Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          O05R1ju1+zojvRBFoxB+hUlsZqLBy01HPEK1E1qpqv4=
Subject key identifier:   1D:C2:35:D5:8B:F1:55:64:4C:1D:E2:57:71:46:18:93:E2:B2:3B:F5
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       570C658BFF025B12992668350EC936E58B43C20B
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16509.roa
Signing time:             Mon 11 Nov 2024 10:07:16 +0000
ROA not before:           Mon 11 Nov 2024 10:02:16 +0000
ROA not after:            Mon 10 Nov 2025 10:07:16 +0000
asID:                     16509
IP address blocks:        193.142.18.0/24 maxlen: 24
                          193.164.10.0/24 maxlen: 24
                          194.5.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:0c:65:8b:ff:02:5b:12:99:26:68:35:0e:c9:36:e5:8b:43:c2:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 11 10:02:16 2024 GMT
            Not After : Nov 10 10:07:16 2025 GMT
        Subject: CN=1DC235D58BF155644C1DE25771461893E2B23BF5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:66:59:6f:a9:5d:ba:bd:43:62:ed:65:f8:4d:
                    e2:9e:2f:83:b7:c5:f8:cb:db:cc:6b:c0:9c:ca:34:
                    30:a0:e8:94:3d:98:5d:00:30:7f:e2:76:7b:1c:23:
                    26:49:d4:35:e3:6a:0a:97:35:05:26:ed:97:16:c2:
                    3e:63:6c:6e:de:f3:b4:40:d8:8c:e3:66:02:d5:b5:
                    d0:07:07:a7:f1:f1:c6:05:d5:58:bb:7d:60:1d:67:
                    74:65:db:55:ab:5c:0e:e0:55:bf:54:08:f4:cc:65:
                    17:0e:39:9e:a0:37:ae:b2:50:3c:11:e9:1e:c9:cb:
                    6f:0e:65:7c:3d:c8:ac:86:5d:c3:4c:8a:c9:b7:e2:
                    c4:f7:0f:7e:68:62:f5:cc:5b:4b:73:cd:4f:2a:a2:
                    83:3f:40:01:a8:c1:0e:ed:e7:7c:0f:8b:75:2d:9c:
                    8f:33:c5:2c:d9:00:c6:ff:e7:07:da:35:fd:9e:31:
                    4a:df:8e:46:43:e3:bd:2c:52:ff:96:25:92:53:9a:
                    d5:8a:2a:7f:1d:e3:c7:fa:06:86:39:26:c1:e6:85:
                    45:4d:02:81:35:70:70:ea:24:7e:42:5d:6f:d5:dc:
                    d9:fd:28:d6:76:74:20:7d:43:c9:6e:be:3c:a9:e5:
                    90:bd:2c:73:9d:98:9a:c9:3d:fd:91:33:5f:bc:84:
                    3c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:C2:35:D5:8B:F1:55:64:4C:1D:E2:57:71:46:18:93:E2:B2:3B:F5
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.18.0/24
                  193.164.10.0/24
                  194.5.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:35:ae:ce:79:0f:82:83:25:5a:9f:b0:47:9b:fe:72:46:e9:
         47:7a:6a:93:a7:f0:40:65:10:2e:90:9a:25:77:2d:70:de:ad:
         5c:2b:9a:14:4f:4e:ce:63:0a:71:40:87:6f:06:0a:93:cf:44:
         b7:0c:85:9e:1d:17:4e:44:e0:8e:1a:e3:27:b4:49:5d:ce:66:
         97:c1:aa:f6:8e:f7:80:8f:4c:29:dd:f5:d5:ab:57:78:09:56:
         37:b5:95:f6:26:5f:5b:50:b4:3b:9f:21:8c:45:39:12:88:38:
         a0:97:ee:f3:51:c9:c2:c6:2c:40:dd:8c:25:2c:0c:a4:57:c7:
         d1:10:17:c1:a1:6f:a1:bf:1b:6a:5a:3b:c2:0d:62:d4:75:4c:
         c2:04:ca:ed:9f:d5:67:42:ec:3c:ee:00:60:b9:51:2b:3a:d0:
         11:8a:82:ab:bb:80:50:f9:ad:3b:31:d0:b5:25:f7:e4:5b:54:
         1d:59:0f:84:4c:29:67:20:6b:a9:0c:c6:7b:f3:67:be:ac:34:
         ea:bd:72:da:9f:f4:64:a0:cc:3d:94:6c:7a:9f:e5:3d:bd:22:
         eb:f0:92:bc:39:73:e0:e0:86:eb:d7:7e:98:03:5e:b2:1d:c4:
         0a:9f:ed:65:fd:b1:ff:c4:03:63:f1:86:b9:25:d1:dc:9b:f0:
         db:e1:f5:59
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUVwxli/8CWxKZJmg1Dsk25YtDwgswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDExMTExMDAyMTZaFw0yNTExMTAxMDA3MTZaMDMxMTAvBgNV
BAMTKDFEQzIzNUQ1OEJGMTU1NjQ0QzFERTI1NzcxNDYxODkzRTJCMjNCRjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrZllvqV26vUNi7WX4TeKeL4O3
xfjL28xrwJzKNDCg6JQ9mF0AMH/idnscIyZJ1DXjagqXNQUm7ZcWwj5jbG7e87RA
2IzjZgLVtdAHB6fx8cYF1Vi7fWAdZ3Rl21WrXA7gVb9UCPTMZRcOOZ6gN66yUDwR
6R7Jy28OZXw9yKyGXcNMism34sT3D35oYvXMW0tzzU8qooM/QAGowQ7t53wPi3Ut
nI8zxSzZAMb/5wfaNf2eMUrfjkZD470sUv+WJZJTmtWKKn8d48f6BoY5JsHmhUVN
AoE1cHDqJH5CXW/V3Nn9KNZ2dCB9Q8luvjyp5ZC9LHOdmJrJPf2RM1+8hDwxAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUHcI11YvxVWRMHeJXcUYYk+KyO/UwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBADBjhID
BADBpAoDBADCBZMwDQYJKoZIhvcNAQELBQADggEBAEQ1rs55D4KDJVqfsEeb/nJG
6Ud6apOn8EBlEC6QmiV3LXDerVwrmhRPTs5jCnFAh28GCpPPRLcMhZ4dF05E4I4a
4ye0SV3OZpfBqvaO94CPTCnd9dWrV3gJVje1lfYmX1tQtDufIYxFORKIOKCX7vNR
ycLGLEDdjCUsDKRXx9EQF8Ghb6G/G2paO8INYtR1TMIEyu2f1WdC7DzuAGC5USs6
0BGKgqu7gFD5rTsx0LUl9+RbVB1ZD4RMKWcga6kMxnvzZ76sNOq9ctqf9GSgzD2U
bHqf5T29Iuvwkrw5c+DghuvXfpgDXrIdxAqf7WX9sf/EA2Pxhrkl0dyb8Nvh9Vk=
-----END CERTIFICATE-----