Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          7/rFSffT0j8luZwkhOjgCGtQeNIYM6nXrM7OTdNMDjI=
Subject key identifier:   B6:10:45:FC:B6:B7:9D:60:59:46:F1:95:5F:C1:74:B0:EF:98:15:9C
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       14EFBC99EA9E84C810AB127C10159458DCDBBBC2
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS16276.roa
Signing time:             Tue 22 Jul 2025 10:11:26 +0000
ROA not before:           Tue 22 Jul 2025 10:06:26 +0000
ROA not after:            Tue 21 Jul 2026 10:11:26 +0000
asID:                     16276
IP address blocks:        143.20.141.0/24 maxlen: 24
                          143.20.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 19:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:ef:bc:99:ea:9e:84:c8:10:ab:12:7c:10:15:94:58:dc:db:bb:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 22 10:06:26 2025 GMT
            Not After : Jul 21 10:11:26 2026 GMT
        Subject: CN=B61045FCB6B79D605946F1955FC174B0EF98159C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b0:6c:cd:7d:74:d3:0e:63:96:2a:1c:22:56:
                    44:9c:cd:55:f0:de:e3:4a:14:3b:14:76:0f:a8:f3:
                    3f:82:46:81:81:a6:1b:41:ab:7f:d7:cc:fd:9e:0b:
                    02:ae:6b:88:d7:f4:97:a5:c3:d5:86:49:1d:18:45:
                    cb:27:0d:91:80:54:91:27:21:ed:cc:01:f0:7b:49:
                    d9:23:a3:12:ef:84:1d:ab:1d:88:af:db:f5:21:98:
                    8e:93:08:d7:44:08:ed:d5:03:66:48:5c:0a:08:a7:
                    ff:f3:4b:82:01:0d:3c:1c:bd:14:05:2e:70:80:76:
                    a5:d4:29:1b:32:76:16:d8:92:dd:f4:16:8a:c9:95:
                    60:d6:eb:64:83:a6:59:4a:6a:b9:d1:f4:c7:3e:8b:
                    eb:9a:9e:19:02:f5:a6:be:e6:65:c6:be:bc:78:b7:
                    6c:5e:4d:cf:62:98:ff:a3:a4:20:45:8f:eb:e6:ef:
                    a8:ea:87:c5:90:a0:be:70:90:ed:d7:9a:a5:e5:f1:
                    f3:11:00:e0:cf:3f:4d:f4:22:33:17:20:93:19:f7:
                    15:80:24:19:11:91:47:5a:f3:dd:47:5f:52:bc:6b:
                    52:29:c4:ff:34:1d:58:bb:e7:95:b0:21:49:55:b7:
                    1d:bf:0d:b5:88:15:5e:1a:0e:44:02:95:06:d1:79:
                    3a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:10:45:FC:B6:B7:9D:60:59:46:F1:95:5F:C1:74:B0:EF:98:15:9C
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.141.0/24
                  143.20.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:a6:a3:26:bb:31:c0:41:b6:99:cd:12:ba:b1:19:c4:1d:4a:
         dc:97:34:fb:38:90:1a:04:e2:3a:6e:9f:17:cb:9f:2c:52:27:
         27:c0:4b:f3:b9:32:96:3c:31:5e:0a:3c:0d:c4:d6:41:bb:78:
         be:cb:56:08:20:46:79:e3:7b:05:ff:22:25:9c:b4:4a:a6:9e:
         02:72:b7:1d:b5:7e:69:d7:a8:d7:72:4d:ff:b7:83:5e:95:3b:
         d2:cd:41:d2:8b:a7:75:0d:81:e0:91:d7:11:91:df:9e:83:e4:
         6d:7e:63:73:b4:0d:43:4c:fb:cd:f7:95:11:5f:c0:7a:bf:01:
         61:ed:52:89:d8:7d:d9:fa:65:7e:9b:cc:c3:54:2c:f4:51:80:
         6e:0e:08:36:f0:93:3e:2f:95:52:2d:3c:08:fc:a1:2e:0d:7e:
         c6:e3:88:2a:85:2a:e4:81:51:0f:5e:f7:fc:5a:08:7e:30:d1:
         95:07:99:f7:29:66:8b:26:7c:ec:62:60:02:cf:aa:fa:22:5e:
         d2:73:92:90:86:d3:ab:36:86:0f:67:f6:81:98:43:04:f8:75:
         7a:bd:73:10:ab:60:08:45:33:66:e9:94:11:25:3f:73:5e:39:
         17:d2:33:5a:9a:b9:71:7c:84:ac:66:8b:fb:b0:c6:fa:ea:c0:
         33:09:28:b8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUFO+8meqehMgQqxJ8EBWUWNzbu8IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjIxMDA2MjZaFw0yNjA3MjExMDExMjZaMDMxMTAvBgNV
BAMTKEI2MTA0NUZDQjZCNzlENjA1OTQ2RjE5NTVGQzE3NEIwRUY5ODE1OUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXsGzNfXTTDmOWKhwiVkSczVXw
3uNKFDsUdg+o8z+CRoGBphtBq3/XzP2eCwKua4jX9Jelw9WGSR0YRcsnDZGAVJEn
Ie3MAfB7SdkjoxLvhB2rHYiv2/UhmI6TCNdECO3VA2ZIXAoIp//zS4IBDTwcvRQF
LnCAdqXUKRsydhbYkt30ForJlWDW62SDpllKarnR9Mc+i+uanhkC9aa+5mXGvrx4
t2xeTc9imP+jpCBFj+vm76jqh8WQoL5wkO3XmqXl8fMRAODPP030IjMXIJMZ9xWA
JBkRkUda891HX1K8a1IpxP80HVi755WwIUlVtx2/DbWIFV4aDkQClQbReTrhAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUthBF/La3nWBZRvGVX8F0sO+YFZwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACPFI0D
BACPFMMwDQYJKoZIhvcNAQELBQADggEBAD2moya7McBBtpnNErqxGcQdStyXNPs4
kBoE4jpunxfLnyxSJyfAS/O5MpY8MV4KPA3E1kG7eL7LVgggRnnjewX/IiWctEqm
ngJytx21fmnXqNdyTf+3g16VO9LNQdKLp3UNgeCR1xGR356D5G1+Y3O0DUNM+833
lRFfwHq/AWHtUonYfdn6ZX6bzMNULPRRgG4OCDbwkz4vlVItPAj8oS4NfsbjiCqF
KuSBUQ9e9/xaCH4w0ZUHmfcpZosmfOxiYALPqvoiXtJzkpCG06s2hg9n9oGYQwT4
dXq9cxCrYAhFM2bplBElP3NeORfSM1qauXF8hKxmi/uwxvrqwDMJKLg=
-----END CERTIFICATE-----