Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
File:                     AS16276.roa (raw, json)
Hash identifier:          MCYdJO2vLCvND47ZU++6PSbnWZn8lBMMiXFjPZAVO1c=
Subject key identifier:   EE:32:03:25:08:A5:F9:4A:DB:CA:BD:C8:17:A0:C9:09:9F:D2:AC:6F
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       19A5027274783F9F1DE95117CC29723661049351
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa
Signing time:             Mon 04 Aug 2025 12:40:06 +0000
ROA not before:           Mon 04 Aug 2025 12:35:06 +0000
ROA not after:            Mon 03 Aug 2026 12:40:06 +0000
asID:                     16276
IP address blocks:        45.149.185.0/24 maxlen: 24
                          193.111.117.0/24 maxlen: 24
                          193.142.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:a5:02:72:74:78:3f:9f:1d:e9:51:17:cc:29:72:36:61:04:93:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug  4 12:35:06 2025 GMT
            Not After : Aug  3 12:40:06 2026 GMT
        Subject: CN=EE32032508A5F94ADBCABDC817A0C9099FD2AC6F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c2:80:69:67:e6:4a:b4:e4:68:5d:74:58:cf:
                    7f:70:54:04:5a:19:f5:c7:70:94:98:57:fa:00:61:
                    0b:6f:08:48:74:2c:34:71:57:1c:14:ae:80:ec:06:
                    9e:84:40:fd:9b:25:11:92:8c:c9:f9:f9:f7:3f:be:
                    21:fa:0b:5f:63:63:3e:39:42:b9:20:fc:90:07:0c:
                    b4:74:e5:00:79:72:89:7e:36:c7:b4:9e:0a:c3:81:
                    f1:8b:26:93:5e:55:f1:7d:ab:19:eb:c6:f7:10:1d:
                    08:c4:ef:d5:64:03:4b:20:4b:10:2f:d5:73:74:c7:
                    1e:a4:b8:4c:42:a6:c0:82:4b:d6:22:a8:43:80:10:
                    7d:fa:ec:e1:98:a8:d1:87:32:ef:c3:9c:c6:b7:34:
                    be:ef:d6:84:58:a2:3c:74:a5:e2:74:3c:96:75:81:
                    ea:dd:22:0e:5d:44:0e:39:f7:b5:ef:e0:51:8b:4b:
                    1e:f3:bf:c4:22:75:94:9a:90:de:e0:5f:ed:64:c3:
                    e5:a7:c2:d8:40:06:e7:75:db:af:cc:60:88:8e:f9:
                    6f:e5:aa:d1:1a:2b:ba:85:4e:6a:f5:7f:54:a8:de:
                    f3:fe:ab:39:b6:6a:fe:41:c5:41:09:01:4a:6f:88:
                    e8:d6:e3:f0:ad:3d:11:1f:32:0b:f5:a0:a5:24:c0:
                    ef:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:32:03:25:08:A5:F9:4A:DB:CA:BD:C8:17:A0:C9:09:9F:D2:AC:6F
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.185.0/24
                  193.111.117.0/24
                  193.142.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:06:c5:9f:1f:2f:f8:30:22:0e:ff:fa:f8:2e:39:4a:40:db:
         0c:ee:1c:9e:dd:25:fc:97:36:eb:08:a8:8d:8b:7a:37:3d:22:
         68:ac:22:57:79:21:39:46:9e:62:f6:54:3c:a7:9b:dd:e1:b8:
         6e:c0:53:65:50:d2:22:fc:1d:3e:cc:25:af:08:6e:0c:f0:aa:
         5d:37:66:28:09:b3:a9:0f:20:00:c1:f6:08:77:16:a8:9c:c1:
         e7:58:9e:fe:4b:14:81:c5:4b:d1:31:6c:54:42:f3:8d:48:69:
         35:72:2b:41:c6:19:76:9a:e8:18:82:57:0d:3d:fa:b0:53:a0:
         04:b3:92:f6:c2:2d:01:18:a0:51:9b:09:cb:3b:8b:33:4d:a1:
         c5:7b:7c:8b:9c:da:9c:93:82:cc:45:f1:b9:98:0b:15:8c:8b:
         f9:c6:00:dd:7a:72:24:43:36:43:75:d5:f2:2f:1e:01:f7:97:
         10:49:2c:1d:9b:65:7c:13:48:e5:d5:7d:d8:e2:a8:a5:92:f5:
         2a:72:e8:49:32:37:a4:1d:04:7d:0e:40:e1:0a:a8:2e:9a:f8:
         fa:3c:95:6e:e2:18:0d:83:47:af:6b:eb:d4:53:d8:0a:9a:a2:
         d0:88:e6:bb:e6:47:d9:dd:04:ea:1d:05:2e:ff:b2:04:83:21:
         4f:36:fc:ac
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUGaUCcnR4P58d6VEXzClyNmEEk1EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA4MDQxMjM1MDZaFw0yNjA4MDMxMjQwMDZaMDMxMTAvBgNV
BAMTKEVFMzIwMzI1MDhBNUY5NEFEQkNBQkRDODE3QTBDOTA5OUZEMkFDNkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9woBpZ+ZKtORoXXRYz39wVARa
GfXHcJSYV/oAYQtvCEh0LDRxVxwUroDsBp6EQP2bJRGSjMn5+fc/viH6C19jYz45
Qrkg/JAHDLR05QB5col+Nse0ngrDgfGLJpNeVfF9qxnrxvcQHQjE79VkA0sgSxAv
1XN0xx6kuExCpsCCS9YiqEOAEH367OGYqNGHMu/DnMa3NL7v1oRYojx0peJ0PJZ1
gerdIg5dRA4597Xv4FGLSx7zv8QidZSakN7gX+1kw+WnwthABud126/MYIiO+W/l
qtEaK7qFTmr1f1So3vP+qzm2av5BxUEJAUpviOjW4/CtPREfMgv1oKUkwO8XAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU7jIDJQil+Urbyr3IF6DJCZ/SrG8wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTYyNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAAtlbkD
BADBb3UDBADBjhIwDQYJKoZIhvcNAQELBQADggEBAK4GxZ8fL/gwIg7/+vguOUpA
2wzuHJ7dJfyXNusIqI2Lejc9ImisIld5ITlGnmL2VDynm93huG7AU2VQ0iL8HT7M
Ja8Ibgzwql03ZigJs6kPIADB9gh3FqicwedYnv5LFIHFS9ExbFRC841IaTVyK0HG
GXaa6BiCVw09+rBToASzkvbCLQEYoFGbCcs7izNNocV7fIuc2pyTgsxF8bmYCxWM
i/nGAN16ciRDNkN11fIvHgH3lxBJLB2bZXwTSOXVfdjiqKWS9Spy6EkyN6QdBH0O
QOEKqC6a+Po8lW7iGA2DR69r69RT2AqaotCI5rvmR9ndBOodBS7/sgSDIU82/Kw=
-----END CERTIFICATE-----