Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          rmwPFadbHnQc6Z0Bgvwy/9kUM/8JUSmhv0OFf2IkOsY=
Subject key identifier:   C2:2E:8E:2D:5D:56:5E:51:11:31:0C:05:2D:5F:DD:C8:75:F2:38:0E
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       2E078A09A13D19CD5AD455AF9575F263127A6FE6
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS16509.roa
Signing time:             Tue 17 Sep 2024 04:25:58 +0000
ROA not before:           Tue 17 Sep 2024 04:20:58 +0000
ROA not after:            Tue 16 Sep 2025 04:25:58 +0000
asID:                     16509
IP address blocks:        2a0f:85c1:3a9::/48 maxlen: 48
                          2a0f:85c1:894::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:07:8a:09:a1:3d:19:cd:5a:d4:55:af:95:75:f2:63:12:7a:6f:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 17 04:20:58 2024 GMT
            Not After : Sep 16 04:25:58 2025 GMT
        Subject: CN=C22E8E2D5D565E5111310C052D5FDDC875F2380E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:77:b6:6b:bc:d3:72:5d:fc:e0:44:f2:a1:be:
                    68:0c:c9:22:3d:fd:59:f1:ea:8d:41:be:c8:1f:a5:
                    7a:04:91:66:bf:2d:39:fe:5d:65:80:b1:ff:c4:4e:
                    e4:02:6e:dd:1e:a9:cc:32:b2:c0:08:1d:3e:5b:75:
                    2e:ed:16:a3:da:5b:b5:1a:37:5b:11:67:04:5c:02:
                    f8:71:1d:ae:eb:57:51:d4:e3:e8:be:0e:1d:17:45:
                    07:68:1a:8e:9e:66:01:28:b2:06:58:79:a3:85:c4:
                    4b:e5:40:6e:6a:37:cd:a2:e3:12:37:8f:79:c5:fd:
                    da:57:31:65:4c:92:c4:a3:9c:3f:1d:ca:ca:73:a6:
                    39:e4:96:42:e2:4b:b4:8e:9b:53:f5:55:91:6b:3a:
                    d2:9e:3f:0a:19:69:6d:64:e9:62:1e:fd:6b:6d:4a:
                    94:69:8e:d4:a2:be:6f:a0:23:25:14:27:57:9f:19:
                    bf:27:4e:22:bc:fb:f3:40:a7:30:d1:31:28:5e:3c:
                    d8:76:8e:99:2c:e5:73:6c:01:44:ef:d6:98:29:2f:
                    cf:0f:23:9c:88:16:1f:76:75:29:c3:02:dc:12:65:
                    34:44:4d:18:92:7a:19:a4:ea:fe:a2:8d:21:65:fa:
                    6b:b8:53:01:41:79:41:53:03:9f:c7:f8:cf:5b:18:
                    7d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:2E:8E:2D:5D:56:5E:51:11:31:0C:05:2D:5F:DD:C8:75:F2:38:0E
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3a9::/48
                  2a0f:85c1:894::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:d3:bb:26:0b:01:38:9a:5d:fa:22:af:1d:70:09:2c:bb:53:
         68:64:1b:e5:d4:e2:5e:b4:41:78:8e:ca:30:ee:89:00:71:b3:
         a8:f2:37:a1:ec:ae:cf:bd:d4:1d:c6:d1:a9:e3:59:d9:26:01:
         ce:a4:e9:1c:c7:ed:ed:c7:fc:31:80:fd:b5:23:7d:5f:2e:ad:
         3b:97:cb:61:7b:30:ba:ca:8c:a0:dd:ea:25:9a:62:c6:e5:83:
         50:75:8d:6d:e0:71:69:9c:6a:53:05:0e:72:cc:19:fe:3a:37:
         69:de:26:e9:28:06:14:10:f9:e7:00:54:bb:8f:26:f7:61:ca:
         2e:57:28:dc:79:b8:0a:ff:0a:35:e4:44:fe:5e:57:55:4b:6e:
         be:02:10:e7:32:34:a7:67:4d:ec:6b:25:03:03:34:ae:1c:e7:
         00:ca:92:97:21:cb:93:ad:20:90:e4:41:53:2b:5d:87:84:aa:
         80:50:35:33:7e:fb:9e:34:7c:7a:fa:73:f7:a2:29:2e:0b:58:
         94:39:7b:75:c1:70:62:71:8b:20:7d:93:2a:dc:2a:ff:5a:62:
         85:29:8b:2d:54:98:ff:4e:74:76:0c:b7:0d:01:4f:b0:f5:49:
         06:74:c6:78:ca:59:64:cf:48:cb:b1:42:41:23:16:bc:58:8f:
         c4:ed:e6:a8
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIULgeKCaE9Gc1a1FWvlXXyYxJ6b+YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA5MTcwNDIwNThaFw0yNTA5MTYwNDI1NThaMDMxMTAvBgNV
BAMTKEMyMkU4RTJENUQ1NjVFNTExMTMxMEMwNTJENUZEREM4NzVGMjM4MEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+d7ZrvNNyXfzgRPKhvmgMySI9
/Vnx6o1BvsgfpXoEkWa/LTn+XWWAsf/ETuQCbt0eqcwyssAIHT5bdS7tFqPaW7Ua
N1sRZwRcAvhxHa7rV1HU4+i+Dh0XRQdoGo6eZgEosgZYeaOFxEvlQG5qN82i4xI3
j3nF/dpXMWVMksSjnD8dyspzpjnklkLiS7SOm1P1VZFrOtKePwoZaW1k6WIe/Wtt
SpRpjtSivm+gIyUUJ1efGb8nTiK8+/NApzDRMShePNh2jpks5XNsAUTv1pgpL88P
I5yIFh92dSnDAtwSZTRETRiSehmk6v6ijSFl+mu4UwFBeUFTA5/H+M9bGH29AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUwi6OLV1WXlERMQwFLV/dyHXyOA4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwAqD4XB
A6kDBwAqD4XBCJQwDQYJKoZIhvcNAQELBQADggEBABzTuyYLATiaXfoirx1wCSy7
U2hkG+XU4l60QXiOyjDuiQBxs6jyN6Hsrs+91B3G0anjWdkmAc6k6RzH7e3H/DGA
/bUjfV8urTuXy2F7MLrKjKDd6iWaYsblg1B1jW3gcWmcalMFDnLMGf46N2neJuko
BhQQ+ecAVLuPJvdhyi5XKNx5uAr/CjXkRP5eV1VLbr4CEOcyNKdnTexrJQMDNK4c
5wDKkpchy5OtIJDkQVMrXYeEqoBQNTN++540fHr6c/eiKS4LWJQ5e3XBcGJxiyB9
kyrcKv9aYoUpiy1UmP9OdHYMtw0BT7D1SQZ0xnjKWWTPSMuxQkEjFrxYj8Tt5qg=
-----END CERTIFICATE-----