Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          kCkGihcmf/aUyPywhovfx3nGFC+fj53OPAEZJaOdVcc=
Subject key identifier:   E0:CD:CB:F5:8D:D0:A4:7D:45:DF:2E:20:29:D7:04:1A:30:6F:8C:9A
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       53EAE9A59E2CA0A0FEACD9584D3C6EDDC9468D03
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16509.roa
Signing time:             Wed 06 Aug 2025 21:22:38 +0000
ROA not before:           Wed 06 Aug 2025 21:17:38 +0000
ROA not after:            Wed 05 Aug 2026 21:22:38 +0000
asID:                     16509
IP address blocks:        45.155.17.0/24 maxlen: 24
                          193.164.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:ea:e9:a5:9e:2c:a0:a0:fe:ac:d9:58:4d:3c:6e:dd:c9:46:8d:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug  6 21:17:38 2025 GMT
            Not After : Aug  5 21:22:38 2026 GMT
        Subject: CN=E0CDCBF58DD0A47D45DF2E2029D7041A306F8C9A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:41:32:9d:ee:41:b3:b4:aa:02:3e:00:80:e6:
                    a1:3e:84:d9:26:d1:d7:e6:62:3b:99:e2:08:2b:3c:
                    c1:59:b9:d5:de:a4:fc:41:2b:58:9e:d7:64:05:35:
                    0f:5f:a2:0f:0e:be:89:f7:d2:a7:f0:cc:e7:eb:e4:
                    36:76:8d:d4:56:d2:94:51:38:f3:63:b0:a9:11:4d:
                    03:be:e7:fa:f8:fb:39:b8:60:c2:e0:19:9e:fb:84:
                    c5:56:41:52:ad:1f:78:0e:cc:a5:32:60:dd:d2:26:
                    64:ac:04:40:97:d8:fe:c4:70:37:35:5e:dd:e6:a5:
                    9f:9f:a3:96:d9:49:84:4e:2d:70:20:53:59:07:b9:
                    7b:c0:17:9b:55:ba:e7:6a:c9:98:dc:35:43:28:e0:
                    72:19:cb:f4:e5:53:04:89:00:b2:58:c7:2f:81:84:
                    f6:bc:f7:04:11:ce:80:6d:3a:48:6b:f8:a0:63:de:
                    5f:14:d2:6d:4b:d7:9f:24:e1:56:0a:fb:fe:ba:60:
                    8f:43:4e:1c:60:93:bc:10:a7:5a:00:9c:3f:97:66:
                    17:90:e2:5d:b0:f2:7b:ce:cc:14:b2:03:64:f8:3f:
                    55:34:14:e0:0b:90:c9:6f:14:ef:e7:30:b1:22:83:
                    27:b3:4d:82:3c:d6:12:ef:04:c2:2e:fe:d5:1a:ee:
                    63:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:CD:CB:F5:8D:D0:A4:7D:45:DF:2E:20:29:D7:04:1A:30:6F:8C:9A
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.17.0/24
                  193.164.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:dd:e1:7c:57:f9:06:4d:79:53:4f:91:30:63:d4:45:f9:f0:
         75:9c:ec:94:bb:35:91:75:f1:4e:40:0c:12:33:29:c3:ac:a6:
         6b:5e:ab:73:24:2d:7b:76:a7:8c:7b:98:ad:da:40:20:b1:c9:
         74:2e:56:8b:af:33:9b:e8:8f:48:6a:15:b4:ae:97:74:d8:d8:
         8a:5d:8f:37:d1:83:32:08:75:2b:a2:c8:f1:67:13:6d:e1:30:
         fa:4c:0d:e9:7f:c1:8d:8b:6b:35:da:6a:8a:8f:c5:dc:29:8e:
         4f:bb:20:53:e4:b1:33:81:5e:c2:01:7a:df:82:80:07:0e:b9:
         98:d8:4b:aa:7b:0d:70:2c:3a:83:2c:64:56:39:62:a2:c5:19:
         39:e9:2a:fb:c3:f7:32:86:a2:55:d2:2e:c9:b8:63:9f:84:83:
         ef:1b:19:fb:b1:3a:ec:76:a2:22:17:2c:15:7c:05:d7:1b:36:
         b0:e9:6b:e0:75:f5:9e:b0:d4:02:a4:bc:b6:a6:20:a8:fd:59:
         98:e9:85:dc:03:3b:3e:52:97:3b:16:36:01:e9:24:ca:1d:25:
         cb:d6:74:c5:10:95:df:16:2e:33:fd:35:16:fd:45:b6:af:e1:
         70:6a:25:01:19:38:9d:12:2b:12:12:27:b1:73:da:f0:67:d0:
         13:46:f0:64
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUU+rppZ4soKD+rNlYTTxu3clGjQMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA4MDYyMTE3MzhaFw0yNjA4MDUyMTIyMzhaMDMxMTAvBgNV
BAMTKEUwQ0RDQkY1OEREMEE0N0Q0NURGMkUyMDI5RDcwNDFBMzA2RjhDOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQQTKd7kGztKoCPgCA5qE+hNkm
0dfmYjuZ4ggrPMFZudXepPxBK1ie12QFNQ9fog8Ovon30qfwzOfr5DZ2jdRW0pRR
OPNjsKkRTQO+5/r4+zm4YMLgGZ77hMVWQVKtH3gOzKUyYN3SJmSsBECX2P7EcDc1
Xt3mpZ+fo5bZSYROLXAgU1kHuXvAF5tVuudqyZjcNUMo4HIZy/TlUwSJALJYxy+B
hPa89wQRzoBtOkhr+KBj3l8U0m1L158k4VYK+/66YI9DThxgk7wQp1oAnD+XZheQ
4l2w8nvOzBSyA2T4P1U0FOALkMlvFO/nMLEigyezTYI81hLvBMIu/tUa7mNZAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU4M3L9Y3QpH1F3y4gKdcEGjBvjJowHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtmxED
BADBpAowDQYJKoZIhvcNAQELBQADggEBAEfd4XxX+QZNeVNPkTBj1EX58HWc7JS7
NZF18U5ADBIzKcOspmteq3MkLXt2p4x7mK3aQCCxyXQuVouvM5voj0hqFbSul3TY
2IpdjzfRgzIIdSuiyPFnE23hMPpMDel/wY2LazXaaoqPxdwpjk+7IFPksTOBXsIB
et+CgAcOuZjYS6p7DXAsOoMsZFY5YqLFGTnpKvvD9zKGolXSLsm4Y5+Eg+8bGfux
Oux2oiIXLBV8BdcbNrDpa+B19Z6w1AKkvLamIKj9WZjphdwDOz5SlzsWNgHpJMod
JcvWdMUQld8WLjP9NRb9Rbav4XBqJQEZOJ0SKxISJ7Fz2vBn0BNG8GQ=
-----END CERTIFICATE-----