:
                    fe:02:1f:5a:70:7c:c4:87:80:95:21:dc:5d:92:f0:
                    ae:66:d0:75:cb:3a:64:45:77:f4:37:f7:51:f5:06:
                    56:59:ee:f2:c2:40:bc:7f:4d:dc:7d:27:e5:3e:ed:
                    2e:1e:37:57:f8:70:bc:7a:73:ac:ce:be:29:68:45:
                    3c:0e:62:4d:25:18:15:f6:2f:89:f8:a4:46:36:b4:
                    6f:3e:44:93:a9:88:9c:d4:63:db:5f:9a:cf:ae:1e:
                    8a:f0:5b:1c:5f:36:df:39:58:ef:c3:2c:5d:4c:30:
                    19:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:2F:2B:9B:B6:5D:38:97:C2:FF:0C:0A:55:56:71:3B:39:56:67:17
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.220.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:1a:15:4a:61:e0:67:6d:c2:e8:3e:9d:09:c3:4c:a6:0f:c5:
         4b:2c:31:2d:2e:cd:35:81:e4:33:a8:1f:92:96:f2:0e:15:41:
         44:b7:48:d3:58:17:13:c9:05:64:50:0c:27:8f:d2:61:db:09:
         61:6c:c6:6d:5a:bf:26:44:e9:73:c5:d6:f2:11:d3:24:2e:20:
         81:f8:08:7d:1c:c7:1c:dd:27:af:84:bf:20:e9:24:4d:f5:1d:
         8e:ba:68:8a:3d:33:77:72:26:a6:64:67:dc:7b:cf:d5:40:d0:
         0c:a4:1f:82:83:bb:4b:9b:94:19:e4:e6:01:ff:ff:9d:b5:97:
         18:08:47:0e:b8:ac:51:37:cb:d3:04:17:82:55:88:0b:12:1a:
         af:c6:fd:b7:04:7d:15:3a:b7:be:c0:39:b3:c6:87:d0:a5:6b:
         9e:b4:a0:37:f8:d5:62:fe:6c:03:50:51:59:b6:ef:d9:d4:ec:
         d0:3c:f4:47:e6:4c:8d:34:15:b3:17:2c:86:e6:c6:5a:ea:bd:
         89:d3:55:bc:3c:39:77:81:60:33:d4:3a:2d:91:4b:e2:b4:21:
         29:41:17:88:ae:a3:1b:95:81:ae:5d:7b:6c:e0:a5:4c:00:7d:
         15:e1:f4:b9:6d:9f:a0:d2:f9:a9:10:3b:e1:84:a0:b3:a4:9b:
         59:85:c3:6d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUIcfOMx+akCBhxgPHYrrWxwOARU0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDMxMjIwNTRaFw0yNzA2MDIxMjI1NTRaMDMxMTAvBgNV
BAMTKDc3MkYyQjlCQjY1RDM4OTdDMkZGMEMwQTU1NTY3MTNCMzk1NjY3MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfBUmdoW78AZrWZDfTrLVXhPgW
sqKJjsx3OtfmXFU+mTSkFZx2roSZYtc+v3v+616A7e2q+nQgEk4QVWlrbT/62WHH
xxx74rmguoTRNfkPlcf924ZRt0IQs5+ygYZTnN1kWz29oiusy76g+0pmZWH6p0dg
s6690+4yhp1TlRy9wZWP3TK33ZCfUU0rmSDldye+aRd3Nv4CH1pwfMSHgJUh3F2S
8K5m0HXLOmRFd/Q391H1BlZZ7vLCQLx/Tdx9J+U+7S4eN1f4cLx6c6zOviloRTwO
Yk0lGBX2L4n4pEY2tG8+RJOpiJzUY9tfms+uHorwWxxfNt85WO/DLF1MMBn3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUdy8rm7ZdOJfC/wwKVVZxOzlWZxcwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAK83FAw
DQYJKoZIhvcNAQELBQADggEBAEMaFUph4Gdtwug+nQnDTKYPxUssMS0uzTWB5DOo
H5KW8g4VQUS3SNNYFxPJBWRQDCeP0mHbCWFsxm1avyZE6XPF1vIR0yQuIIH4CH0c
xxzdJ6+EvyDpJE31HY66aIo9M3dyJqZkZ9x7z9VA0AykH4KDu0ublBnk5gH//521
lxgIRw64rFE3y9MEF4JViAsSGq/G/bcEfRU6t77AObPGh9Cla560oDf41WL+bANQ
UVm279nU7NA89EfmTI00FbMXLIbmxlrqvYnTVbw8OXeBYDPUOi2RS+K0ISlBF4iu
oxuVga5de2zgpUwAfRXh9Lltn6DS+akQO+GEoLOkm1mFw20=
-----END CERTIFICATE-----