Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          21S0BElZXNDjfKOK+x6rPMhq4nfH/6ZmMZd67MDmeLo=
Subject key identifier:   01:0A:63:DA:2F:F9:86:22:06:43:61:1B:39:51:B0:36:E6:7E:43:4E
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       5716DD0170AC1FAC8940A6FCB92B0BD1CE2859B4
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16509.roa
Signing time:             Fri 29 Mar 2024 17:45:56 +0000
ROA not before:           Fri 29 Mar 2024 17:40:56 +0000
ROA not after:            Fri 28 Mar 2025 17:45:56 +0000
asID:                     16509
IP address blocks:        193.142.18.0/24 maxlen: 24
                          194.5.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:16:dd:01:70:ac:1f:ac:89:40:a6:fc:b9:2b:0b:d1:ce:28:59:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 29 17:40:56 2024 GMT
            Not After : Mar 28 17:45:56 2025 GMT
        Subject: CN=010A63DA2FF986220643611B3951B036E67E434E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:eb:37:d0:2e:0e:37:4a:06:bb:a1:76:d8:7f:
                    32:f4:a4:1e:07:24:da:83:ac:c0:ff:66:b7:7f:2a:
                    d3:a1:f2:20:9f:12:f0:cd:9f:17:38:9d:bf:55:a2:
                    41:53:a0:e6:9f:57:26:9e:61:13:56:8d:41:ba:a6:
                    fb:26:c2:43:3c:9e:33:e1:e3:35:45:c9:5c:97:f8:
                    7e:cc:30:0e:02:69:42:9d:c5:45:23:68:7a:8b:e6:
                    d4:33:cf:ec:29:9a:4e:fd:51:37:03:a2:18:1d:74:
                    4e:8f:3e:89:6a:25:be:6e:52:d8:eb:ff:01:d9:a9:
                    95:b7:d6:95:a2:56:b6:48:4e:2c:70:79:10:3f:3e:
                    94:2e:c4:93:9a:6f:eb:8d:1d:90:ae:f2:42:71:bc:
                    c0:e4:a2:3a:df:9c:e6:74:84:b2:75:90:af:75:d8:
                    d7:df:e0:30:b6:01:0b:96:f1:6e:fd:db:b5:9d:f4:
                    09:65:51:e5:21:de:53:d3:51:8e:9d:24:eb:e4:5a:
                    ca:a9:6e:86:2e:75:92:56:02:81:95:43:cc:1c:49:
                    86:7f:3a:2e:d1:69:cf:86:34:93:e0:5f:a8:82:b2:
                    3e:d0:9a:1d:48:37:5d:c4:bb:f0:35:12:46:60:7d:
                    e0:a4:a2:9d:0a:b5:62:2b:6e:41:0d:fe:b8:37:6e:
                    54:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:0A:63:DA:2F:F9:86:22:06:43:61:1B:39:51:B0:36:E6:7E:43:4E
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.18.0/24
                  194.5.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:80:7d:1f:9e:a7:db:56:fa:4e:0a:7d:1a:80:0a:3c:cc:7d:
         5c:83:d2:f1:f0:75:56:8f:41:d0:ec:0e:81:d8:4d:37:bb:49:
         a0:6e:ea:02:f1:6e:9f:03:77:1a:39:fe:59:38:3e:54:d9:99:
         0f:eb:50:7c:93:cd:7d:c9:ac:5d:1d:b8:dd:b3:cf:e8:17:b1:
         98:27:c1:be:63:23:26:bf:25:73:01:b7:d9:96:61:cb:60:10:
         f6:d6:96:ec:a3:92:e0:d7:a9:2c:80:9a:93:21:c2:1f:ac:c3:
         56:56:25:ff:86:00:18:30:71:7d:09:bf:d1:b5:26:e0:6d:35:
         ec:5f:0e:fc:91:1d:fd:b4:ab:45:0b:87:88:e9:6a:67:6b:23:
         04:6c:3f:e9:e7:4f:0a:40:4c:b4:98:eb:80:ee:cd:c9:87:e2:
         f1:d1:ce:b6:03:88:e0:fd:83:7a:1e:98:ca:13:6c:98:c1:bc:
         72:f8:bc:b4:dd:1a:df:5c:d3:a4:25:e1:66:67:a6:d1:14:40:
         06:3e:fe:65:3a:4d:cd:47:86:13:f8:6d:1c:65:49:2b:69:fb:
         a2:61:ff:26:b2:b2:0d:6d:d6:ed:05:e5:0a:60:ca:19:2c:3b:
         91:7c:b3:f7:56:80:e0:96:bd:fd:9c:4a:e8:da:8c:ea:31:0c:
         9e:37:76:1e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUVxbdAXCsH6yJQKb8uSsL0c4oWbQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAzMjkxNzQwNTZaFw0yNTAzMjgxNzQ1NTZaMDMxMTAvBgNV
BAMTKDAxMEE2M0RBMkZGOTg2MjIwNjQzNjExQjM5NTFCMDM2RTY3RTQzNEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc6zfQLg43Sga7oXbYfzL0pB4H
JNqDrMD/Zrd/KtOh8iCfEvDNnxc4nb9VokFToOafVyaeYRNWjUG6pvsmwkM8njPh
4zVFyVyX+H7MMA4CaUKdxUUjaHqL5tQzz+wpmk79UTcDohgddE6PPolqJb5uUtjr
/wHZqZW31pWiVrZITixweRA/PpQuxJOab+uNHZCu8kJxvMDkojrfnOZ0hLJ1kK91
2Nff4DC2AQuW8W7927Wd9AllUeUh3lPTUY6dJOvkWsqpboYudZJWAoGVQ8wcSYZ/
Oi7Rac+GNJPgX6iCsj7Qmh1IN13Eu/A1EkZgfeCkop0KtWIrbkEN/rg3blS7AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUAQpj2i/5hiIGQ2EbOVGwNuZ+Q04wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBADBjhID
BADCBZMwDQYJKoZIhvcNAQELBQADggEBAFKAfR+ep9tW+k4KfRqACjzMfVyD0vHw
dVaPQdDsDoHYTTe7SaBu6gLxbp8Ddxo5/lk4PlTZmQ/rUHyTzX3JrF0duN2zz+gX
sZgnwb5jIya/JXMBt9mWYctgEPbWluyjkuDXqSyAmpMhwh+sw1ZWJf+GABgwcX0J
v9G1JuBtNexfDvyRHf20q0ULh4jpamdrIwRsP+nnTwpATLSY64DuzcmH4vHRzrYD
iOD9g3oemMoTbJjBvHL4vLTdGt9c06Ql4WZnptEUQAY+/mU6Tc1HhhP4bRxlSStp
+6Jh/yaysg1t1u0F5QpgyhksO5F8s/dWgOCWvf2cSujajOoxDJ43dh4=
-----END CERTIFICATE-----