Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          IqOSwkwiuxqsnsrLVwm01TV83wnq4qysDSfSlx0G3jQ=
Subject key identifier:   70:A1:16:AD:68:63:82:23:FD:FB:F3:DE:2B:90:47:4A:DE:A9:57:7E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       265DA944BD7FD2A459E81C4192A7A87C398D0B58
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS16509.roa
Signing time:             Wed 23 Jul 2025 21:49:15 +0000
ROA not before:           Wed 23 Jul 2025 21:44:15 +0000
ROA not after:            Wed 22 Jul 2026 21:49:15 +0000
asID:                     16509
IP address blocks:        143.20.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 19:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:5d:a9:44:bd:7f:d2:a4:59:e8:1c:41:92:a7:a8:7c:39:8d:0b:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 23 21:44:15 2025 GMT
            Not After : Jul 22 21:49:15 2026 GMT
        Subject: CN=70A116AD68638223FDFBF3DE2B90474ADEA9577E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b0:9f:ac:3a:3c:be:76:0c:2b:8c:6f:61:bc:
                    db:90:69:6a:8a:e1:a1:91:17:05:bf:e3:b5:5c:fa:
                    97:9b:37:c4:56:30:69:65:4a:2d:94:5b:fb:fd:4e:
                    5a:98:81:91:8c:8f:12:04:ac:2d:ec:21:1b:8f:96:
                    7e:dc:72:e2:e7:4f:f9:97:8b:c0:e6:c7:9f:b6:59:
                    fe:4e:de:20:89:3a:76:4f:2b:ce:b5:11:d7:4c:38:
                    07:72:82:da:04:8c:39:6b:ad:fd:68:04:33:57:0e:
                    24:fc:50:86:fc:12:fc:e5:79:45:9e:28:83:91:cd:
                    37:d6:f1:6a:70:94:bb:0d:af:59:da:49:94:6e:8f:
                    2c:d5:8b:b0:4c:67:b7:2f:88:e0:5a:d6:9f:c3:9a:
                    b3:b9:e2:9a:89:d0:0e:c3:ec:07:5d:62:c7:e9:ad:
                    14:0b:98:a7:db:73:26:fc:04:d0:38:c9:37:af:8f:
                    c3:a2:bb:77:e1:ac:10:35:ed:32:ee:ec:da:13:0a:
                    56:83:a4:ab:aa:e0:ce:db:5a:96:9b:df:82:35:49:
                    1b:18:81:ef:31:a7:65:18:f1:fc:57:1e:83:75:25:
                    36:96:fb:1d:4e:6b:b9:b4:70:78:fa:74:81:c8:f3:
                    a6:f9:07:2d:56:88:ca:3d:60:de:51:90:c7:22:78:
                    ec:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:A1:16:AD:68:63:82:23:FD:FB:F3:DE:2B:90:47:4A:DE:A9:57:7E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:1a:f2:ef:39:e8:4f:38:46:4d:25:43:9b:23:26:38:4c:cd:
         8b:b2:c7:49:41:73:01:68:54:7b:50:7a:ba:31:fa:91:f6:75:
         83:23:13:84:58:35:ac:24:49:1f:fa:b6:0b:18:20:dd:5a:32:
         b2:b4:1b:a9:a9:ad:1c:e6:8a:ec:b1:a3:11:59:66:5b:be:a9:
         72:f2:b2:d8:c2:dc:f8:17:99:b5:5d:bf:7b:9c:e2:64:c1:6a:
         41:6d:be:29:d8:67:95:ef:cd:97:ec:5e:42:07:fd:87:11:41:
         b1:f1:e2:d0:01:8d:58:39:51:f4:90:1e:13:ba:aa:98:4c:7d:
         15:d4:d0:a9:81:39:11:3f:6a:dc:5e:cf:c3:75:09:8a:dc:a0:
         5e:57:39:26:3b:fd:b5:cd:b4:de:6c:cc:ba:62:d0:5e:ae:36:
         1f:c7:95:82:f1:69:23:0b:6c:6d:7b:ef:7f:84:bb:07:c4:72:
         d2:d1:21:7c:18:35:89:68:13:d1:70:bb:b1:19:85:8f:3f:11:
         8f:1c:cf:43:26:e3:61:6f:72:cd:04:90:64:ee:72:c3:23:89:
         01:3d:f6:ca:a0:d6:e7:20:a2:da:a0:90:5c:fa:0c:9e:1b:51:
         56:08:26:9d:f9:e2:9e:89:03:e0:ce:20:6a:4f:de:7f:ec:e3:
         70:9b:e9:10
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUJl2pRL1/0qRZ6BxBkqeofDmNC1gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjMyMTQ0MTVaFw0yNjA3MjIyMTQ5MTVaMDMxMTAvBgNV
BAMTKDcwQTExNkFENjg2MzgyMjNGREZCRjNERTJCOTA0NzRBREVBOTU3N0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGsJ+sOjy+dgwrjG9hvNuQaWqK
4aGRFwW/47Vc+pebN8RWMGllSi2UW/v9TlqYgZGMjxIErC3sIRuPln7ccuLnT/mX
i8Dmx5+2Wf5O3iCJOnZPK861EddMOAdygtoEjDlrrf1oBDNXDiT8UIb8EvzleUWe
KIORzTfW8WpwlLsNr1naSZRujyzVi7BMZ7cviOBa1p/DmrO54pqJ0A7D7AddYsfp
rRQLmKfbcyb8BNA4yTevj8Oiu3fhrBA17TLu7NoTClaDpKuq4M7bWpab34I1SRsY
ge8xp2UY8fxXHoN1JTaW+x1Oa7m0cHj6dIHI86b5By1WiMo9YN5RkMcieOxxAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUcKEWrWhjgiP9+/PeK5BHSt6pV34wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFE0w
DQYJKoZIhvcNAQELBQADggEBAEka8u856E84Rk0lQ5sjJjhMzYuyx0lBcwFoVHtQ
erox+pH2dYMjE4RYNawkSR/6tgsYIN1aMrK0G6mprRzmiuyxoxFZZlu+qXLystjC
3PgXmbVdv3uc4mTBakFtvinYZ5XvzZfsXkIH/YcRQbHx4tABjVg5UfSQHhO6qphM
fRXU0KmBORE/atxez8N1CYrcoF5XOSY7/bXNtN5szLpi0F6uNh/HlYLxaSMLbG17
73+EuwfEctLRIXwYNYloE9Fwu7EZhY8/EY8cz0Mm42Fvcs0EkGTucsMjiQE99sqg
1ucgotqgkFz6DJ4bUVYIJp354p6JA+DOIGpP3n/s43Cb6RA=
-----END CERTIFICATE-----