Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16589.roa
File:                     AS16589.roa (raw, json)
Hash identifier:          57JkELBTirn3H36Nm+MEFrPCykL5i9OWkZfz3XA6lIE=
Subject key identifier:   50:5E:22:5E:A2:A5:8A:97:C1:CF:23:35:2F:1A:D6:81:5F:78:1D:32
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       417C819F83806F876C5A1395CB8026E5251A5F6A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16589.roa
Signing time:             Thu 06 Mar 2025 21:25:52 +0000
ROA not before:           Thu 06 Mar 2025 21:20:52 +0000
ROA not after:            Thu 05 Mar 2026 21:25:52 +0000
asID:                     16589
IP address blocks:        82.23.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:7c:81:9f:83:80:6f:87:6c:5a:13:95:cb:80:26:e5:25:1a:5f:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar  6 21:20:52 2025 GMT
            Not After : Mar  5 21:25:52 2026 GMT
        Subject: CN=505E225EA2A58A97C1CF23352F1AD6815F781D32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:60:f9:b5:28:48:34:77:9e:62:35:5c:cc:3f:
                    63:d7:c2:0f:42:b0:18:0b:f4:ae:8e:7e:3a:b5:11:
                    67:a7:d6:64:00:a7:ff:40:6e:38:99:78:d9:bf:c7:
                    34:49:76:62:93:d3:52:57:bf:d4:c5:25:92:dd:a7:
                    ed:1b:c1:21:5f:7a:1d:18:96:99:04:c0:29:a4:74:
                    3c:43:b5:a8:1e:02:58:ea:2c:aa:25:42:49:3d:9e:
                    a2:4b:dc:ed:22:60:98:c8:d5:47:15:34:bf:7e:bd:
                    26:9e:4d:2e:da:c6:3c:75:8e:cd:8f:83:ed:41:08:
                    06:b1:f0:ec:5c:46:32:9e:a4:ae:81:4f:60:3d:dc:
                    f0:6b:1c:2a:ca:8e:91:d5:a0:d8:4a:79:17:ef:23:
                    98:4d:19:a0:65:a5:ad:7e:f2:b6:61:3e:c6:c4:7c:
                    44:69:f9:54:dc:ff:5b:b3:cb:34:71:e3:ab:84:26:
                    e5:8c:1a:8d:cd:ef:e2:93:68:ec:dc:b3:ff:da:3b:
                    c7:d3:25:d6:c5:c2:b0:a7:90:d1:73:68:21:5f:8b:
                    ca:9d:0b:2c:5b:13:3b:0b:54:69:29:4f:6e:6b:86:
                    91:61:74:79:a2:ea:bd:3d:2d:c8:17:79:2c:a1:ac:
                    25:f3:01:09:a4:04:32:d5:21:01:b3:74:8e:ff:81:
                    93:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:5E:22:5E:A2:A5:8A:97:C1:CF:23:35:2F:1A:D6:81:5F:78:1D:32
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16589.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:4a:10:61:57:a0:09:ec:05:f8:16:c1:94:4a:ff:65:3c:de:
         ef:d0:c2:24:df:e7:31:d9:08:c6:6d:e8:ea:6b:8c:69:a4:cc:
         fa:a5:45:0a:91:38:ce:c2:b2:25:56:75:8a:3b:4f:b5:f5:2d:
         69:a6:ce:3a:cc:1a:db:de:bc:4a:83:11:79:32:29:a1:4a:97:
         68:2e:82:cc:d0:1a:93:4f:44:a9:3c:71:85:ff:0a:74:a9:92:
         82:dc:e2:f6:94:89:5c:e1:89:0e:7e:29:d4:ac:44:5c:57:a5:
         e9:e7:f4:6a:f7:39:38:31:c3:f8:cd:b5:10:20:7d:a1:34:01:
         bb:7d:8c:61:3a:e6:5a:7f:73:82:35:46:f6:5e:96:d8:57:f1:
         d8:46:6c:a3:73:f4:22:b4:64:93:08:51:5b:72:47:71:39:d9:
         99:05:1f:8e:ad:4c:42:47:27:99:50:0f:47:34:ce:d0:ce:01:
         8a:3e:a0:d4:43:1a:5a:81:7c:eb:d4:24:35:a8:bf:e0:55:79:
         33:46:ea:6c:11:2d:27:a9:5d:c3:96:d0:37:ac:f5:59:97:e5:
         97:cf:f2:c6:65:c8:ab:1a:fe:84:4d:c8:eb:42:9d:6e:5e:1e:
         28:04:cc:55:f0:3e:af:13:fc:73:e6:be:46:2f:41:38:11:a2:
         b5:8b:aa:2b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUQXyBn4OAb4dsWhOVy4Am5SUaX2owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAzMDYyMTIwNTJaFw0yNjAzMDUyMTI1NTJaMDMxMTAvBgNV
BAMTKDUwNUUyMjVFQTJBNThBOTdDMUNGMjMzNTJGMUFENjgxNUY3ODFEMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLYPm1KEg0d55iNVzMP2PXwg9C
sBgL9K6Ofjq1EWen1mQAp/9AbjiZeNm/xzRJdmKT01JXv9TFJZLdp+0bwSFfeh0Y
lpkEwCmkdDxDtageAljqLKolQkk9nqJL3O0iYJjI1UcVNL9+vSaeTS7axjx1js2P
g+1BCAax8OxcRjKepK6BT2A93PBrHCrKjpHVoNhKeRfvI5hNGaBlpa1+8rZhPsbE
fERp+VTc/1uzyzRx46uEJuWMGo3N7+KTaOzcs//aO8fTJdbFwrCnkNFzaCFfi8qd
CyxbEzsLVGkpT25rhpFhdHmi6r09LcgXeSyhrCXzAQmkBDLVIQGzdI7/gZMBAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUUF4iXqKlipfBzyM1LxrWgV94HTIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTY1ODkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSF6gw
DQYJKoZIhvcNAQELBQADggEBAAVKEGFXoAnsBfgWwZRK/2U83u/QwiTf5zHZCMZt
6OprjGmkzPqlRQqROM7CsiVWdYo7T7X1LWmmzjrMGtvevEqDEXkyKaFKl2gugszQ
GpNPRKk8cYX/CnSpkoLc4vaUiVzhiQ5+KdSsRFxXpenn9Gr3OTgxw/jNtRAgfaE0
Abt9jGE65lp/c4I1RvZelthX8dhGbKNz9CK0ZJMIUVtyR3E52ZkFH46tTEJHJ5lQ
D0c0ztDOAYo+oNRDGlqBfOvUJDWov+BVeTNG6mwRLSepXcOW0Des9VmX5ZfP8sZl
yKsa/oRNyOtCnW5eHigEzFXwPq8T/HPmvkYvQTgRorWLqis=
-----END CERTIFICATE-----