Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          FNEKZt0L+cT0/WWrApLPhm5tgBy6EwIRxIHRsbI4cuM=
Subject key identifier:   8B:F4:53:2E:8B:B8:28:D6:EF:0F:8B:53:6C:1A:3A:56:06:B5:6E:03
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       611CAED52FAFE288D14FA338D8DBA06CF0A928C1
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS16509.roa
Signing time:             Sat 09 Mar 2024 20:25:10 +0000
ROA not before:           Sat 09 Mar 2024 20:20:10 +0000
ROA not after:            Sat 08 Mar 2025 20:25:10 +0000
asID:                     16509
IP address blocks:        141.11.12.0/22 maxlen: 24
                          141.11.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:1c:ae:d5:2f:af:e2:88:d1:4f:a3:38:d8:db:a0:6c:f0:a9:28:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar  9 20:20:10 2024 GMT
            Not After : Mar  8 20:25:10 2025 GMT
        Subject: CN=8BF4532E8BB828D6EF0F8B536C1A3A5606B56E03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2f:03:e1:e0:34:64:c8:f0:30:d3:ec:25:bf:
                    ee:09:3c:ae:f6:a2:a4:86:91:3e:f4:f6:94:32:9e:
                    39:5a:29:2b:a0:57:0a:b8:bb:a5:10:a1:12:e6:fb:
                    a0:92:cb:a6:05:2d:23:dd:d9:22:68:bf:fd:42:3f:
                    32:5c:28:e1:78:93:f4:c9:d3:aa:4f:17:95:92:e7:
                    71:11:21:d1:e1:91:52:31:09:a4:b3:e6:6d:ae:cd:
                    9b:6d:a7:86:98:81:e4:55:33:74:4b:ae:1b:f4:68:
                    c7:f3:4f:df:ed:0d:fb:b1:72:c1:98:e9:fa:5d:11:
                    5f:c7:d8:60:54:c3:a9:e0:98:63:70:16:e5:81:d7:
                    07:66:38:d5:71:de:a5:18:8b:7e:8d:a6:50:54:e2:
                    12:53:3e:eb:f5:a3:50:86:cb:f9:e2:8e:a7:57:7d:
                    34:c5:fc:8a:79:05:cb:4d:35:6f:76:d2:96:69:05:
                    31:8f:c2:07:b4:7b:53:8b:af:8a:ea:d0:26:a5:e9:
                    21:2a:8e:e3:06:6e:bc:db:ee:d4:00:2c:56:78:0a:
                    28:70:37:e1:be:89:3b:7a:51:30:94:54:a3:cd:7d:
                    87:7a:1e:66:14:0e:5d:21:db:b0:dc:4d:da:8f:d7:
                    7c:97:a2:ad:ec:85:20:93:e4:e0:0c:cf:c0:07:98:
                    8b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F4:53:2E:8B:B8:28:D6:EF:0F:8B:53:6C:1A:3A:56:06:B5:6E:03
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.12.0/22
                  141.11.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:85:0a:35:33:3b:ee:58:4d:1e:9b:3f:b0:f3:68:ca:ff:73:
         7a:d9:f1:27:b9:b7:bf:8e:5b:30:a0:8b:83:e8:82:09:73:82:
         c0:3f:5c:3a:dc:48:46:f3:6e:7d:e2:a9:6a:5b:0b:52:50:fb:
         bb:44:f6:d2:a5:2d:ce:81:56:87:ef:66:d5:04:79:0b:ed:fe:
         2c:a0:a9:50:09:60:50:1a:ee:1c:da:3a:5e:62:11:81:2b:77:
         e1:82:ad:c4:6a:4c:07:90:87:cd:92:b4:9f:0e:7e:73:70:4e:
         39:f1:90:92:a3:7e:ec:90:b2:9f:a7:7c:a1:27:7a:bd:b1:85:
         df:a3:66:ca:6d:63:b5:3c:be:d1:58:9c:9b:fd:68:ed:09:72:
         8b:21:af:2c:60:dd:29:de:c2:73:b3:14:b1:b5:14:90:ac:00:
         d8:84:1d:d3:dc:de:07:9e:b1:07:92:db:30:97:14:95:cc:07:
         d5:45:55:9b:18:1f:39:d0:14:ec:03:62:d5:69:2b:aa:be:0d:
         f8:18:2a:c8:1d:f7:aa:37:90:d9:5f:b1:f9:96:1f:80:88:e1:
         2f:bd:e6:7c:3b:d0:9b:3e:c1:6b:b9:89:56:ee:fc:0a:03:4d:
         e2:5f:9a:9b:40:5d:60:16:ec:89:c9:37:b4:d1:ab:c2:e0:df:
         8d:76:c2:63
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUYRyu1S+v4ojRT6M42NugbPCpKMEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAzMDkyMDIwMTBaFw0yNTAzMDgyMDI1MTBaMDMxMTAvBgNV
BAMTKDhCRjQ1MzJFOEJCODI4RDZFRjBGOEI1MzZDMUEzQTU2MDZCNTZFMDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyLwPh4DRkyPAw0+wlv+4JPK72
oqSGkT709pQynjlaKSugVwq4u6UQoRLm+6CSy6YFLSPd2SJov/1CPzJcKOF4k/TJ
06pPF5WS53ERIdHhkVIxCaSz5m2uzZttp4aYgeRVM3RLrhv0aMfzT9/tDfuxcsGY
6fpdEV/H2GBUw6ngmGNwFuWB1wdmONVx3qUYi36NplBU4hJTPuv1o1CGy/nijqdX
fTTF/Ip5BctNNW920pZpBTGPwge0e1OLr4rq0Cal6SEqjuMGbrzb7tQALFZ4Cihw
N+G+iTt6UTCUVKPNfYd6HmYUDl0h27DcTdqP13yXoq3shSCT5OAMz8AHmIuZAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUi/RTLou4KNbvD4tTbBo6Vga1bgMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAKNCwwD
BACNC3cwDQYJKoZIhvcNAQELBQADggEBADGFCjUzO+5YTR6bP7DzaMr/c3rZ8Se5
t7+OWzCgi4PogglzgsA/XDrcSEbzbn3iqWpbC1JQ+7tE9tKlLc6BVofvZtUEeQvt
/iygqVAJYFAa7hzaOl5iEYErd+GCrcRqTAeQh82StJ8OfnNwTjnxkJKjfuyQsp+n
fKEner2xhd+jZsptY7U8vtFYnJv9aO0Jcoshryxg3SnewnOzFLG1FJCsANiEHdPc
3geesQeS2zCXFJXMB9VFVZsYHznQFOwDYtVpK6q+DfgYKsgd96o3kNlfsfmWH4CI
4S+95nw70Js+wWu5iVbu/AoDTeJfmptAXWAW7InJN7TRq8Lg3412wmM=
-----END CERTIFICATE-----