Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216183.roa
File:                     AS216183.roa (raw, json)
Hash identifier:          gLOD6vdFNZea4RophR5zFmCljerzy1o9ZhT+9Q2WcIs=
Subject key identifier:   08:F8:74:A2:6A:82:EC:38:28:21:6B:45:19:78:1F:5B:12:6F:D4:38
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       56BDA3DEC3C22CA0D537C352A9433BC20A89836B
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216183.roa
Signing time:             Mon 20 Oct 2025 15:55:09 +0000
ROA not before:           Mon 20 Oct 2025 15:50:09 +0000
ROA not after:            Mon 19 Oct 2026 15:55:09 +0000
asID:                     216183
IP address blocks:        45.153.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 02:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:bd:a3:de:c3:c2:2c:a0:d5:37:c3:52:a9:43:3b:c2:0a:89:83:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 20 15:50:09 2025 GMT
            Not After : Oct 19 15:55:09 2026 GMT
        Subject: CN=08F874A26A82EC3828216B4519781F5B126FD438
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b7:ea:8e:d8:73:75:0d:c8:cf:cb:ba:2d:a4:
                    c6:9b:08:39:f1:b6:d2:dc:42:bb:5f:f5:02:93:29:
                    19:7d:b8:d1:40:29:1e:58:d4:cc:9b:b5:ae:03:53:
                    aa:56:41:43:4b:e6:21:19:c4:59:66:48:f2:be:4c:
                    22:9e:62:3a:62:7e:50:1d:59:e6:41:81:23:95:0a:
                    e9:5c:ca:25:67:5f:57:ba:e6:a1:f9:21:ba:e6:ac:
                    96:48:7f:17:89:e4:0d:92:dc:05:93:dc:6a:f6:c0:
                    da:ad:22:93:4a:0c:7f:48:3c:51:ad:0e:6f:b0:bb:
                    10:a9:24:85:db:17:06:16:20:d5:64:cc:7d:43:09:
                    e1:b3:ba:a4:9b:a4:b4:eb:9e:7e:1f:a6:84:f7:d1:
                    14:85:ad:fc:bd:c2:ad:d2:db:d7:29:ce:5f:f4:f8:
                    ec:c5:51:04:f3:bb:b5:18:c7:20:5e:56:1a:35:9d:
                    d3:f0:61:1f:61:3f:76:b7:7f:9f:26:09:c0:8d:7f:
                    80:be:c3:f0:84:2e:54:d1:ae:18:4a:86:3d:a0:2d:
                    9c:06:e7:77:f9:b1:bf:ab:47:ab:89:be:81:09:db:
                    2a:89:c2:46:2d:b4:14:b5:1e:50:e2:e1:d6:7f:93:
                    59:68:d2:08:71:36:d6:ca:42:a0:f0:06:73:bf:8f:
                    c2:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:F8:74:A2:6A:82:EC:38:28:21:6B:45:19:78:1F:5B:12:6F:D4:38
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216183.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:cd:bd:84:3a:8e:5d:50:52:34:e5:b9:a9:5d:a1:d9:3e:f7:
         0d:ef:6f:00:98:dc:fe:50:5c:65:3f:4c:3d:7a:7c:2a:c3:b6:
         00:5f:66:fe:0f:9c:2c:0a:00:9f:15:50:17:4e:f5:c4:fa:79:
         0c:50:86:e9:85:6b:2d:a2:f1:88:87:d8:be:7b:f8:13:67:86:
         57:82:8f:16:03:cf:5a:02:b0:fa:a1:03:a4:cb:0c:4d:37:06:
         cf:de:4b:d8:8e:b3:13:2e:5d:1a:ef:ea:da:70:43:73:4f:42:
         38:37:45:c7:85:a9:6d:9c:d8:27:eb:01:a3:b7:a6:d4:d6:c2:
         b5:6f:fe:c4:1d:a8:96:d8:ce:d5:5a:53:e3:91:69:99:2a:61:
         ac:0d:d8:96:f2:75:3a:0e:45:b6:a0:a7:d9:fb:88:63:be:81:
         f4:bc:90:e3:8f:be:e6:d5:d9:2c:4a:ab:32:3f:6e:e4:02:4f:
         2e:82:05:60:89:e5:13:30:a7:c5:52:96:de:d9:02:98:fa:08:
         b0:02:25:33:26:f2:aa:2a:52:7f:c2:c7:8f:d4:84:25:13:1b:
         dc:56:4c:32:77:45:22:d6:ce:24:3a:a4:9c:47:c9:8f:86:91:
         46:41:16:5e:0a:76:b6:0d:52:b6:a7:37:d2:f3:e3:64:2a:2b:
         60:94:ea:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVr2j3sPCLKDVN8NSqUM7wgqJg2swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEwMjAxNTUwMDlaFw0yNjEwMTkxNTU1MDlaMDMxMTAvBgNV
BAMTKDA4Rjg3NEEyNkE4MkVDMzgyODIxNkI0NTE5NzgxRjVCMTI2RkQ0MzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNt+qO2HN1DcjPy7otpMabCDnx
ttLcQrtf9QKTKRl9uNFAKR5Y1Mybta4DU6pWQUNL5iEZxFlmSPK+TCKeYjpiflAd
WeZBgSOVCulcyiVnX1e65qH5IbrmrJZIfxeJ5A2S3AWT3Gr2wNqtIpNKDH9IPFGt
Dm+wuxCpJIXbFwYWINVkzH1DCeGzuqSbpLTrnn4fpoT30RSFrfy9wq3S29cpzl/0
+OzFUQTzu7UYxyBeVho1ndPwYR9hP3a3f58mCcCNf4C+w/CELlTRrhhKhj2gLZwG
53f5sb+rR6uJvoEJ2yqJwkYttBS1HlDi4dZ/k1lo0ghxNtbKQqDwBnO/j8JtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCPh0omqC7DgoIWtFGXgfWxJv1DgwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE2MTgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZkF
MA0GCSqGSIb3DQEBCwUAA4IBAQB6zb2EOo5dUFI05bmpXaHZPvcN728AmNz+UFxl
P0w9enwqw7YAX2b+D5wsCgCfFVAXTvXE+nkMUIbphWstovGIh9i+e/gTZ4ZXgo8W
A89aArD6oQOkywxNNwbP3kvYjrMTLl0a7+racENzT0I4N0XHhaltnNgn6wGjt6bU
1sK1b/7EHaiW2M7VWlPjkWmZKmGsDdiW8nU6DkW2oKfZ+4hjvoH0vJDjj77m1dks
SqsyP27kAk8uggVgieUTMKfFUpbe2QKY+giwAiUzJvKqKlJ/wseP1IQlExvcVkwy
d0Ui1s4kOqScR8mPhpFGQRZeCna2DVK2pzfS8+NkKitglOr6
-----END CERTIFICATE-----