Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16125.roa
File:                     AS16125.roa (raw, json)
Hash identifier:          JexyKJg2EOghOx/EB2R/MFiAKB6ZPxE09Y50w2ScEG4=
Subject key identifier:   A1:80:78:92:DB:63:41:81:90:63:49:59:65:CD:FB:2F:49:E2:FE:D4
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       14A44C24FCC96B7B0667A0F8C15CEE3BFD962AA7
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16125.roa
Signing time:             Fri 06 Jun 2025 11:43:09 +0000
ROA not before:           Fri 06 Jun 2025 11:38:09 +0000
ROA not after:            Fri 05 Jun 2026 11:43:09 +0000
asID:                     16125
IP address blocks:        82.23.2.0/24 maxlen: 24
                          82.24.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:a4:4c:24:fc:c9:6b:7b:06:67:a0:f8:c1:5c:ee:3b:fd:96:2a:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  6 11:38:09 2025 GMT
            Not After : Jun  5 11:43:09 2026 GMT
        Subject: CN=A1807892DB6341819063495965CDFB2F49E2FED4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c3:30:28:5b:56:6e:b9:6c:21:7e:27:4f:9c:
                    c1:75:d3:36:f2:33:56:73:b4:0f:d4:4a:e9:3f:c7:
                    61:e4:b8:a4:83:3b:9f:27:d9:14:5c:cc:b5:68:9b:
                    a0:91:df:f3:a2:6e:7f:a9:40:b6:f9:cf:fb:68:eb:
                    80:30:9d:f2:75:57:b1:d3:83:f2:49:ec:d0:0a:62:
                    6e:7e:e0:3a:a0:f3:a6:5e:8b:3f:06:15:37:cd:2d:
                    4f:df:dd:6b:bd:d7:0c:9f:a1:d4:28:d6:77:9f:51:
                    35:a5:89:1d:a6:63:6d:08:79:d7:60:4c:36:b1:c9:
                    04:c2:5e:d4:63:34:a3:e9:bf:9a:f9:dd:e8:8f:29:
                    89:0c:a7:7b:f0:d5:a2:be:5e:45:0c:11:d7:84:3a:
                    9d:54:16:18:ea:36:9c:57:68:e0:3e:b7:3d:95:be:
                    0f:42:ab:b1:fa:73:fc:02:6c:d3:5a:b2:a1:65:81:
                    8a:7a:7f:aa:f6:aa:4c:b6:77:a7:47:4e:f9:ae:93:
                    cc:7a:8c:19:87:81:92:15:88:4d:f1:46:4e:87:fa:
                    5c:55:84:73:ac:c7:0a:0d:10:1f:c0:d0:c6:a8:f6:
                    9c:3d:ee:86:a1:7f:aa:03:12:0a:a9:56:05:10:dd:
                    82:f7:bf:c1:3b:3e:26:44:9a:f4:2a:89:e6:a2:22:
                    cb:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:80:78:92:DB:63:41:81:90:63:49:59:65:CD:FB:2F:49:E2:FE:D4
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16125.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.2.0/24
                  82.24.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:43:19:66:ad:77:70:0d:03:b8:1b:3e:a5:50:21:91:70:38:
         4e:04:04:62:80:92:57:33:a9:4d:b8:b7:b3:24:b1:2e:14:17:
         c4:54:36:23:87:ee:98:d8:ea:e2:ba:ae:cf:b2:91:6b:d7:44:
         4a:a2:55:35:4c:03:84:50:cc:18:00:15:ad:80:42:c6:f5:5d:
         a4:0a:ea:ea:93:97:b4:4d:ca:c2:85:e6:47:f4:84:52:e6:a7:
         16:d1:1d:1f:b9:9d:ba:ed:a6:9d:f6:8a:23:69:ea:ad:cc:0e:
         01:19:77:05:0b:e0:da:78:6f:b2:10:25:2b:47:3d:81:bc:7a:
         75:68:a3:88:3e:4b:f0:79:e5:51:df:9b:b9:a1:ea:a5:4f:28:
         ea:31:51:9a:65:c5:c6:0d:e9:e9:f9:db:47:9c:0a:6f:f1:fe:
         9b:ef:92:88:85:0f:78:45:1b:d2:5e:0a:a0:b5:46:1b:32:b1:
         3d:c0:6a:08:cc:0d:dd:7a:80:fb:fd:fe:91:89:4f:24:2b:13:
         52:fc:d0:78:07:c7:70:e6:77:c9:a6:3d:d9:38:35:43:c2:3a:
         61:3d:29:e4:3f:f3:a0:32:6a:2d:66:a2:d6:ed:24:bc:7f:71:
         8f:a1:dd:f7:15:ff:eb:a0:c4:fc:f0:ee:3d:a1:b1:06:f0:f7:
         73:dc:8e:d9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUFKRMJPzJa3sGZ6D4wVzuO/2WKqcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MDYxMTM4MDlaFw0yNjA2MDUxMTQzMDlaMDMxMTAvBgNV
BAMTKEExODA3ODkyREI2MzQxODE5MDYzNDk1OTY1Q0RGQjJGNDlFMkZFRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNwzAoW1ZuuWwhfidPnMF10zby
M1ZztA/USuk/x2HkuKSDO58n2RRczLVom6CR3/Oibn+pQLb5z/to64AwnfJ1V7HT
g/JJ7NAKYm5+4Dqg86Zeiz8GFTfNLU/f3Wu91wyfodQo1nefUTWliR2mY20Ieddg
TDaxyQTCXtRjNKPpv5r53eiPKYkMp3vw1aK+XkUMEdeEOp1UFhjqNpxXaOA+tz2V
vg9Cq7H6c/wCbNNasqFlgYp6f6r2qky2d6dHTvmuk8x6jBmHgZIViE3xRk6H+lxV
hHOsxwoNEB/A0Mao9pw97oahf6oDEgqpVgUQ3YL3v8E7PiZEmvQqieaiIsvbAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUoYB4kttjQYGQY0lZZc37L0ni/tQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTYxMjUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABSFwID
BABSGFgwDQYJKoZIhvcNAQELBQADggEBAKJDGWatd3ANA7gbPqVQIZFwOE4EBGKA
klczqU24t7MksS4UF8RUNiOH7pjY6uK6rs+ykWvXREqiVTVMA4RQzBgAFa2AQsb1
XaQK6uqTl7RNysKF5kf0hFLmpxbRHR+5nbrtpp32iiNp6q3MDgEZdwUL4Np4b7IQ
JStHPYG8enVoo4g+S/B55VHfm7mh6qVPKOoxUZplxcYN6en520ecCm/x/pvvkoiF
D3hFG9JeCqC1RhsysT3AagjMDd16gPv9/pGJTyQrE1L80HgHx3Dmd8mmPdk4NUPC
OmE9KeQ/86Ayai1motbtJLx/cY+h3fcV/+ugxPzw7j2hsQbw93Pcjtk=
-----END CERTIFICATE-----