Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS18340.roa
File:                     AS18340.roa (raw, json)
Hash identifier:          xZ875YLSHFC3cPFWDBSmc3jpjROmcdXXJvZfPtv9di4=
Subject key identifier:   EE:4C:BE:97:BE:F8:97:F6:59:7A:20:6D:B3:4B:9A:CE:B8:60:5C:47
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6C95BBC64E9E3DC2A7ABB531068CE46623013768
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS18340.roa
Signing time:             Thu 21 May 2026 15:14:59 +0000
ROA not before:           Thu 21 May 2026 15:09:59 +0000
ROA not after:            Thu 20 May 2027 15:14:59 +0000
asID:                     18340
IP address blocks:        168.222.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:95:bb:c6:4e:9e:3d:c2:a7:ab:b5:31:06:8c:e4:66:23:01:37:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 21 15:09:59 2026 GMT
            Not After : May 20 15:14:59 2027 GMT
        Subject: CN=EE4CBE97BEF897F6597A206DB34B9ACEB8605C47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2b:15:b5:93:c6:ab:7c:9e:52:dd:7c:40:a8:
                    dd:94:89:be:3a:0a:a2:36:b8:83:52:0c:23:b4:6b:
                    15:37:f4:9e:d9:56:2a:ad:e4:a0:a0:0d:4a:58:d2:
                    47:9a:d6:70:66:f4:78:19:55:d1:12:84:1a:9c:b1:
                    6e:c1:1b:2f:bf:82:4d:a4:e5:be:02:fb:f4:6b:3e:
                    33:c1:ea:02:8a:c9:f7:80:5e:75:ed:6f:03:76:ba:
                    54:3c:11:90:cb:61:a5:c5:28:4a:17:4e:64:ef:2b:
                    11:11:55:d0:1d:0e:eb:30:d7:66:b6:28:cd:bf:6e:
                    5a:bb:26:9a:45:c7:8f:2a:16:ad:c2:4c:95:71:24:
                    e5:57:b3:f7:b4:ed:d7:fe:23:37:be:dc:64:a2:1c:
                    f6:90:d9:0c:d5:60:97:b6:ff:96:09:bb:b0:52:e2:
                    a1:5b:b4:aa:0e:07:39:a8:22:12:13:37:26:e2:c4:
                    dd:6b:81:5a:7d:52:13:32:cf:a8:b3:18:75:55:b5:
                    ec:ac:12:a2:35:ae:13:27:ee:47:cd:84:31:f7:d4:
                    59:65:4f:8d:e1:ff:76:6b:f8:c9:97:9a:54:56:29:
                    d0:97:58:75:e5:03:c3:59:78:0a:4a:bd:2c:41:7b:
                    82:e9:27:9a:cb:7b:cd:0a:24:95:92:f4:96:c9:67:
                    11:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:4C:BE:97:BE:F8:97:F6:59:7A:20:6D:B3:4B:9A:CE:B8:60:5C:47
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS18340.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.222.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:49:b8:4d:c3:57:3a:7a:88:fa:13:91:22:a5:0a:19:82:0b:
         c8:b5:11:21:59:1e:19:15:41:12:03:c3:55:ac:5c:79:b2:93:
         c5:d3:aa:69:d7:32:03:49:56:52:16:d8:df:fd:e9:25:97:d6:
         ca:ac:89:07:9d:56:eb:2e:e5:b5:bb:75:92:b3:29:a4:16:38:
         0d:c6:17:a2:cd:11:30:d5:bc:b2:15:a0:72:f4:c6:41:46:4b:
         5b:5e:c2:8e:05:04:ed:75:0c:03:bd:d5:36:81:5f:c4:f4:7c:
         af:21:a8:32:33:cc:b7:f8:31:73:08:44:4f:44:26:c6:6b:e6:
         82:4b:cf:3a:59:6a:a7:b7:5b:48:03:ce:27:ee:6b:57:d5:a6:
         26:ba:55:32:5a:7c:2c:9d:55:4e:d2:3f:f8:a3:7e:29:da:e1:
         4f:90:bd:c8:73:1f:46:f0:d7:39:b8:47:c0:77:37:73:85:bc:
         69:20:a3:50:eb:48:c0:22:e8:1b:3b:48:1a:14:5b:df:bd:5c:
         ae:78:ca:75:44:82:85:4c:64:2f:a8:5b:ce:a2:8d:b3:18:5f:
         45:a5:1d:71:99:cf:60:21:df:1e:c9:42:f0:88:68:bf:5d:f5:
         cf:d7:90:fb:cd:d8:e2:a9:2d:f8:a6:67:aa:7e:ab:1b:d4:d2:
         c5:0f:35:f3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUbJW7xk6ePcKnq7UxBozkZiMBN2gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjExNTA5NTlaFw0yNzA1MjAxNTE0NTlaMDMxMTAvBgNV
BAMTKEVFNENCRTk3QkVGODk3RjY1OTdBMjA2REIzNEI5QUNFQjg2MDVDNDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzKxW1k8arfJ5S3XxAqN2Uib46
CqI2uINSDCO0axU39J7ZViqt5KCgDUpY0kea1nBm9HgZVdEShBqcsW7BGy+/gk2k
5b4C+/RrPjPB6gKKyfeAXnXtbwN2ulQ8EZDLYaXFKEoXTmTvKxERVdAdDusw12a2
KM2/blq7JppFx48qFq3CTJVxJOVXs/e07df+Ize+3GSiHPaQ2QzVYJe2/5YJu7BS
4qFbtKoOBzmoIhITNybixN1rgVp9UhMyz6izGHVVteysEqI1rhMn7kfNhDH31Fll
T43h/3Zr+MmXmlRWKdCXWHXlA8NZeApKvSxBe4LpJ5rLe80KJJWS9JbJZxE3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU7ky+l774l/ZZeiBts0uazrhgXEcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTgzNDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACo3hEw
DQYJKoZIhvcNAQELBQADggEBALdJuE3DVzp6iPoTkSKlChmCC8i1ESFZHhkVQRID
w1WsXHmyk8XTqmnXMgNJVlIW2N/96SWX1sqsiQedVusu5bW7dZKzKaQWOA3GF6LN
ETDVvLIVoHL0xkFGS1tewo4FBO11DAO91TaBX8T0fK8hqDIzzLf4MXMIRE9EJsZr
5oJLzzpZaqe3W0gDzifua1fVpia6VTJafCydVU7SP/ijfina4U+QvchzH0bw1zm4
R8B3N3OFvGkgo1DrSMAi6Bs7SBoUW9+9XK54ynVEgoVMZC+oW86ijbMYX0WlHXGZ
z2Ah3x7JQvCIaL9d9c/XkPvN2OKpLfimZ6p+qxvU0sUPNfM=
-----END CERTIFICATE-----