Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          puxKO9Cu+kzpvKZyIxL8zwost0/IELgSs5xNgGg7u7A=
Subject key identifier:   1B:0A:88:7E:27:27:E4:90:65:E6:58:9F:CC:14:83:C9:D5:62:E2:8D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       519138162059CE219873E5C0FD2573DBF4FDE1FB
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS16276.roa
Signing time:             Wed 20 Nov 2024 20:31:03 +0000
ROA not before:           Wed 20 Nov 2024 20:26:03 +0000
ROA not after:            Wed 19 Nov 2025 20:31:03 +0000
asID:                     16276
IP address blocks:        141.11.40.0/24 maxlen: 24
                          141.11.74.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:91:38:16:20:59:ce:21:98:73:e5:c0:fd:25:73:db:f4:fd:e1:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 20 20:26:03 2024 GMT
            Not After : Nov 19 20:31:03 2025 GMT
        Subject: CN=1B0A887E2727E49065E6589FCC1483C9D562E28D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:d7:25:eb:6a:9c:c4:0b:45:a4:bb:7c:0b:87:
                    4b:e5:bc:f0:c2:a9:41:67:32:ad:a6:74:60:8e:6c:
                    53:78:b5:45:30:53:b9:62:76:0c:ca:4e:b8:db:31:
                    53:23:54:90:25:c4:26:ac:de:80:c9:4e:9f:aa:ce:
                    15:e2:25:2b:d6:57:a1:04:31:e2:95:e8:88:df:87:
                    90:a8:54:0b:60:55:ce:22:d1:16:b8:db:2e:ad:3c:
                    35:87:11:34:70:0b:a9:98:38:6e:ae:1d:d5:f7:45:
                    95:2c:68:48:55:48:7e:c9:0c:71:8b:48:92:7c:c0:
                    6d:61:a6:a3:7f:65:21:90:94:8b:f7:b2:47:b6:b4:
                    00:74:b0:4e:a9:74:97:72:9e:96:98:15:de:01:52:
                    b7:2c:4b:72:ef:37:b1:ca:64:89:82:91:53:5c:1b:
                    a3:44:85:40:73:1c:5f:e1:5e:a6:e1:e2:40:0a:ef:
                    ae:f4:56:1f:3a:0e:b2:d6:b2:5f:cb:d6:1d:b8:a5:
                    de:ee:89:69:b9:59:e9:f1:35:8d:03:6e:f9:8c:59:
                    9a:84:02:30:66:4d:44:46:bd:67:18:82:55:98:76:
                    9c:bf:36:d6:63:64:56:08:40:18:6b:d8:22:ea:ac:
                    0f:03:7a:41:11:40:8d:2e:46:3b:94:3a:33:1a:80:
                    8f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:0A:88:7E:27:27:E4:90:65:E6:58:9F:CC:14:83:C9:D5:62:E2:8D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.40.0/24
                  141.11.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:8d:0b:f9:37:cc:54:48:ac:25:b8:db:ab:86:a6:da:f4:61:
         9e:d2:57:5d:6d:ba:07:1f:01:84:65:ad:56:ed:2d:16:a9:2c:
         c1:b1:12:d6:57:a8:7c:ab:f0:dd:11:70:a9:be:df:ee:2e:1c:
         a9:13:bf:48:cb:64:45:0a:c2:c5:0d:9a:2b:b7:3c:f0:37:28:
         49:61:31:32:0b:32:1c:9f:20:c5:57:db:95:af:3d:e0:9f:71:
         eb:bc:4f:1e:cb:9e:d5:1b:18:97:47:31:9f:2b:eb:f4:98:02:
         12:c9:7a:79:9b:fe:c5:e9:67:42:11:73:cd:af:d3:6c:43:51:
         b3:d4:93:a4:66:ff:2c:61:ce:59:b8:24:45:f7:14:b5:3a:99:
         36:9f:1e:f2:ff:28:3c:13:40:72:22:1d:80:d5:ec:7c:e2:83:
         e7:ee:cb:42:4c:08:fa:38:11:77:4a:6e:db:89:fd:37:3f:c9:
         c6:d4:ad:fd:3c:be:57:90:78:fe:cf:ef:46:92:58:a5:6b:7e:
         bb:d2:a3:80:25:4f:b4:ee:e7:49:07:2b:ba:ce:12:54:de:11:
         d8:ae:23:81:b3:8e:bb:0b:f6:19:60:36:bf:1c:be:e2:18:84:
         48:f4:ac:68:f5:5b:a2:cb:e4:8d:04:9f:46:2d:af:3d:df:b4:
         0e:83:5a:14
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUUZE4FiBZziGYc+XA/SVz2/T94fswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDExMjAyMDI2MDNaFw0yNTExMTkyMDMxMDNaMDMxMTAvBgNV
BAMTKDFCMEE4ODdFMjcyN0U0OTA2NUU2NTg5RkNDMTQ4M0M5RDU2MkUyOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDv1yXrapzEC0Wku3wLh0vlvPDC
qUFnMq2mdGCObFN4tUUwU7lidgzKTrjbMVMjVJAlxCas3oDJTp+qzhXiJSvWV6EE
MeKV6Ijfh5CoVAtgVc4i0Ra42y6tPDWHETRwC6mYOG6uHdX3RZUsaEhVSH7JDHGL
SJJ8wG1hpqN/ZSGQlIv3ske2tAB0sE6pdJdynpaYFd4BUrcsS3LvN7HKZImCkVNc
G6NEhUBzHF/hXqbh4kAK7670Vh86DrLWsl/L1h24pd7uiWm5WenxNY0DbvmMWZqE
AjBmTURGvWcYglWYdpy/NtZjZFYIQBhr2CLqrA8DekERQI0uRjuUOjMagI+hAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUGwqIficn5JBl5lifzBSDydVi4o0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNCygD
BAGNC0owDQYJKoZIhvcNAQELBQADggEBAJ6NC/k3zFRIrCW426uGptr0YZ7SV11t
ugcfAYRlrVbtLRapLMGxEtZXqHyr8N0RcKm+3+4uHKkTv0jLZEUKwsUNmiu3PPA3
KElhMTILMhyfIMVX25WvPeCfceu8Tx7LntUbGJdHMZ8r6/SYAhLJenmb/sXpZ0IR
c82v02xDUbPUk6Rm/yxhzlm4JEX3FLU6mTafHvL/KDwTQHIiHYDV7Hzig+fuy0JM
CPo4EXdKbtuJ/Tc/ycbUrf08vleQeP7P70aSWKVrfrvSo4AlT7Tu50kHK7rOElTe
EdiuI4GzjrsL9hlgNr8cvuIYhEj0rGj1W6LL5I0En0Ytrz3ftA6DWhQ=
-----END CERTIFICATE-----