Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          Y5c0VxuIP4Zea5qDYOxL1sTherEUqn66EJ4BgV4Hk6Q=
Subject key identifier:   B2:00:A2:14:E6:5E:AE:51:0A:53:D4:C8:9F:D4:24:50:95:AB:D3:52
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       06F5FC783E27EEB2BFFACCD1223363420EEF0B91
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16276.roa
Signing time:             Mon 18 Nov 2024 09:30:57 +0000
ROA not before:           Mon 18 Nov 2024 09:25:57 +0000
ROA not after:            Mon 17 Nov 2025 09:30:57 +0000
asID:                     16276
IP address blocks:        146.103.49.0/24 maxlen: 24
                          147.79.31.0/24 maxlen: 24
                          148.135.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:f5:fc:78:3e:27:ee:b2:bf:fa:cc:d1:22:33:63:42:0e:ef:0b:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Nov 18 09:25:57 2024 GMT
            Not After : Nov 17 09:30:57 2025 GMT
        Subject: CN=B200A214E65EAE510A53D4C89FD4245095ABD352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:36:6a:2b:8a:e3:67:2c:0f:66:b3:8b:c6:75:
                    9b:87:a7:7c:70:e5:d4:de:fc:a5:c4:7f:3b:89:ef:
                    e1:2b:51:be:42:2c:5e:73:e8:57:1e:0c:c9:55:e6:
                    5c:c8:a3:b2:45:2e:8f:b8:dc:b8:d7:16:25:54:ba:
                    a1:49:cf:7c:0e:5f:16:88:60:36:b8:bc:a7:6f:3e:
                    95:c1:a5:aa:1c:b2:94:d4:32:64:d5:7a:7e:95:04:
                    d1:01:ae:bb:7c:4d:f8:67:04:3c:1e:db:23:0d:2b:
                    5e:3e:49:5a:9e:6e:99:11:2a:ee:aa:a0:ae:7c:d6:
                    40:16:48:cf:95:f7:4c:13:5a:ae:bb:2a:c2:17:b4:
                    0f:dd:9b:48:70:3a:e6:3c:c0:72:0b:2a:e1:07:66:
                    9d:3e:30:59:18:3b:72:29:47:1c:e0:c6:d5:24:07:
                    03:cb:ac:c2:bf:3b:6a:36:a5:96:ad:7f:ee:c0:88:
                    2a:18:db:8f:4a:46:9f:c1:08:28:f6:15:04:4a:bd:
                    d5:58:c4:66:bd:84:41:26:73:7f:da:88:0a:f5:39:
                    bd:c0:7c:77:8f:3f:3f:46:d7:b2:8b:fc:ab:fb:e9:
                    a5:40:0a:b7:00:23:d8:7d:7b:0d:19:60:fc:a8:43:
                    1e:4f:73:db:1c:30:be:5a:b6:a8:56:d5:d2:68:23:
                    ed:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:00:A2:14:E6:5E:AE:51:0A:53:D4:C8:9F:D4:24:50:95:AB:D3:52
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.49.0/24
                  147.79.31.0/24
                  148.135.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:82:00:ed:cb:89:31:30:c7:df:4f:0f:cb:82:a8:2b:38:ef:
         6b:44:50:86:56:b5:2f:c1:8a:bd:19:56:10:88:0b:89:40:06:
         d7:ce:52:88:a0:df:47:1c:be:60:35:80:d5:26:dc:7f:67:06:
         69:41:84:83:c2:1b:29:6c:9d:9d:a8:59:2c:b8:7c:25:24:df:
         13:e5:b4:79:02:ca:b7:3f:c1:28:76:13:23:08:87:ee:24:e8:
         66:fa:16:51:87:8b:0f:4f:31:d3:cf:8d:a9:3c:4d:66:b3:47:
         e1:a3:1c:90:90:43:f7:1a:59:a9:31:46:49:ea:3d:93:b1:3e:
         32:8d:59:52:fb:22:d7:e9:2a:f6:fa:91:ca:09:45:86:69:0c:
         69:ab:db:97:a5:a3:5f:bf:6f:45:ef:8a:a1:c0:5e:47:b9:c7:
         58:6c:c7:5b:8a:e5:4c:60:7a:40:1b:25:06:62:8a:2b:15:6c:
         e3:5c:ac:46:96:1e:38:fd:2e:a7:b2:18:cf:74:6a:7d:ae:43:
         0e:e4:06:c6:cc:b1:fd:cd:16:65:ef:6f:50:b5:2f:f8:be:21:
         fe:80:95:f0:e1:be:aa:14:1b:38:23:0e:fd:d9:3b:92:30:fd:
         05:2a:4d:e2:ed:97:24:01:08:b8:e8:86:ce:31:6e:6d:3d:38:
         71:76:8c:18
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUBvX8eD4n7rK/+szRIjNjQg7vC5EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDExMTgwOTI1NTdaFw0yNTExMTcwOTMwNTdaMDMxMTAvBgNV
BAMTKEIyMDBBMjE0RTY1RUFFNTEwQTUzRDRDODlGRDQyNDUwOTVBQkQzNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyNmoriuNnLA9ms4vGdZuHp3xw
5dTe/KXEfzuJ7+ErUb5CLF5z6FceDMlV5lzIo7JFLo+43LjXFiVUuqFJz3wOXxaI
YDa4vKdvPpXBpaocspTUMmTVen6VBNEBrrt8TfhnBDwe2yMNK14+SVqebpkRKu6q
oK581kAWSM+V90wTWq67KsIXtA/dm0hwOuY8wHILKuEHZp0+MFkYO3IpRxzgxtUk
BwPLrMK/O2o2pZatf+7AiCoY249KRp/BCCj2FQRKvdVYxGa9hEEmc3/aiAr1Ob3A
fHePPz9G17KL/Kv76aVACrcAI9h9ew0ZYPyoQx5Pc9scML5atqhW1dJoI+37AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUsgCiFOZerlEKU9TIn9QkUJWr01IwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACSZzED
BACTTx8DBACUh5owDQYJKoZIhvcNAQELBQADggEBAF2CAO3LiTEwx99PD8uCqCs4
72tEUIZWtS/Bir0ZVhCIC4lABtfOUoig30ccvmA1gNUm3H9nBmlBhIPCGylsnZ2o
WSy4fCUk3xPltHkCyrc/wSh2EyMIh+4k6Gb6FlGHiw9PMdPPjak8TWazR+GjHJCQ
Q/caWakxRknqPZOxPjKNWVL7ItfpKvb6kcoJRYZpDGmr25elo1+/b0XviqHAXke5
x1hsx1uK5UxgekAbJQZiiisVbONcrEaWHjj9LqeyGM90an2uQw7kBsbMsf3NFmXv
b1C1L/i+If6AlfDhvqoUGzgjDv3ZO5Iw/QUqTeLtlyQBCLjohs4xbm09OHF2jBg=
-----END CERTIFICATE-----