Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          mRy3vq+73aUDUSmpmGV9CJkg9yMNCCN0j6y18T3kc54=
Subject key identifier:   C5:98:EA:4A:37:24:81:D5:42:65:97:60:37:B3:8E:18:E5:1A:0E:8D
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       5E262FE74BBA23EC0CDFBA655A869277B25E5457
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS16509.roa
Signing time:             Thu 23 May 2024 16:49:13 +0000
ROA not before:           Thu 23 May 2024 16:44:13 +0000
ROA not after:            Thu 22 May 2025 16:49:13 +0000
asID:                     16509
IP address blocks:        2a0f:85c1:3a9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:26:2f:e7:4b:ba:23:ec:0c:df:ba:65:5a:86:92:77:b2:5e:54:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:13 2024 GMT
            Not After : May 22 16:49:13 2025 GMT
        Subject: CN=C598EA4A372481D54265976037B38E18E51A0E8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:b7:e6:9b:b4:31:ea:26:ec:8e:fd:e2:26:54:
                    94:41:e9:3b:32:28:7d:53:ff:56:84:a0:78:e0:31:
                    f6:07:ce:29:a9:54:c6:4c:c2:bd:2b:c9:9d:2e:45:
                    5a:c3:63:c7:23:fe:bf:92:a5:ce:94:26:67:e4:db:
                    fc:15:6f:9f:17:8a:da:b0:45:dd:40:a8:d2:0d:82:
                    2a:c6:b6:70:5c:43:4f:06:f8:c8:2e:54:16:74:be:
                    1f:96:c3:0e:6e:21:bd:59:3a:65:a0:bc:28:a3:5c:
                    73:04:a7:f0:f9:95:5e:8a:66:f3:85:38:c2:ab:e8:
                    0f:a8:ff:16:19:f3:0a:37:35:d0:9b:d9:e5:3d:b6:
                    81:c9:5a:b3:5e:56:aa:49:c3:42:f8:f7:52:c9:53:
                    3a:8f:14:82:a3:3b:6a:cf:85:7a:0e:8b:04:4d:d2:
                    0f:28:5f:af:2b:19:bc:00:6d:0b:36:bb:f8:21:73:
                    8b:95:b7:c9:0e:1c:99:c5:e1:3c:34:e7:be:3f:f5:
                    f5:1d:d3:5f:b8:07:75:0f:db:59:77:d1:3d:ef:ea:
                    12:76:69:03:55:ab:8f:66:5e:70:22:be:bc:ca:54:
                    b6:5f:d5:3a:65:22:4c:ee:09:14:6e:35:a6:a4:8d:
                    28:70:fc:e8:7c:e3:db:71:e6:4c:52:c6:e6:99:a6:
                    32:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:98:EA:4A:37:24:81:D5:42:65:97:60:37:B3:8E:18:E5:1A:0E:8D
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3a9::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:43:39:15:48:a8:a9:00:bd:6f:1e:5e:c1:b4:47:cb:9b:c4:
         61:2a:af:de:43:34:76:0a:b2:2a:29:ec:72:c7:b0:88:39:33:
         19:18:9e:6f:f1:85:16:6e:60:2b:2a:60:e6:86:94:da:2b:bd:
         35:fe:87:21:62:e9:a3:8a:02:2a:62:01:ab:b7:bd:f8:d5:19:
         b5:72:82:7e:82:d6:50:4c:80:3f:74:8b:5b:bc:f9:8d:47:6d:
         91:e9:36:50:45:a2:48:aa:4e:54:91:de:cb:1b:66:f2:51:57:
         11:70:46:37:9f:0c:95:52:cf:03:f4:eb:0d:40:a3:6c:24:3b:
         1a:b1:98:30:81:48:0b:c6:6d:7a:1d:b7:a9:03:50:e6:3f:28:
         30:c7:a0:c1:e1:2c:d1:c9:b6:ea:10:a5:26:86:d9:b3:f6:08:
         45:de:4a:ac:52:0f:02:1c:35:15:5e:17:51:bf:df:8a:00:78:
         36:1c:9a:d4:f7:a7:16:f4:08:b3:0e:33:d0:89:d2:cc:af:ae:
         f1:a9:78:6d:5f:38:1d:19:da:13:57:6f:95:1c:1e:4c:49:20:
         77:55:d3:bf:b5:a8:7e:aa:c1:7f:5b:f5:a3:90:4a:38:66:cd:
         81:64:3d:b6:4c:09:a5:45:af:6a:94:bc:dd:08:2b:df:cb:d0:
         b1:be:5d:cc
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUXiYv50u6I+wM37plWoaSd7JeVFcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTNaFw0yNTA1MjIxNjQ5MTNaMDMxMTAvBgNV
BAMTKEM1OThFQTRBMzcyNDgxRDU0MjY1OTc2MDM3QjM4RTE4RTUxQTBFOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjt+abtDHqJuyO/eImVJRB6Tsy
KH1T/1aEoHjgMfYHzimpVMZMwr0ryZ0uRVrDY8cj/r+Spc6UJmfk2/wVb58Xitqw
Rd1AqNINgirGtnBcQ08G+MguVBZ0vh+Www5uIb1ZOmWgvCijXHMEp/D5lV6KZvOF
OMKr6A+o/xYZ8wo3NdCb2eU9toHJWrNeVqpJw0L491LJUzqPFIKjO2rPhXoOiwRN
0g8oX68rGbwAbQs2u/ghc4uVt8kOHJnF4Tw0574/9fUd01+4B3UP21l30T3v6hJ2
aQNVq49mXnAivrzKVLZf1TplIkzuCRRuNaakjShw/Oh849tx5kxSxuaZpjJLAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUxZjqSjckgdVCZZdgN7OOGOUaDo0wHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqD4XB
A6kwDQYJKoZIhvcNAQELBQADggEBAFpDORVIqKkAvW8eXsG0R8ubxGEqr95DNHYK
siop7HLHsIg5MxkYnm/xhRZuYCsqYOaGlNorvTX+hyFi6aOKAipiAau3vfjVGbVy
gn6C1lBMgD90i1u8+Y1HbZHpNlBFokiqTlSR3ssbZvJRVxFwRjefDJVSzwP06w1A
o2wkOxqxmDCBSAvGbXodt6kDUOY/KDDHoMHhLNHJtuoQpSaG2bP2CEXeSqxSDwIc
NRVeF1G/34oAeDYcmtT3pxb0CLMOM9CJ0syvrvGpeG1fOB0Z2hNXb5UcHkxJIHdV
07+1qH6qwX9b9aOQSjhmzYFkPbZMCaVFr2qUvN0IK9/L0LG+Xcw=
-----END CERTIFICATE-----