Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          Q7AYeDNn1P0xTJie3ZFNOKaS7G1SbuWz91XdUEsMj/4=
Subject key identifier:   FC:AF:7E:C5:1C:77:7F:1C:FA:83:77:0A:B4:C8:0F:81:3A:54:0C:A6
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       5F52134190A12CA73B3DA7C462D85B1C0827E4AB
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
Signing time:             Fri 28 Mar 2025 21:15:44 +0000
ROA not before:           Fri 28 Mar 2025 21:10:44 +0000
ROA not after:            Fri 27 Mar 2026 21:15:44 +0000
asID:                     16276
IP address blocks:        45.146.80.0/24 maxlen: 24
                          193.151.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 02:24:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:52:13:41:90:a1:2c:a7:3b:3d:a7:c4:62:d8:5b:1c:08:27:e4:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 28 21:10:44 2025 GMT
            Not After : Mar 27 21:15:44 2026 GMT
        Subject: CN=FCAF7EC51C777F1CFA83770AB4C80F813A540CA6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ae:e8:13:45:23:6e:54:70:60:2c:db:84:bb:
                    3d:23:41:38:40:c2:1f:20:92:28:a9:23:c4:43:cb:
                    66:00:60:45:dc:fb:51:17:04:a9:f1:93:2a:e2:5a:
                    a3:6c:f6:9d:b6:9a:88:42:82:4a:17:58:fc:63:6f:
                    6d:20:25:95:ad:5a:aa:78:8a:a7:22:43:3f:ee:04:
                    92:be:cd:cf:bf:be:b0:98:49:9f:55:36:72:8d:a2:
                    db:33:f9:bd:19:ae:32:a6:ce:41:74:18:d4:2f:b8:
                    2c:65:ae:e2:91:03:f6:6f:0f:a2:f2:69:69:f0:22:
                    b3:08:04:e8:25:79:2c:9e:fe:e5:97:e9:bd:13:a0:
                    24:cc:a8:80:6a:1f:67:0a:aa:a3:b1:64:19:ba:08:
                    d5:73:d1:5b:98:84:d3:8f:43:0a:c4:a2:7c:75:21:
                    e0:8f:74:7e:9b:16:f7:65:a4:48:c6:ab:ac:c9:76:
                    37:68:3e:aa:e1:89:79:25:ff:c9:7f:09:65:db:9a:
                    04:80:c2:c0:22:d9:00:62:8f:67:b0:e0:9a:0b:f7:
                    ad:53:66:52:56:f9:0a:e9:a8:f3:7e:7b:f9:a5:b6:
                    c9:cd:92:61:f5:11:1a:b4:f6:58:68:02:fe:39:ad:
                    77:21:5c:d0:ca:c5:8a:5f:c8:c4:f3:8c:46:e1:4b:
                    b9:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:AF:7E:C5:1C:77:7F:1C:FA:83:77:0A:B4:C8:0F:81:3A:54:0C:A6
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.80.0/24
                  193.151.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:a0:62:c2:da:9e:c2:f2:a5:eb:d1:12:ff:f7:68:13:f6:5c:
         3c:f9:5b:f5:54:0d:4b:93:2f:9c:a7:b2:55:1b:94:6c:78:3d:
         99:41:4f:bd:e2:e7:c4:65:8b:aa:08:5f:e3:df:86:d1:f4:86:
         69:75:b9:3f:51:60:8d:73:62:75:fd:18:6c:49:20:47:3d:18:
         c4:a0:b3:53:c2:c8:32:5a:d2:5d:06:0f:c7:4d:54:9b:ac:70:
         e1:cf:06:86:b2:cf:5a:ce:a4:13:b3:2d:ef:4b:0f:13:98:5a:
         c1:49:b9:10:99:7b:5e:c3:97:2a:5b:b8:1e:39:20:ee:bb:b0:
         68:7a:b4:29:ef:f6:c8:b4:d9:db:d2:56:6a:f5:dc:c7:15:6e:
         7f:2b:f8:fb:13:b9:30:23:83:ee:0a:5a:a4:48:10:30:82:6f:
         8d:df:32:92:6c:10:e9:25:d2:5f:19:29:b0:62:bd:14:da:37:
         2f:67:ef:0d:23:6a:cf:63:13:d5:6f:b5:e8:ab:a7:9a:8b:65:
         04:bd:ba:98:8a:e8:3d:3a:ad:26:40:dd:60:f5:6e:52:bc:8b:
         ab:ec:fe:a2:38:6f:87:a6:54:22:18:72:3f:ba:f6:b2:5b:6c:
         76:75:ee:60:ec:80:f6:96:84:f1:04:57:18:a4:cb:89:16:fe:
         dc:01:a0:83
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUX1ITQZChLKc7PafEYthbHAgn5KswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTAzMjgyMTEwNDRaFw0yNjAzMjcyMTE1NDRaMDMxMTAvBgNV
BAMTKEZDQUY3RUM1MUM3NzdGMUNGQTgzNzcwQUI0QzgwRjgxM0E1NDBDQTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCirugTRSNuVHBgLNuEuz0jQThA
wh8gkiipI8RDy2YAYEXc+1EXBKnxkyriWqNs9p22mohCgkoXWPxjb20gJZWtWqp4
iqciQz/uBJK+zc+/vrCYSZ9VNnKNotsz+b0ZrjKmzkF0GNQvuCxlruKRA/ZvD6Ly
aWnwIrMIBOgleSye/uWX6b0ToCTMqIBqH2cKqqOxZBm6CNVz0VuYhNOPQwrEonx1
IeCPdH6bFvdlpEjGq6zJdjdoPqrhiXkl/8l/CWXbmgSAwsAi2QBij2ew4JoL961T
ZlJW+QrpqPN+e/mltsnNkmH1ERq09lhoAv45rXchXNDKxYpfyMTzjEbhS7mZAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU/K9+xRx3fxz6g3cKtMgPgTpUDKYwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtklAD
BADBl7UwDQYJKoZIhvcNAQELBQADggEBAD2gYsLansLypevREv/3aBP2XDz5W/VU
DUuTL5ynslUblGx4PZlBT73i58Rli6oIX+PfhtH0hml1uT9RYI1zYnX9GGxJIEc9
GMSgs1PCyDJa0l0GD8dNVJuscOHPBoayz1rOpBOzLe9LDxOYWsFJuRCZe17Dlypb
uB45IO67sGh6tCnv9si02dvSVmr13McVbn8r+PsTuTAjg+4KWqRIEDCCb43fMpJs
EOkl0l8ZKbBivRTaNy9n7w0jas9jE9Vvteirp5qLZQS9upiK6D06rSZA3WD1blK8
i6vs/qI4b4emVCIYcj+69rJbbHZ17mDsgPaWhPEEVxiky4kW/twBoIM=
-----END CERTIFICATE-----