Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          bsQ0EFQQthgQlyciNTSYkEO4itHhHNeuwXVM6Mo/7z0=
Subject key identifier:   2D:03:A8:6F:04:DD:25:C3:A1:56:E7:20:16:93:57:0F:17:4E:0C:E7
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6B6CCC76BF01F7ED427982F9C67DE48B5F72707A
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
Signing time:             Wed 21 Feb 2024 11:19:32 +0000
ROA not before:           Wed 21 Feb 2024 11:14:32 +0000
ROA not after:            Wed 19 Feb 2025 11:19:32 +0000
asID:                     16276
IP address blocks:        45.142.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:6c:cc:76:bf:01:f7:ed:42:79:82:f9:c6:7d:e4:8b:5f:72:70:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb 21 11:14:32 2024 GMT
            Not After : Feb 19 11:19:32 2025 GMT
        Subject: CN=2D03A86F04DD25C3A156E7201693570F174E0CE7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:38:79:66:f0:8a:fa:81:5e:de:97:2f:7c:db:
                    13:b9:97:6f:c6:58:16:a6:7a:2d:96:9a:62:c2:fe:
                    6f:e3:4b:84:d6:99:d5:95:dc:ac:bc:c8:70:fa:d8:
                    4a:66:9a:9d:9f:f3:f0:eb:1c:fb:75:0d:89:6c:e4:
                    94:bd:64:36:0f:a9:6e:c9:56:39:f5:72:9b:43:f1:
                    3e:2e:11:3f:4e:d4:61:d6:58:76:f9:13:e4:37:af:
                    82:c2:fd:c6:14:29:85:77:51:d1:bc:71:6f:9c:11:
                    c4:b2:57:1a:89:7a:23:bf:59:72:51:73:07:64:45:
                    fc:3d:aa:2e:f9:56:b2:c2:5d:7e:73:53:f2:e2:d1:
                    37:01:ff:51:6c:5c:52:38:2a:a2:6f:30:c1:0d:15:
                    eb:31:65:8d:e5:17:83:90:1f:a0:49:aa:5e:26:39:
                    4a:58:4f:4f:ee:53:31:f6:0e:a1:1b:d2:94:04:35:
                    1a:76:a0:94:13:55:4a:88:f1:37:b8:e8:9b:05:0c:
                    6a:be:b1:20:2a:9d:af:00:7c:77:4f:42:93:b6:79:
                    47:78:40:ef:0b:bc:ad:68:72:3d:6e:a8:0b:ae:9d:
                    e9:dc:4a:6f:23:e3:d6:98:1d:9d:06:36:a2:0b:ea:
                    9a:d7:1b:94:39:24:21:4c:88:65:87:83:a1:3b:70:
                    f2:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:03:A8:6F:04:DD:25:C3:A1:56:E7:20:16:93:57:0F:17:4E:0C:E7
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:a7:75:c6:0e:8f:cf:03:e5:6d:bb:e9:2f:f9:4e:34:9d:54:
         cd:9b:66:b2:b5:90:75:80:a2:aa:ad:f0:a6:8b:a8:31:f9:dc:
         9f:de:a4:f8:e9:85:67:dc:de:14:93:8c:77:dc:8b:f8:98:7e:
         86:92:d4:bf:a3:fa:cd:45:bf:84:30:be:3c:29:fd:23:86:b5:
         62:25:a7:61:cb:7e:e0:19:4a:06:4a:19:a5:7d:3c:3f:1b:85:
         7a:3b:28:d6:e7:29:5a:ea:e5:66:5f:0b:ea:12:e6:17:44:3e:
         3e:03:c4:34:00:63:f5:f7:50:79:e9:7a:a2:f6:01:b5:ed:6f:
         49:80:b5:77:2f:80:5a:0d:6e:4e:92:06:00:1f:95:1c:1f:3e:
         f9:f2:ed:95:ff:2f:24:3f:37:ba:2b:63:ae:b1:86:5f:88:19:
         c2:d4:2c:a8:f5:ed:12:e1:f8:08:5b:5c:1a:33:7c:63:c3:a7:
         51:2f:7a:87:3c:93:f5:3b:0b:6c:be:59:0f:2a:fa:8a:57:47:
         49:55:39:bb:a2:25:aa:70:f5:53:5e:56:88:1a:41:d0:2c:b4:
         15:ed:84:30:26:9b:90:e7:ed:17:47:9e:5f:d0:e0:5f:18:93:
         a9:64:82:06:28:e7:92:d1:1d:59:19:81:0b:e7:ee:4c:5f:3d:
         bf:d7:cd:a9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUa2zMdr8B9+1CeYL5xn3ki19ycHowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAyMjExMTE0MzJaFw0yNTAyMTkxMTE5MzJaMDMxMTAvBgNV
BAMTKDJEMDNBODZGMDRERDI1QzNBMTU2RTcyMDE2OTM1NzBGMTc0RTBDRTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaOHlm8Ir6gV7ely982xO5l2/G
WBamei2WmmLC/m/jS4TWmdWV3Ky8yHD62Epmmp2f8/DrHPt1DYls5JS9ZDYPqW7J
Vjn1cptD8T4uET9O1GHWWHb5E+Q3r4LC/cYUKYV3UdG8cW+cEcSyVxqJeiO/WXJR
cwdkRfw9qi75VrLCXX5zU/Li0TcB/1FsXFI4KqJvMMENFesxZY3lF4OQH6BJql4m
OUpYT0/uUzH2DqEb0pQENRp2oJQTVUqI8Te46JsFDGq+sSAqna8AfHdPQpO2eUd4
QO8LvK1ocj1uqAuunencSm8j49aYHZ0GNqIL6prXG5Q5JCFMiGWHg6E7cPJhAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQULQOobwTdJcOhVucgFpNXDxdODOcwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtjuww
DQYJKoZIhvcNAQELBQADggEBACindcYOj88D5W276S/5TjSdVM2bZrK1kHWAoqqt
8KaLqDH53J/epPjphWfc3hSTjHfci/iYfoaS1L+j+s1Fv4Qwvjwp/SOGtWIlp2HL
fuAZSgZKGaV9PD8bhXo7KNbnKVrq5WZfC+oS5hdEPj4DxDQAY/X3UHnpeqL2AbXt
b0mAtXcvgFoNbk6SBgAflRwfPvny7ZX/LyQ/N7orY66xhl+IGcLULKj17RLh+Ahb
XBozfGPDp1Eveoc8k/U7C2y+WQ8q+opXR0lVObuiJapw9VNeVogaQdAstBXthDAm
m5Dn7RdHnl/Q4F8Yk6lkggYo55LRHVkZgQvn7kxfPb/Xzak=
-----END CERTIFICATE-----