Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          R8IkF0lWR9lhVeX2YquilA/NLy1QRwU/6mXSdwRb5Ug=
Subject key identifier:   63:D5:26:E5:C7:32:6B:0C:2A:10:2E:19:9B:F1:08:54:0C:4C:84:6D
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1C1AEF3A63E5A18157485C868DC3FB00BE966F14
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS16509.roa
Signing time:             Fri 26 Sep 2025 03:49:48 +0000
ROA not before:           Fri 26 Sep 2025 03:44:48 +0000
ROA not after:            Fri 25 Sep 2026 03:49:48 +0000
asID:                     16509
IP address blocks:        143.20.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:1a:ef:3a:63:e5:a1:81:57:48:5c:86:8d:c3:fb:00:be:96:6f:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 26 03:44:48 2025 GMT
            Not After : Sep 25 03:49:48 2026 GMT
        Subject: CN=63D526E5C7326B0C2A102E199BF108540C4C846D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:62:35:dd:aa:bd:17:07:1f:95:76:24:d5:95:
                    f1:88:29:a3:ab:59:fe:97:57:2f:51:5b:88:45:3c:
                    78:0c:54:12:36:d9:c2:04:e0:5c:20:9b:9d:66:c8:
                    3a:b8:ff:50:44:01:2e:13:9e:6e:90:97:e0:bd:e3:
                    18:24:fa:49:ca:10:4d:36:07:48:3b:94:96:9d:ea:
                    09:82:da:1d:14:cb:d7:10:2b:ea:a7:5b:ff:f6:bd:
                    03:61:78:ac:19:51:89:60:f3:f7:e0:ea:27:4f:70:
                    41:b1:fa:9a:8c:df:6e:7a:56:83:14:a0:71:ef:b0:
                    5a:72:bc:e4:dc:e6:ce:54:65:49:cd:f3:99:a9:fe:
                    e1:2a:96:c2:80:68:ce:fc:f2:00:74:0a:48:d2:ea:
                    54:c2:6d:24:9b:28:b2:4d:00:28:ce:86:9e:a6:5f:
                    4a:ae:2a:52:64:ae:cb:a0:39:ad:94:2e:38:39:33:
                    bf:1d:71:e3:64:76:bd:8d:02:a7:05:7c:06:ca:8c:
                    1a:71:4b:1b:4e:ff:88:bb:dd:02:96:78:0f:e3:3e:
                    27:c4:ab:81:62:77:fe:18:33:f2:69:d9:a4:fc:19:
                    0b:2f:43:51:18:3b:24:94:64:70:d2:c5:51:39:ff:
                    1b:79:74:88:0d:53:06:e8:9a:d5:18:af:04:3e:5b:
                    eb:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:D5:26:E5:C7:32:6B:0C:2A:10:2E:19:9B:F1:08:54:0C:4C:84:6D
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:43:e1:91:e9:75:c8:1b:34:73:5b:c1:03:b1:3e:b6:ca:dd:
         df:11:41:eb:38:a1:7f:dc:59:d2:96:ec:18:87:c4:61:49:a8:
         93:1c:60:29:0f:ca:b4:69:e2:2c:5f:8f:0a:74:40:dc:4f:d9:
         67:14:67:24:a8:a2:48:af:30:81:5b:af:ef:3c:5d:44:08:89:
         f7:2a:c7:06:12:05:1d:19:83:1e:e5:30:2c:4c:40:4f:b2:10:
         e3:2d:c5:92:92:cc:82:8e:33:6c:7f:bf:53:2b:d7:26:4e:5b:
         ec:80:56:5b:c3:89:ae:0f:51:35:67:58:97:b2:7a:19:a4:4a:
         5f:9b:fc:c1:f1:7c:82:4c:72:88:4e:35:62:50:dd:31:e6:a3:
         f8:58:c6:48:d6:88:15:81:fb:6b:e7:5c:ce:bb:db:39:bf:9e:
         0c:2d:19:36:61:78:4e:58:8b:56:5e:14:4d:f9:c0:97:60:4b:
         5f:42:2c:99:77:68:ed:15:14:8b:4d:b0:01:a2:d4:70:c4:06:
         27:4c:f6:5d:ba:00:02:60:fb:d8:73:d8:ce:cf:c7:02:4f:e3:
         da:c4:36:ef:0b:bb:1e:c3:a5:c2:7a:5a:71:76:76:1f:72:92:
         74:11:ed:1f:56:62:2b:cc:06:a7:a6:14:d5:29:24:fa:43:39:
         b5:35:9c:c3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUHBrvOmPloYFXSFyGjcP7AL6WbxQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MjYwMzQ0NDhaFw0yNjA5MjUwMzQ5NDhaMDMxMTAvBgNV
BAMTKDYzRDUyNkU1QzczMjZCMEMyQTEwMkUxOTlCRjEwODU0MEM0Qzg0NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4YjXdqr0XBx+VdiTVlfGIKaOr
Wf6XVy9RW4hFPHgMVBI22cIE4Fwgm51myDq4/1BEAS4Tnm6Ql+C94xgk+knKEE02
B0g7lJad6gmC2h0Uy9cQK+qnW//2vQNheKwZUYlg8/fg6idPcEGx+pqM3256VoMU
oHHvsFpyvOTc5s5UZUnN85mp/uEqlsKAaM788gB0CkjS6lTCbSSbKLJNACjOhp6m
X0quKlJkrsugOa2ULjg5M78dceNkdr2NAqcFfAbKjBpxSxtO/4i73QKWeA/jPifE
q4Fid/4YM/Jp2aT8GQsvQ1EYOySUZHDSxVE5/xt5dIgNUwbomtUYrwQ+W+sNAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUY9Um5ccyawwqEC4Zm/EIVAxMhG0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFK4w
DQYJKoZIhvcNAQELBQADggEBAAZD4ZHpdcgbNHNbwQOxPrbK3d8RQes4oX/cWdKW
7BiHxGFJqJMcYCkPyrRp4ixfjwp0QNxP2WcUZySookivMIFbr+88XUQIifcqxwYS
BR0Zgx7lMCxMQE+yEOMtxZKSzIKOM2x/v1Mr1yZOW+yAVlvDia4PUTVnWJeyehmk
Sl+b/MHxfIJMcohONWJQ3THmo/hYxkjWiBWB+2vnXM672zm/ngwtGTZheE5Yi1Ze
FE35wJdgS19CLJl3aO0VFItNsAGi1HDEBidM9l26AAJg+9hz2M7PxwJP49rENu8L
ux7DpcJ6WnF2dh9yknQR7R9WYivMBqemFNUpJPpDObU1nMM=
-----END CERTIFICATE-----