Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          GEr9W9JVvXHjPZjify35L2ijJcQ62Opzauhk4qd7/V4=
Subject key identifier:   B2:45:4A:03:AF:7E:AB:BC:65:42:B1:B4:67:25:42:9B:74:60:63:0F
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       23C5676D7C2E9DB9D642DA8279175BFD8C6719E6
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS16276.roa
Signing time:             Thu 23 Oct 2025 14:49:01 +0000
ROA not before:           Thu 23 Oct 2025 14:44:01 +0000
ROA not after:            Thu 22 Oct 2026 14:49:01 +0000
asID:                     16276
IP address blocks:        143.20.66.0/24 maxlen: 24
                          143.20.141.0/24 maxlen: 24
                          143.20.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:48:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:c5:67:6d:7c:2e:9d:b9:d6:42:da:82:79:17:5b:fd:8c:67:19:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 23 14:44:01 2025 GMT
            Not After : Oct 22 14:49:01 2026 GMT
        Subject: CN=B2454A03AF7EABBC6542B1B46725429B7460630F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5a:76:0e:f4:7f:3b:68:f1:39:83:d4:4b:6d:
                    ac:e0:75:6f:70:26:5e:74:7a:a2:18:f1:91:09:6d:
                    e7:3f:12:93:0a:25:1a:74:0c:39:fd:01:81:97:dc:
                    ea:64:c3:83:66:f2:81:cc:04:b0:52:f0:75:5c:33:
                    18:5e:7c:d7:8f:fc:49:55:58:9a:95:47:68:fc:83:
                    84:dd:83:eb:45:39:05:4d:f9:24:be:b6:57:87:37:
                    8b:ec:c5:c2:54:44:2e:b1:65:41:d7:1e:4f:bb:a3:
                    3f:9d:63:62:0d:74:83:b5:2a:3f:9b:8d:cc:76:75:
                    ac:bb:7b:c6:fd:92:fa:82:95:9a:6e:e2:c1:ae:45:
                    02:d2:21:80:fb:7e:bc:70:35:b2:80:e2:24:e0:11:
                    d0:6a:ac:78:52:80:3f:e2:31:08:94:91:e1:65:c0:
                    a6:b9:5a:31:f3:20:64:cf:d0:23:4c:7e:f0:6b:4c:
                    7d:4d:2b:fc:db:f6:72:89:e0:6f:61:3c:d2:0c:86:
                    b7:40:af:b7:72:b7:87:f0:d9:14:5c:7f:29:e5:22:
                    58:3c:14:36:9c:d3:fa:fa:a3:1e:4c:2c:e2:1a:56:
                    90:26:62:71:50:18:6f:ab:39:91:e1:33:4a:7d:cd:
                    d2:58:87:0c:45:d7:64:6e:30:97:2c:0a:ec:97:b7:
                    8c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:45:4A:03:AF:7E:AB:BC:65:42:B1:B4:67:25:42:9B:74:60:63:0F
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.66.0/24
                  143.20.141.0/24
                  143.20.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:69:47:3e:79:c7:ac:a7:14:cd:20:ec:6c:d8:7c:81:f6:e6:
         ae:83:09:e7:e5:3b:33:a5:23:4a:a5:88:fa:07:37:c7:f0:6c:
         f9:83:0f:a1:fb:cf:5b:ed:8f:73:88:e7:8d:c2:fe:dc:40:33:
         b0:ec:b1:f8:19:4d:46:23:87:b9:cc:df:78:bd:1a:df:83:f3:
         a0:9e:b5:0d:c1:e5:c8:a0:80:a5:4d:c7:a2:55:1a:10:34:31:
         07:8e:cb:d1:82:16:7e:1b:32:ff:8e:54:85:87:5e:d1:c9:5d:
         33:04:42:f6:81:99:09:4c:a0:8e:7a:c9:e4:6e:66:d5:3e:c7:
         0b:dd:49:27:06:18:23:28:93:d9:10:e7:b1:35:95:10:45:b8:
         b1:6b:d4:dc:5b:84:b0:1a:9e:8b:cd:4c:bf:d0:64:53:b1:25:
         4d:02:e2:e0:7e:c3:8d:a5:94:91:bc:09:35:64:0e:ec:4a:da:
         e7:ea:4e:8f:ea:28:b9:0e:46:c3:ba:ee:df:d4:0c:49:91:f1:
         d7:e7:d8:9e:c7:dc:42:8f:22:a6:36:18:1c:d9:47:ed:1e:6f:
         d2:35:be:1d:b4:ba:d9:ee:79:fb:af:be:40:11:0e:6e:88:83:
         84:34:a6:99:41:57:d8:97:71:42:22:80:63:41:5c:7a:40:04:
         d7:a8:85:3f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUI8VnbXwunbnWQtqCeRdb/YxnGeYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjMxNDQ0MDFaFw0yNjEwMjIxNDQ5MDFaMDMxMTAvBgNV
BAMTKEIyNDU0QTAzQUY3RUFCQkM2NTQyQjFCNDY3MjU0MjlCNzQ2MDYzMEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxWnYO9H87aPE5g9RLbazgdW9w
Jl50eqIY8ZEJbec/EpMKJRp0DDn9AYGX3Opkw4Nm8oHMBLBS8HVcMxhefNeP/ElV
WJqVR2j8g4Tdg+tFOQVN+SS+tleHN4vsxcJURC6xZUHXHk+7oz+dY2INdIO1Kj+b
jcx2day7e8b9kvqClZpu4sGuRQLSIYD7frxwNbKA4iTgEdBqrHhSgD/iMQiUkeFl
wKa5WjHzIGTP0CNMfvBrTH1NK/zb9nKJ4G9hPNIMhrdAr7dyt4fw2RRcfynlIlg8
FDac0/r6ox5MLOIaVpAmYnFQGG+rOZHhM0p9zdJYhwxF12RuMJcsCuyXt4xJAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUskVKA69+q7xlQrG0ZyVCm3RgYw8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACPFEID
BACPFI0DBACPFMMwDQYJKoZIhvcNAQELBQADggEBAHhpRz55x6ynFM0g7GzYfIH2
5q6DCeflOzOlI0qliPoHN8fwbPmDD6H7z1vtj3OI543C/txAM7DssfgZTUYjh7nM
33i9Gt+D86CetQ3B5ciggKVNx6JVGhA0MQeOy9GCFn4bMv+OVIWHXtHJXTMEQvaB
mQlMoI56yeRuZtU+xwvdSScGGCMok9kQ57E1lRBFuLFr1NxbhLAanovNTL/QZFOx
JU0C4uB+w42llJG8CTVkDuxK2ufqTo/qKLkORsO67t/UDEmR8dfn2J7H3EKPIqY2
GBzZR+0eb9I1vh20utnuefuvvkARDm6Ig4Q0pplBV9iXcUIigGNBXHpABNeohT8=
-----END CERTIFICATE-----