Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          mWZUjDutGtKkANnWnETdJDCcLgyJ8Q0xGQ+BGHmoCpk=
Subject key identifier:   BA:FF:6E:7E:03:96:8B:B1:24:C4:D5:5A:7D:98:D6:EB:67:13:E0:5E
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       02A08CC9D315DC1937B902097B06FE0AC3CF0BEA
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS16509.roa
Signing time:             Thu 07 Aug 2025 10:14:56 +0000
ROA not before:           Thu 07 Aug 2025 10:09:56 +0000
ROA not after:            Thu 06 Aug 2026 10:14:56 +0000
asID:                     16509
IP address blocks:        2a0f:85c1:3a9::/48 maxlen: 48
                          2a0f:85c1:894::/48 maxlen: 48
                          2a0f:85c1:cc7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 08:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:a0:8c:c9:d3:15:dc:19:37:b9:02:09:7b:06:fe:0a:c3:cf:0b:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug  7 10:09:56 2025 GMT
            Not After : Aug  6 10:14:56 2026 GMT
        Subject: CN=BAFF6E7E03968BB124C4D55A7D98D6EB6713E05E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:8a:1d:a1:98:fa:fe:d1:2c:0e:e1:58:be:c6:
                    3d:dc:d5:b4:c9:5d:2c:16:14:06:eb:59:f2:1c:29:
                    ac:62:7e:08:98:4f:f3:e0:e2:d2:74:27:b1:e3:69:
                    76:36:f7:b4:b8:3c:d2:5a:a3:76:c2:c3:5b:90:a0:
                    d8:70:5c:bc:a3:62:72:88:ef:cc:9f:c7:6e:9a:01:
                    d1:e5:5c:d4:a2:ad:ec:14:75:4b:f9:72:c0:7b:83:
                    f0:b5:89:00:10:d2:21:8c:89:8f:97:dd:f2:80:19:
                    b0:17:4e:ec:2c:c3:cc:c3:3e:8b:d4:75:e3:2e:f5:
                    78:5b:4d:d0:de:39:ad:35:5d:1e:03:86:07:34:e8:
                    91:72:80:10:c9:2b:64:db:56:46:4a:12:ab:81:9e:
                    7e:02:7f:49:92:79:01:9a:fb:03:4e:bd:ea:25:59:
                    c1:a5:fa:e7:be:c3:fc:f8:2d:3d:d9:2b:60:1c:2a:
                    51:a2:f2:23:d6:55:6b:ee:6e:eb:64:5d:55:ef:1f:
                    24:d8:81:42:4d:24:c8:06:1d:36:9c:56:93:28:dd:
                    01:01:39:02:bc:81:e8:19:e3:df:09:51:0e:22:6d:
                    8f:b0:d5:b5:a9:0b:db:23:11:f5:8e:61:4f:e8:11:
                    38:ce:1b:fc:39:44:f8:cd:b5:1d:ce:a1:af:a3:92:
                    97:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:FF:6E:7E:03:96:8B:B1:24:C4:D5:5A:7D:98:D6:EB:67:13:E0:5E
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3a9::/48
                  2a0f:85c1:894::/48
                  2a0f:85c1:cc7::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:05:aa:3b:9f:23:23:60:37:92:b6:9f:d7:fd:b4:e5:a5:36:
         47:ab:63:f5:8c:00:95:aa:4c:39:93:8e:41:cb:d5:87:8a:d4:
         82:ec:c3:af:11:df:16:a8:66:09:b4:a6:c9:ae:77:5b:51:de:
         cf:67:fb:ef:81:89:83:df:c9:c4:64:cb:cd:0d:35:fe:6c:df:
         a4:10:91:f0:31:30:6a:6d:cb:b3:5a:78:a1:12:7a:70:18:a3:
         9b:00:3a:da:4c:f5:f5:b9:28:0a:e9:c7:62:e6:b4:dc:45:a2:
         89:83:bd:5a:4e:cd:c9:65:ee:58:6d:26:bb:b1:cc:a4:c3:ea:
         c8:12:3c:3b:02:be:99:0c:88:d3:c7:db:e5:1c:0a:5c:61:60:
         0a:d0:78:a6:2c:62:ee:5f:7b:87:11:6c:f4:d0:f6:ec:d9:40:
         20:e5:85:41:64:a1:fa:df:bc:9e:14:1e:bf:2b:3a:74:fa:a5:
         d8:61:20:c7:47:0f:d0:94:27:20:7d:6d:97:e1:70:d8:cc:01:
         aa:ef:6b:66:78:1c:b7:43:46:20:08:bc:85:1a:a9:3c:5c:25:
         60:96:68:7b:b1:57:ab:3d:c6:13:25:1b:4b:f7:83:9c:52:a6:
         86:38:aa:24:a2:d5:8a:c1:a4:33:09:44:51:a9:b6:7a:4d:0d:
         83:b4:05:64
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIUAqCMydMV3Bk3uQIJewb+CsPPC+owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MDcxMDA5NTZaFw0yNjA4MDYxMDE0NTZaMDMxMTAvBgNV
BAMTKEJBRkY2RTdFMDM5NjhCQjEyNEM0RDU1QTdEOThENkVCNjcxM0UwNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCih2hmPr+0SwO4Vi+xj3c1bTJ
XSwWFAbrWfIcKaxifgiYT/Pg4tJ0J7HjaXY297S4PNJao3bCw1uQoNhwXLyjYnKI
78yfx26aAdHlXNSirewUdUv5csB7g/C1iQAQ0iGMiY+X3fKAGbAXTuwsw8zDPovU
deMu9XhbTdDeOa01XR4Dhgc06JFygBDJK2TbVkZKEquBnn4Cf0mSeQGa+wNOveol
WcGl+ue+w/z4LT3ZK2AcKlGi8iPWVWvubutkXVXvHyTYgUJNJMgGHTacVpMo3QEB
OQK8gegZ498JUQ4ibY+w1bWpC9sjEfWOYU/oETjOG/w5RPjNtR3Ooa+jkpcXAgMB
AAGjggIeMIICGjAdBgNVHQ4EFgQUuv9ufgOWi7EkxNVafZjW62cT4F4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNAYIKwYBBQUHAQcBAf8EJTAjMCEEAgACMBsDBwAqD4XB
A6kDBwAqD4XBCJQDBwAqD4XBDMcwDQYJKoZIhvcNAQELBQADggEBAJwFqjufIyNg
N5K2n9f9tOWlNkerY/WMAJWqTDmTjkHL1YeK1ILsw68R3xaoZgm0psmud1tR3s9n
+++BiYPfycRky80NNf5s36QQkfAxMGpty7NaeKESenAYo5sAOtpM9fW5KArpx2Lm
tNxFoomDvVpOzcll7lhtJruxzKTD6sgSPDsCvpkMiNPH2+UcClxhYArQeKYsYu5f
e4cRbPTQ9uzZQCDlhUFkofrfvJ4UHr8rOnT6pdhhIMdHD9CUJyB9bZfhcNjMAarv
a2Z4HLdDRiAIvIUaqTxcJWCWaHuxV6s9xhMlG0v3g5xSpoY4qiSi1YrBpDMJRFGp
tnpNDYO0BWQ=
-----END CERTIFICATE-----