Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS16589.roa
File:                     AS16589.roa (raw, json)
Hash identifier:          z18WQfePChpgzPkCn306pPu2LVky3ewbg24PnRwHNy4=
Subject key identifier:   21:3D:86:ED:89:DA:2B:64:48:3C:34:A2:79:04:72:C2:75:9C:D1:E4
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       07ACF8B147AA534AD8961FA70AEFAFC715030485
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS16589.roa
Signing time:             Sat 26 Apr 2025 00:00:23 +0000
ROA not before:           Fri 25 Apr 2025 23:55:23 +0000
ROA not after:            Sat 25 Apr 2026 00:00:23 +0000
asID:                     16589
IP address blocks:        95.134.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:ac:f8:b1:47:aa:53:4a:d8:96:1f:a7:0a:ef:af:c7:15:03:04:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 25 23:55:23 2025 GMT
            Not After : Apr 25 00:00:23 2026 GMT
        Subject: CN=213D86ED89DA2B64483C34A2790472C2759CD1E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f7:a3:47:92:8e:c6:49:b3:5e:fd:a4:b5:5c:
                    ba:bf:ea:9a:e2:12:af:32:fc:96:36:c1:e8:8a:d0:
                    00:fb:98:49:19:2c:ee:51:4c:61:cb:53:3e:9b:09:
                    c3:fa:35:bd:1f:2b:42:6f:10:eb:dc:85:d3:cb:33:
                    26:11:52:86:a8:42:84:c0:57:4a:39:37:03:28:4d:
                    23:56:61:99:d9:0d:52:97:16:ff:5d:cb:0d:25:c4:
                    eb:4e:68:7a:5b:a3:52:51:f6:89:ba:50:54:0f:83:
                    38:20:7c:36:10:25:f6:ed:e0:48:0b:de:49:54:f6:
                    10:94:e7:04:7a:79:2a:30:7b:aa:67:95:e3:5b:b8:
                    93:3e:8d:d3:36:54:87:72:bb:be:91:f9:7b:61:9d:
                    83:8b:3c:f4:ad:86:11:c0:bc:75:fc:e3:85:af:d1:
                    ef:4c:70:c0:12:87:a0:47:b4:b9:22:49:42:23:77:
                    51:65:50:bd:03:f2:61:f8:be:89:19:37:46:68:ce:
                    b4:5e:8a:9f:90:d5:9c:e1:5a:ed:69:83:9c:31:4d:
                    cb:81:6f:38:af:9d:2b:e8:db:fc:40:da:ae:7f:2f:
                    9d:ad:ba:25:b6:b2:1f:36:37:07:a1:1e:60:6a:d6:
                    50:76:02:39:bd:04:a2:6c:a0:3d:d0:e5:73:6b:ca:
                    bf:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:3D:86:ED:89:DA:2B:64:48:3C:34:A2:79:04:72:C2:75:9C:D1:E4
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS16589.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:fa:3d:b1:7f:87:78:2d:83:4e:50:b5:14:04:56:04:21:10:
         9d:36:86:54:8a:82:51:1d:c9:98:6f:02:7a:96:1c:84:b9:2e:
         3e:89:6e:65:bf:13:dd:68:57:1e:bb:42:a5:41:2b:5a:02:03:
         a8:4f:9b:02:06:63:cd:c0:6d:5a:f1:17:92:67:8e:b5:1f:32:
         ec:56:7a:a0:cf:05:77:a4:c4:ab:38:6a:87:ce:3c:2a:98:c2:
         a3:ee:88:81:47:fe:b1:41:1a:dd:d8:ba:18:db:69:12:3f:19:
         80:1f:06:43:2a:e9:56:50:8b:04:7e:50:12:27:65:87:3f:33:
         7a:68:21:e6:28:f9:23:c8:32:30:3f:97:e3:75:ff:45:ea:76:
         20:d0:fa:88:4f:5c:74:b2:34:33:6a:7e:f1:a9:a3:55:fd:35:
         68:0e:a2:01:a4:8f:c7:c3:f1:98:d1:29:4a:1a:9c:55:bf:4a:
         67:2e:9d:03:df:d1:5b:b3:66:ae:9e:11:94:c9:f1:c9:e7:52:
         5e:0b:50:5a:79:85:a4:93:0e:1f:7d:8d:b0:19:d1:91:13:9a:
         bb:31:a1:ec:62:c3:9a:c6:92:b1:7d:94:14:56:41:9c:78:83:
         de:23:6a:f2:f9:cc:38:44:d9:72:47:fd:cc:84:dd:01:b9:e2:
         ca:d9:db:f8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUB6z4sUeqU0rYlh+nCu+vxxUDBIUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA0MjUyMzU1MjNaFw0yNjA0MjUwMDAwMjNaMDMxMTAvBgNV
BAMTKDIxM0Q4NkVEODlEQTJCNjQ0ODNDMzRBMjc5MDQ3MkMyNzU5Q0QxRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC996NHko7GSbNe/aS1XLq/6pri
Eq8y/JY2weiK0AD7mEkZLO5RTGHLUz6bCcP6Nb0fK0JvEOvchdPLMyYRUoaoQoTA
V0o5NwMoTSNWYZnZDVKXFv9dyw0lxOtOaHpbo1JR9om6UFQPgzggfDYQJfbt4EgL
3klU9hCU5wR6eSowe6pnleNbuJM+jdM2VIdyu76R+XthnYOLPPSthhHAvHX844Wv
0e9McMASh6BHtLkiSUIjd1FlUL0D8mH4vokZN0ZozrReip+Q1ZzhWu1pg5wxTcuB
bzivnSvo2/xA2q5/L52tuiW2sh82NwehHmBq1lB2Ajm9BKJsoD3Q5XNryr9JAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUIT2G7YnaK2RIPDSieQRywnWc0eQwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTY1ODkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABfhgcw
DQYJKoZIhvcNAQELBQADggEBABb6PbF/h3gtg05QtRQEVgQhEJ02hlSKglEdyZhv
AnqWHIS5Lj6JbmW/E91oVx67QqVBK1oCA6hPmwIGY83AbVrxF5JnjrUfMuxWeqDP
BXekxKs4aofOPCqYwqPuiIFH/rFBGt3YuhjbaRI/GYAfBkMq6VZQiwR+UBInZYc/
M3poIeYo+SPIMjA/l+N1/0XqdiDQ+ohPXHSyNDNqfvGpo1X9NWgOogGkj8fD8ZjR
KUoanFW/SmcunQPf0VuzZq6eEZTJ8cnnUl4LUFp5haSTDh99jbAZ0ZETmrsxoexi
w5rGkrF9lBRWQZx4g94javL5zDhE2XJH/cyE3QG54srZ2/g=
-----END CERTIFICATE-----