Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          QMmCLwG1EWH1Ecvd7R1Td+QD/bniA0771wU8dKCwZIA=
Subject key identifier:   CB:ED:45:EE:E1:14:2C:5F:03:8A:43:A8:C3:E7:6D:5F:CF:52:44:FF
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0E527155B5911BCAF38018EE424376B41E9E9B42
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
Signing time:             Mon 18 Nov 2024 09:29:30 +0000
ROA not before:           Mon 18 Nov 2024 09:24:30 +0000
ROA not after:            Mon 17 Nov 2025 09:29:30 +0000
asID:                     16276
IP address blocks:        91.199.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:52:71:55:b5:91:1b:ca:f3:80:18:ee:42:43:76:b4:1e:9e:9b:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 18 09:24:30 2024 GMT
            Not After : Nov 17 09:29:30 2025 GMT
        Subject: CN=CBED45EEE1142C5F038A43A8C3E76D5FCF5244FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:6b:9d:d6:4b:ae:05:3c:0d:32:44:a0:32:5a:
                    23:f1:5e:20:be:47:ca:26:69:66:2a:fa:ed:13:bd:
                    ab:5d:ea:fe:d2:68:66:1f:60:bc:84:6e:2a:e7:23:
                    43:60:70:5b:1f:1a:95:a9:3e:7a:61:6a:e3:89:d4:
                    92:f1:cb:d6:a7:e1:02:d8:71:d5:1c:d3:52:a2:e5:
                    f5:40:3f:41:3c:75:94:3a:90:cd:83:11:82:58:bc:
                    a9:77:5f:df:0a:ef:85:16:16:a7:42:73:0e:4c:3d:
                    3f:55:15:36:41:cf:e8:6e:56:9c:a4:3f:be:bc:c1:
                    20:b2:d0:c2:36:52:09:e6:c0:17:ca:be:78:7b:87:
                    4a:9a:17:3c:de:01:9a:87:bc:d7:74:66:da:2b:6b:
                    f6:4b:9d:45:d0:84:e8:50:0f:1d:b2:27:6b:d5:17:
                    a1:4c:c5:ac:3f:43:00:de:0a:ad:79:35:ba:7e:b7:
                    1c:be:35:cf:18:0f:c5:3c:c5:29:fe:98:0e:66:2b:
                    19:f3:c4:ff:02:77:31:2b:f6:4c:5b:ad:8d:6c:47:
                    9b:0e:6d:90:26:51:2f:6a:a5:be:90:17:c3:3a:33:
                    b2:a3:de:d6:bd:bf:e3:77:0b:80:9a:6d:ef:6c:03:
                    5b:c0:53:ee:23:3c:9c:20:17:b1:3f:36:bc:32:76:
                    42:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:ED:45:EE:E1:14:2C:5F:03:8A:43:A8:C3:E7:6D:5F:CF:52:44:FF
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:78:3e:2b:33:a3:78:ff:38:e9:08:b6:d5:4b:01:ec:4a:91:
         44:67:b9:7b:a1:57:d7:b4:1e:9d:aa:c0:37:eb:2f:e6:42:55:
         5e:c5:ce:9c:af:e6:15:7d:4e:c0:86:da:9d:4e:ce:2d:9b:29:
         42:64:26:27:07:5a:6b:a4:b5:49:51:0f:d8:f7:10:0d:b7:fd:
         53:8f:a0:13:b5:ba:27:6f:55:4a:ab:90:ea:c4:f5:a0:91:f8:
         84:df:fb:59:49:05:55:a8:8c:ad:e4:cd:88:97:ac:fa:1c:c7:
         1a:d0:dd:12:32:73:20:6d:b0:7f:85:38:ad:7a:7c:fb:60:6e:
         7f:f9:33:0b:d2:9b:78:58:f3:b9:1f:91:76:83:5d:e3:79:c0:
         ea:b2:33:2a:69:17:2b:6e:8b:49:1b:af:0e:7a:c0:e0:a0:4f:
         c0:af:b8:4e:e9:ad:42:ac:98:7a:70:22:82:22:67:60:d4:1d:
         89:3e:8c:92:e0:28:5a:23:aa:47:9a:8f:58:c3:ae:cb:81:95:
         be:bb:4b:c7:b1:6f:05:a6:4d:f7:fb:f8:1f:bb:5d:66:8e:83:
         80:73:db:62:2f:d0:12:ff:e7:f3:95:4c:05:5c:26:6a:e9:a3:
         fc:7b:51:9c:5b:00:f4:1d:29:25:83:a9:61:c3:c9:76:20:05:
         79:f6:d0:83
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUDlJxVbWRG8rzgBjuQkN2tB6em0IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDExMTgwOTI0MzBaFw0yNTExMTcwOTI5MzBaMDMxMTAvBgNV
BAMTKENCRUQ0NUVFRTExNDJDNUYwMzhBNDNBOEMzRTc2RDVGQ0Y1MjQ0RkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDga53WS64FPA0yRKAyWiPxXiC+
R8omaWYq+u0Tvatd6v7SaGYfYLyEbirnI0NgcFsfGpWpPnphauOJ1JLxy9an4QLY
cdUc01Ki5fVAP0E8dZQ6kM2DEYJYvKl3X98K74UWFqdCcw5MPT9VFTZBz+huVpyk
P768wSCy0MI2UgnmwBfKvnh7h0qaFzzeAZqHvNd0Ztora/ZLnUXQhOhQDx2yJ2vV
F6FMxaw/QwDeCq15Nbp+txy+Nc8YD8U8xSn+mA5mKxnzxP8CdzEr9kxbrY1sR5sO
bZAmUS9qpb6QF8M6M7Kj3ta9v+N3C4Cabe9sA1vAU+4jPJwgF7E/NrwydkKlAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUy+1F7uEULF8DikOow+dtX89SRP8wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbx6Mw
DQYJKoZIhvcNAQELBQADggEBAAN4Piszo3j/OOkIttVLAexKkURnuXuhV9e0Hp2q
wDfrL+ZCVV7Fzpyv5hV9TsCG2p1Ozi2bKUJkJicHWmuktUlRD9j3EA23/VOPoBO1
uidvVUqrkOrE9aCR+ITf+1lJBVWojK3kzYiXrPocxxrQ3RIycyBtsH+FOK16fPtg
bn/5MwvSm3hY87kfkXaDXeN5wOqyMyppFytui0kbrw56wOCgT8CvuE7prUKsmHpw
IoIiZ2DUHYk+jJLgKFojqkeaj1jDrsuBlb67S8exbwWmTff7+B+7XWaOg4Bz22Iv
0BL/5/OVTAVcJmrpo/x7UZxbAPQdKSWDqWHDyXYgBXn20IM=
-----END CERTIFICATE-----