Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16589.roa
File:                     AS16589.roa (raw, json)
Hash identifier:          SXd+T8g6tdhAmxQQfNyS2solyONdixE23Ndd81HF2Zc=
Subject key identifier:   04:0F:8F:5D:CA:F4:BD:5B:A5:71:85:5E:04:10:3C:4C:09:81:61:06
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       43CF301ED8A9D9086DD6B5DC3CD499CE496533EF
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16589.roa
Signing time:             Fri 17 Jan 2025 14:31:20 +0000
ROA not before:           Fri 17 Jan 2025 14:26:20 +0000
ROA not after:            Fri 16 Jan 2026 14:31:20 +0000
asID:                     16589
IP address blocks:        82.27.24.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:cf:30:1e:d8:a9:d9:08:6d:d6:b5:dc:3c:d4:99:ce:49:65:33:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 17 14:26:20 2025 GMT
            Not After : Jan 16 14:31:20 2026 GMT
        Subject: CN=040F8F5DCAF4BD5BA571855E04103C4C09816106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:c1:38:e6:fe:36:d0:ff:73:35:fa:db:56:12:
                    ec:f4:e4:53:15:1d:8a:fb:5e:f7:3a:12:dc:8a:14:
                    7f:04:c6:ae:d4:72:40:0f:7d:2c:59:75:e6:00:f4:
                    0d:5e:d6:64:b7:1a:70:25:a2:ff:44:66:32:7c:31:
                    99:80:2c:ec:67:79:69:d3:9f:c2:1c:48:da:d2:57:
                    7e:51:78:49:a8:10:a7:43:70:ef:99:9c:d0:ee:fc:
                    b5:af:3b:1d:e8:e0:cc:55:e5:2f:b1:36:a4:70:f8:
                    ff:09:f2:a6:c5:58:0c:60:f2:fc:26:7b:9d:86:fc:
                    b5:fb:2b:13:bd:1c:55:0e:f4:2c:12:c0:cd:95:31:
                    50:2b:09:23:77:3d:df:b1:da:e6:c3:39:74:25:2f:
                    e1:d9:73:2e:8e:18:c2:a0:6b:9a:e1:53:1c:db:c2:
                    5a:21:c5:cc:20:8c:8a:08:0a:ec:4a:e8:d1:32:73:
                    29:75:48:e0:e2:8c:c0:87:8a:bc:a5:f9:37:d0:0d:
                    30:9f:c1:4b:6a:72:23:58:94:aa:25:e8:30:7d:80:
                    4b:cd:ec:a7:15:18:b6:f6:af:7b:85:14:0e:10:47:
                    25:5f:22:87:bc:1d:04:c2:e2:31:fd:3a:06:aa:70:
                    7d:86:38:84:0f:10:42:6e:85:9d:48:fb:c1:ba:44:
                    4d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:0F:8F:5D:CA:F4:BD:5B:A5:71:85:5E:04:10:3C:4C:09:81:61:06
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16589.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.27.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         29:55:8a:39:f9:62:66:ab:ea:3b:70:c8:7f:5d:36:77:05:6b:
         b8:c3:e2:bb:6e:ea:de:1b:37:75:50:cb:64:be:c8:68:90:c7:
         ea:b7:0d:67:f6:0c:c5:80:b4:e3:52:18:52:6e:cb:50:54:31:
         3f:35:29:f6:57:66:8a:22:b8:51:69:27:df:b9:4f:8b:e3:7e:
         48:27:61:32:5d:03:1e:a6:04:0c:d7:00:b7:df:13:67:2f:44:
         96:97:5c:2b:b0:f1:f4:97:48:6d:ca:c3:66:f1:60:91:87:39:
         21:b0:82:34:5a:69:e6:48:c8:65:a1:4d:2b:21:66:6d:91:3e:
         3b:18:52:58:c5:85:78:fa:3d:92:20:cc:a3:93:2f:92:38:aa:
         78:79:7e:45:40:af:6b:f3:fd:37:22:a4:ec:f6:0a:93:72:b9:
         3b:6d:8a:9c:c6:cc:ea:ca:e6:2d:91:af:4d:c4:e8:63:ce:3e:
         a1:5b:a4:28:f1:a4:96:04:88:5e:ee:ea:1b:33:79:d8:8d:7b:
         12:6e:78:64:d9:f3:05:8e:98:5a:b6:cd:89:4d:41:71:85:46:
         f3:71:52:8d:84:49:df:56:4f:48:52:77:04:b9:14:12:e5:0b:
         32:e8:3f:d2:ed:fe:4d:7e:d1:1b:2d:ec:a9:eb:a1:a8:16:30:
         cf:d7:b4:37
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUQ88wHtip2Qht1rXcPNSZzkllM+8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMTcxNDI2MjBaFw0yNjAxMTYxNDMxMjBaMDMxMTAvBgNV
BAMTKDA0MEY4RjVEQ0FGNEJENUJBNTcxODU1RTA0MTAzQzRDMDk4MTYxMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbwTjm/jbQ/3M1+ttWEuz05FMV
HYr7Xvc6EtyKFH8Exq7UckAPfSxZdeYA9A1e1mS3GnAlov9EZjJ8MZmALOxneWnT
n8IcSNrSV35ReEmoEKdDcO+ZnNDu/LWvOx3o4MxV5S+xNqRw+P8J8qbFWAxg8vwm
e52G/LX7KxO9HFUO9CwSwM2VMVArCSN3Pd+x2ubDOXQlL+HZcy6OGMKga5rhUxzb
wlohxcwgjIoICuxK6NEycyl1SODijMCHiryl+TfQDTCfwUtqciNYlKol6DB9gEvN
7KcVGLb2r3uFFA4QRyVfIoe8HQTC4jH9OgaqcH2GOIQPEEJuhZ1I+8G6RE1HAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUBA+PXcr0vVulcYVeBBA8TAmBYQYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTY1ODkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBANSGxgw
DQYJKoZIhvcNAQELBQADggEBAClVijn5Ymar6jtwyH9dNncFa7jD4rtu6t4bN3VQ
y2S+yGiQx+q3DWf2DMWAtONSGFJuy1BUMT81KfZXZooiuFFpJ9+5T4vjfkgnYTJd
Ax6mBAzXALffE2cvRJaXXCuw8fSXSG3Kw2bxYJGHOSGwgjRaaeZIyGWhTSshZm2R
PjsYUljFhXj6PZIgzKOTL5I4qnh5fkVAr2vz/TcipOz2CpNyuTttipzGzOrK5i2R
r03E6GPOPqFbpCjxpJYEiF7u6hszediNexJueGTZ8wWOmFq2zYlNQXGFRvNxUo2E
Sd9WT0hSdwS5FBLlCzLoP9Lt/k1+0Rst7KnroagWMM/XtDc=
-----END CERTIFICATE-----