Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS14618.roa
File:                     AS14618.roa (raw, json)
Hash identifier:          glo+088BASu9dn6K6EbBJROUX9dN/NPgxCKkjrIFumU=
Subject key identifier:   0D:91:6F:C1:B2:DD:73:0F:90:44:1B:99:6B:39:84:CB:B0:17:21:54
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       7C36E0EECAED356D6D081942D2412225C1676E23
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS14618.roa
Signing time:             Thu 23 May 2024 16:49:14 +0000
ROA not before:           Thu 23 May 2024 16:44:14 +0000
ROA not after:            Thu 22 May 2025 16:49:14 +0000
asID:                     14618
IP address blocks:        2a0f:85c1:3a9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:36:e0:ee:ca:ed:35:6d:6d:08:19:42:d2:41:22:25:c1:67:6e:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:14 2024 GMT
            Not After : May 22 16:49:14 2025 GMT
        Subject: CN=0D916FC1B2DD730F90441B996B3984CBB0172154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:06:0b:e8:55:83:04:fe:3d:44:44:a2:e1:3d:
                    7f:66:a4:72:6b:e8:d4:af:c8:77:d9:ee:79:bf:9a:
                    f3:d1:da:cb:fd:89:67:bc:4b:1a:39:6b:83:ef:ba:
                    0d:29:d0:a3:c6:80:8a:6b:02:64:89:6c:5a:3a:bb:
                    77:d7:ca:45:71:8b:9b:eb:1a:87:49:56:2b:58:50:
                    b7:a7:bf:47:53:6f:b3:c7:ad:a1:f3:57:03:4e:d2:
                    f4:35:31:50:03:bd:1e:bb:4c:a3:19:30:a0:b0:f7:
                    07:8d:94:a2:f4:80:fd:b0:07:0f:82:49:25:b4:81:
                    56:0d:c9:66:ad:15:e5:80:8f:02:0f:c6:9c:ae:2a:
                    46:c3:fa:9f:91:1b:95:d1:97:93:84:9e:dd:c5:80:
                    81:f9:ca:74:d3:2d:e2:67:e3:23:51:8a:14:c8:db:
                    b2:15:6d:e6:9e:a8:69:51:1f:d0:b0:ae:ed:49:3f:
                    c2:05:f6:26:07:b2:ba:62:ac:f0:1e:ee:67:08:c7:
                    c3:15:19:43:3f:78:ba:94:a8:19:d7:af:66:46:e3:
                    2e:ff:d2:40:02:3c:23:01:73:69:76:ea:1c:21:bc:
                    84:2d:18:50:c2:f1:5a:f0:87:9d:aa:ae:1e:d0:fd:
                    c9:18:9e:11:1b:41:a0:e1:85:b1:62:15:0b:0b:8f:
                    bd:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:91:6F:C1:B2:DD:73:0F:90:44:1B:99:6B:39:84:CB:B0:17:21:54
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS14618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3a9::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:be:96:e5:20:02:7f:f0:ff:a7:6e:b5:65:13:50:4b:d8:78:
         01:54:b7:de:13:38:0f:34:d6:bf:08:20:c7:fc:31:f4:40:d4:
         9b:17:bb:eb:ff:0c:fd:1e:c0:c5:76:9e:e9:58:b4:90:1e:4e:
         99:5f:ae:10:ff:41:be:4b:23:37:a2:83:f3:92:90:c5:79:1a:
         12:65:45:94:d7:8d:a0:42:7c:34:35:ba:cf:31:40:44:54:6b:
         d7:b9:10:7e:7b:5d:09:06:ec:6e:53:2c:99:9b:e6:ae:b5:35:
         9f:e7:a7:f7:3f:54:5a:e2:08:e3:b4:46:3a:d3:1e:ae:55:8c:
         ce:38:c3:72:6a:32:33:da:f0:3c:65:1c:2b:be:39:db:99:bf:
         3e:28:57:8b:e7:77:45:55:ad:ab:ea:86:37:35:1e:1e:a7:89:
         af:e4:79:0e:6b:38:50:38:5c:4f:5a:e7:b3:08:e3:c1:62:81:
         38:71:2a:89:57:b7:48:de:5f:a1:3d:85:5a:86:85:6e:71:59:
         e0:fc:b6:47:32:42:07:28:f1:d8:4c:6e:af:62:16:d6:d5:5c:
         c2:81:2b:17:5c:e3:e9:97:2f:2d:2e:4d:0a:18:de:9a:65:18:
         b5:d6:7e:76:57:bc:66:33:8a:94:c9:3d:39:65:bd:ba:c9:df:
         a9:0d:4c:d8
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUfDbg7srtNW1tCBlC0kEiJcFnbiMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTRaFw0yNTA1MjIxNjQ5MTRaMDMxMTAvBgNV
BAMTKDBEOTE2RkMxQjJERDczMEY5MDQ0MUI5OTZCMzk4NENCQjAxNzIxNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4BgvoVYME/j1ERKLhPX9mpHJr
6NSvyHfZ7nm/mvPR2sv9iWe8Sxo5a4Pvug0p0KPGgIprAmSJbFo6u3fXykVxi5vr
GodJVitYULenv0dTb7PHraHzVwNO0vQ1MVADvR67TKMZMKCw9weNlKL0gP2wBw+C
SSW0gVYNyWatFeWAjwIPxpyuKkbD+p+RG5XRl5OEnt3FgIH5ynTTLeJn4yNRihTI
27IVbeaeqGlRH9Cwru1JP8IF9iYHsrpirPAe7mcIx8MVGUM/eLqUqBnXr2ZG4y7/
0kACPCMBc2l26hwhvIQtGFDC8Vrwh52qrh7Q/ckYnhEbQaDhhbFiFQsLj723AgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUDZFvwbLdcw+QRBuZazmEy7AXIVQwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMTQ2MTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqD4XB
A6kwDQYJKoZIhvcNAQELBQADggEBAIa+luUgAn/w/6dutWUTUEvYeAFUt94TOA80
1r8IIMf8MfRA1JsXu+v/DP0ewMV2nulYtJAeTplfrhD/Qb5LIzeig/OSkMV5GhJl
RZTXjaBCfDQ1us8xQERUa9e5EH57XQkG7G5TLJmb5q61NZ/np/c/VFriCOO0RjrT
Hq5VjM44w3JqMjPa8DxlHCu+OduZvz4oV4vnd0VVravqhjc1Hh6nia/keQ5rOFA4
XE9a57MI48FigThxKolXt0jeX6E9hVqGhW5xWeD8tkcyQgco8dhMbq9iFtbVXMKB
Kxdc4+mXLy0uTQoY3pplGLXWfnZXvGYzipTJPTllvbrJ36kNTNg=
-----END CERTIFICATE-----