Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          G63wU3SSBPxNgIhxNEL4Mdh/B/nuXOHdLttwvHb+1YQ=
Subject key identifier:   01:D4:95:FA:AC:A5:85:9C:D6:E5:8E:8D:5C:46:F6:9F:6D:CD:F1:D0
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3F22AC8C6FE4AC28D4FE536FA6453588D242898A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16276.roa
Signing time:             Fri 12 Sep 2025 00:05:25 +0000
ROA not before:           Fri 12 Sep 2025 00:00:25 +0000
ROA not after:            Fri 11 Sep 2026 00:05:25 +0000
asID:                     16276
IP address blocks:        2.57.18.0/24 maxlen: 24
                          89.19.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:22:ac:8c:6f:e4:ac:28:d4:fe:53:6f:a6:45:35:88:d2:42:89:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 12 00:00:25 2025 GMT
            Not After : Sep 11 00:05:25 2026 GMT
        Subject: CN=01D495FAACA5859CD6E58E8D5C46F69F6DCDF1D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:0a:c8:41:ab:10:2e:6d:b7:37:1b:c9:d8:59:
                    17:e0:75:d5:5d:d5:cf:c6:f8:e0:19:a5:2f:9c:75:
                    4c:8d:c4:51:2c:a8:c2:fd:55:86:cc:e7:0f:b8:e6:
                    0a:a1:1f:09:bb:39:62:9f:70:af:16:a2:ab:0c:ee:
                    2d:07:ba:59:59:eb:2a:9e:a4:68:20:0c:f1:44:c1:
                    ce:98:7c:3b:7b:7d:0a:06:8b:90:dc:84:13:09:28:
                    02:23:a2:dd:c3:66:67:02:1e:7c:1f:51:a5:84:67:
                    f7:39:84:73:0e:aa:b2:cd:66:9f:5a:7e:f3:b3:86:
                    c9:e1:96:b1:c8:d0:42:a9:a8:bc:21:25:5b:57:52:
                    b3:41:aa:ca:ce:f5:1b:c5:46:97:cf:48:5e:83:3a:
                    2d:a3:7a:3e:b3:2a:ec:31:5b:bd:40:3f:23:be:19:
                    ee:39:42:37:c4:29:c6:0e:b0:f9:54:84:16:64:d7:
                    40:ef:39:de:dc:a0:f5:04:fa:7f:c0:b5:71:18:43:
                    57:1a:54:63:ec:2c:b4:0f:2c:e3:61:73:39:4c:1c:
                    92:21:21:cb:a3:f3:bc:ce:7a:e3:10:ba:a1:5a:12:
                    30:ed:8e:20:7d:5b:1e:d9:33:6e:3d:29:ed:84:81:
                    4e:8d:0a:3e:f2:c4:37:fa:1f:b4:2a:3f:ba:3c:93:
                    c4:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:D4:95:FA:AC:A5:85:9C:D6:E5:8E:8D:5C:46:F6:9F:6D:CD:F1:D0
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.18.0/24
                  89.19.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:54:58:04:9a:99:01:c5:f6:a5:56:d2:c0:86:03:ae:92:6f:
         5f:e8:69:9f:e7:80:93:2d:0b:05:59:29:b5:a9:5e:f6:9f:79:
         50:cd:d0:12:9b:88:95:16:e8:84:28:25:7c:cf:1e:99:7e:e2:
         a2:44:da:07:bc:69:d7:a8:57:30:85:95:79:1f:84:c8:dc:ca:
         b6:04:0a:de:b5:8b:4f:b3:76:07:10:b9:46:2c:cb:b4:b7:13:
         75:61:4b:c4:51:17:c8:ad:95:db:ab:0b:1a:c9:84:14:19:67:
         4d:1b:5d:3d:42:d9:18:b1:44:e0:3c:aa:d6:5a:4e:7f:92:04:
         bb:de:b6:6e:17:8c:ad:41:39:18:a0:e3:3f:ca:30:08:8f:eb:
         32:fd:69:59:84:fd:ab:ce:68:e3:ba:0d:1c:c7:64:72:c2:1d:
         ef:13:df:45:2d:aa:22:82:f1:6c:17:b6:f0:92:69:5f:6f:e4:
         bb:a3:3c:70:a7:20:ae:b4:60:32:47:d4:35:52:f0:ad:75:3e:
         c1:94:95:41:a7:d6:5b:0c:4b:7b:8d:29:30:a4:f9:49:39:0a:
         ca:64:30:07:0c:5d:3c:81:bf:7c:c1:59:07:58:5c:0b:f4:70:
         c9:82:e6:3b:12:d2:b9:2d:38:8d:89:d7:22:c6:9c:5b:06:ff:
         af:4c:fa:7c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUPyKsjG/krCjU/lNvpkU1iNJCiYowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MTIwMDAwMjVaFw0yNjA5MTEwMDA1MjVaMDMxMTAvBgNV
BAMTKDAxRDQ5NUZBQUNBNTg1OUNENkU1OEU4RDVDNDZGNjlGNkRDREYxRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgCshBqxAubbc3G8nYWRfgddVd
1c/G+OAZpS+cdUyNxFEsqML9VYbM5w+45gqhHwm7OWKfcK8WoqsM7i0HullZ6yqe
pGggDPFEwc6YfDt7fQoGi5DchBMJKAIjot3DZmcCHnwfUaWEZ/c5hHMOqrLNZp9a
fvOzhsnhlrHI0EKpqLwhJVtXUrNBqsrO9RvFRpfPSF6DOi2jej6zKuwxW71APyO+
Ge45QjfEKcYOsPlUhBZk10DvOd7coPUE+n/AtXEYQ1caVGPsLLQPLONhczlMHJIh
Icuj87zOeuMQuqFaEjDtjiB9Wx7ZM249Ke2EgU6NCj7yxDf6H7QqP7o8k8RnAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUAdSV+qylhZzW5Y6NXEb2n23N8dAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAACORID
BABZEywwDQYJKoZIhvcNAQELBQADggEBAF1UWASamQHF9qVW0sCGA66Sb1/oaZ/n
gJMtCwVZKbWpXvafeVDN0BKbiJUW6IQoJXzPHpl+4qJE2ge8adeoVzCFlXkfhMjc
yrYECt61i0+zdgcQuUYsy7S3E3VhS8RRF8itldurCxrJhBQZZ00bXT1C2RixROA8
qtZaTn+SBLvetm4XjK1BORig4z/KMAiP6zL9aVmE/avOaOO6DRzHZHLCHe8T30Ut
qiKC8WwXtvCSaV9v5LujPHCnIK60YDJH1DVS8K11PsGUlUGn1lsMS3uNKTCk+Uk5
CspkMAcMXTyBv3zBWQdYXAv0cMmC5jsS0rktOI2J1yLGnFsG/69M+nw=
-----END CERTIFICATE-----