Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          UbhN38a7suaHDgNOh05Ztrb14EueF17Yg6GJRDthS0c=
Subject key identifier:   7D:CF:BB:FC:E3:83:E4:DC:13:61:E9:63:C7:84:35:C2:2C:D1:B1:1D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5EACF2534AF382C5C714EA20995101266651317B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16276.roa
Signing time:             Sun 06 Jul 2025 00:00:20 +0000
ROA not before:           Sat 05 Jul 2025 23:55:20 +0000
ROA not after:            Sun 05 Jul 2026 00:00:20 +0000
asID:                     16276
IP address blocks:        2.57.18.0/24 maxlen: 24
                          89.19.44.0/24 maxlen: 24
                          191.96.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:ac:f2:53:4a:f3:82:c5:c7:14:ea:20:99:51:01:26:66:51:31:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul  5 23:55:20 2025 GMT
            Not After : Jul  5 00:00:20 2026 GMT
        Subject: CN=7DCFBBFCE383E4DC1361E963C78435C22CD1B11D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:1b:f0:6d:b3:d5:e8:11:3d:6f:be:b1:d7:9f:
                    9d:4b:b0:20:f0:00:50:97:0c:57:dc:af:f7:97:0f:
                    c1:05:09:00:9a:2e:c6:d5:e3:39:b4:7c:3b:5c:00:
                    f3:21:fa:cb:7f:49:23:85:e9:87:b3:a9:9e:18:8c:
                    84:2d:44:f3:4d:9d:76:5d:3b:93:eb:e3:6c:8b:60:
                    c8:d2:fb:44:ac:64:00:92:32:c9:f2:8f:ad:83:73:
                    d5:3b:61:00:f0:c1:a5:91:c6:ad:d4:3f:b8:21:db:
                    52:b4:73:fe:16:5e:f1:4c:3e:90:4a:b3:93:d4:cb:
                    1a:c8:23:97:49:0e:bb:1b:33:5f:27:1b:38:83:cc:
                    f3:8e:86:bf:05:5e:27:d8:b3:6c:df:c2:df:f1:24:
                    e0:88:2f:1d:aa:b5:da:34:a1:5c:f1:53:a6:18:77:
                    5f:bc:cf:a1:08:51:ec:a2:d2:a7:7d:f6:59:9f:03:
                    c7:09:e8:da:b5:24:47:8d:d3:ff:c5:56:ab:e4:80:
                    26:7b:7a:18:25:5b:93:e6:11:0f:6a:f5:8c:b1:52:
                    e0:e4:40:7e:3d:0f:78:96:98:23:07:f3:df:a7:b8:
                    8a:80:ed:57:b9:80:bc:a2:5e:92:b9:c7:84:78:6c:
                    de:da:34:64:73:d7:f6:57:47:b8:63:76:d9:6e:d6:
                    be:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:CF:BB:FC:E3:83:E4:DC:13:61:E9:63:C7:84:35:C2:2C:D1:B1:1D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.18.0/24
                  89.19.44.0/24
                  191.96.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:30:97:fd:88:50:56:6b:42:19:a6:e3:e2:c0:a2:be:ef:2e:
         d3:a3:ae:6c:c0:c5:55:b1:b9:b3:dc:a6:db:37:2f:10:4a:33:
         c4:e8:e7:30:ec:b1:c4:f3:7c:8b:9e:b0:12:75:f1:be:2b:fb:
         58:64:52:62:57:0d:6e:85:77:9e:ed:1b:3d:7b:07:e5:d9:66:
         76:ce:66:2d:be:56:06:93:68:49:44:bf:4c:a1:22:4b:fa:13:
         b5:5d:89:07:b6:c2:4e:da:43:44:d3:d5:f3:7d:79:65:2f:7a:
         72:de:89:45:1c:1c:f2:ca:bc:c5:9a:81:30:40:b0:c1:fe:42:
         6d:5c:8e:9e:51:a2:b9:22:ff:91:ca:9c:db:e1:13:34:5a:40:
         e9:bf:ad:da:9a:62:2a:2a:dc:cc:8f:e3:39:f0:08:e3:b3:c7:
         02:83:95:19:3d:f1:77:0a:9c:1f:84:ee:69:5e:62:bf:5b:57:
         cd:db:90:c2:04:d1:18:99:69:8a:2e:eb:8c:38:0c:27:18:75:
         f4:a2:6b:0a:cc:3d:47:d4:45:66:bb:fc:5b:e7:c5:5e:64:85:
         b0:f8:8f:44:28:ab:78:a5:44:fc:09:a8:73:13:24:c4:18:cc:
         39:cc:31:3f:93:4e:82:6a:20:1f:53:a6:bd:e6:1c:b2:1b:46:
         d1:f4:a7:3e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUXqzyU0rzgsXHFOogmVEBJmZRMXswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MDUyMzU1MjBaFw0yNjA3MDUwMDAwMjBaMDMxMTAvBgNV
BAMTKDdEQ0ZCQkZDRTM4M0U0REMxMzYxRTk2M0M3ODQzNUMyMkNEMUIxMUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaG/Bts9XoET1vvrHXn51LsCDw
AFCXDFfcr/eXD8EFCQCaLsbV4zm0fDtcAPMh+st/SSOF6YezqZ4YjIQtRPNNnXZd
O5Pr42yLYMjS+0SsZACSMsnyj62Dc9U7YQDwwaWRxq3UP7gh21K0c/4WXvFMPpBK
s5PUyxrII5dJDrsbM18nGziDzPOOhr8FXifYs2zfwt/xJOCILx2qtdo0oVzxU6YY
d1+8z6EIUeyi0qd99lmfA8cJ6Nq1JEeN0//FVqvkgCZ7ehglW5PmEQ9q9YyxUuDk
QH49D3iWmCMH89+nuIqA7Ve5gLyiXpK5x4R4bN7aNGRz1/ZXR7hjdtlu1r6VAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUfc+7/OOD5NwTYeljx4Q1wizRsR0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAACORID
BABZEywDBAC/YJkwDQYJKoZIhvcNAQELBQADggEBAHcwl/2IUFZrQhmm4+LAor7v
LtOjrmzAxVWxubPcpts3LxBKM8To5zDsscTzfIuesBJ18b4r+1hkUmJXDW6Fd57t
Gz17B+XZZnbOZi2+VgaTaElEv0yhIkv6E7VdiQe2wk7aQ0TT1fN9eWUvenLeiUUc
HPLKvMWagTBAsMH+Qm1cjp5Rorki/5HKnNvhEzRaQOm/rdqaYioq3MyP4znwCOOz
xwKDlRk98XcKnB+E7mleYr9bV83bkMIE0RiZaYou64w4DCcYdfSiawrMPUfURWa7
/FvnxV5khbD4j0Qoq3ilRPwJqHMTJMQYzDnMMT+TToJqIB9Tpr3mHLIbRtH0pz4=
-----END CERTIFICATE-----