Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS7018.roa
File:                     AS7018.roa (raw, json)
Hash identifier:          c6ev6sRempBehOBB40Tk4p79IJyqQIMw+jcmUW6mQBg=
Subject key identifier:   38:37:49:65:A3:35:F4:26:0A:0E:22:9E:81:C9:7A:26:0D:43:67:91
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       471F7697F9855F1775E3AB0A0B9C1A23C1B1E5E8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS7018.roa
Signing time:             Tue 12 Sep 2023 13:30:07 +0000
ROA not before:           Tue 12 Sep 2023 13:25:07 +0000
ROA not after:            Tue 10 Sep 2024 13:30:07 +0000
asID:                     7018
IP address blocks:        181.214.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:1f:76:97:f9:85:5f:17:75:e3:ab:0a:0b:9c:1a:23:c1:b1:e5:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 12 13:25:07 2023 GMT
            Not After : Sep 10 13:30:07 2024 GMT
        Subject: CN=38374965A335F4260A0E229E81C97A260D436791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:29:4b:01:1f:59:9a:43:2d:5e:43:9b:c3:c1:
                    3b:b9:8a:ef:9c:73:5d:84:87:fb:68:b1:10:03:3d:
                    29:d5:38:bd:72:ce:02:b0:b8:df:4d:a1:a7:a1:3d:
                    d2:a1:37:ff:ac:cf:b7:51:cb:f7:c1:e0:86:b5:83:
                    7b:c3:19:21:1a:6b:f6:18:03:01:7f:0a:24:4b:06:
                    0c:da:4e:f3:92:c4:46:d4:7d:23:77:11:0b:41:19:
                    2e:92:80:d1:d2:25:77:50:f6:a6:c6:37:63:5b:1e:
                    ab:b7:fa:51:01:5b:0a:c5:e7:16:53:59:a7:ee:20:
                    5e:f1:2b:b4:57:f9:de:b6:4d:59:15:72:a1:44:c0:
                    0d:ea:7d:29:be:4a:44:ba:60:89:ec:aa:72:ad:03:
                    49:5d:48:1f:52:85:60:71:45:f1:a5:6b:0f:85:5b:
                    f7:53:f2:6a:e1:ed:ef:ba:62:47:b2:13:66:30:53:
                    f8:81:97:da:e9:3c:48:3e:1f:ec:c1:7b:a7:3a:39:
                    fd:44:fd:41:10:66:96:ec:98:e0:5c:46:74:6e:9f:
                    f6:72:62:15:de:cb:a9:b5:9f:3c:d8:f1:9b:5d:6b:
                    b9:d0:87:8b:e3:36:84:a8:40:30:56:6f:df:b6:ed:
                    89:c8:53:53:36:23:b1:15:2f:09:9d:d5:7d:aa:27:
                    2c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:37:49:65:A3:35:F4:26:0A:0E:22:9E:81:C9:7A:26:0D:43:67:91
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS7018.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:42:f3:12:3b:2f:81:1b:f8:52:bb:e0:35:f6:41:1c:58:d0:
         ed:3b:57:44:20:b3:ee:af:6e:35:15:8c:d9:79:2d:80:7c:b1:
         5f:26:da:03:60:06:87:33:00:08:2a:b4:fe:68:51:28:45:8b:
         8a:e7:8a:e7:b9:4d:86:31:5f:3e:48:df:5d:8b:dd:90:c0:12:
         57:a0:98:6f:bb:fa:44:84:e2:df:89:37:53:d2:19:c9:25:d2:
         77:73:09:23:8c:96:52:bd:ad:eb:a5:92:16:e4:7d:91:06:63:
         85:c1:1f:1d:4e:7d:47:e1:7a:b7:cc:77:6c:9a:15:61:23:4c:
         86:cc:0e:a5:ad:5e:e1:8f:bb:ae:bb:47:68:ce:d6:6e:8a:77:
         5b:c2:7e:39:e4:11:95:d5:da:50:bb:a6:69:13:78:6e:9b:8e:
         a9:46:9e:ab:8e:c7:1e:a5:84:17:fd:53:cd:bf:0f:6f:1b:a3:
         c0:db:74:57:e1:0f:e1:5e:ab:a9:e5:f9:91:7f:bb:39:88:76:
         85:70:76:68:34:ae:d1:95:c1:b2:97:cc:c4:b8:ca:47:f8:87:
         52:88:7f:2b:32:09:89:27:ae:3c:f0:eb:34:c7:7b:c9:79:b5:
         04:f3:89:c8:4a:02:3b:9e:c1:5e:44:a7:30:15:7b:44:b0:c8:
         6d:d9:72:97
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIURx92l/mFXxd146sKC5waI8Gx5egwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA5MTIxMzI1MDdaFw0yNDA5MTAxMzMwMDdaMDMxMTAvBgNV
BAMTKDM4Mzc0OTY1QTMzNUY0MjYwQTBFMjI5RTgxQzk3QTI2MEQ0MzY3OTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUKUsBH1maQy1eQ5vDwTu5iu+c
c12Eh/tosRADPSnVOL1yzgKwuN9NoaehPdKhN/+sz7dRy/fB4Ia1g3vDGSEaa/YY
AwF/CiRLBgzaTvOSxEbUfSN3EQtBGS6SgNHSJXdQ9qbGN2NbHqu3+lEBWwrF5xZT
WafuIF7xK7RX+d62TVkVcqFEwA3qfSm+SkS6YInsqnKtA0ldSB9ShWBxRfGlaw+F
W/dT8mrh7e+6YkeyE2YwU/iBl9rpPEg+H+zBe6c6Of1E/UEQZpbsmOBcRnRun/Zy
YhXey6m1nzzY8Ztda7nQh4vjNoSoQDBWb9+27YnIU1M2I7EVLwmd1X2qJywZAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUODdJZaM19CYKDiKegcl6Jg1DZ5EwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNzAxOC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALXWSTAN
BgkqhkiG9w0BAQsFAAOCAQEAa0LzEjsvgRv4UrvgNfZBHFjQ7TtXRCCz7q9uNRWM
2XktgHyxXybaA2AGhzMACCq0/mhRKEWLiueK57lNhjFfPkjfXYvdkMASV6CYb7v6
RITi34k3U9IZySXSd3MJI4yWUr2t66WSFuR9kQZjhcEfHU59R+F6t8x3bJoVYSNM
hswOpa1e4Y+7rrtHaM7Wbop3W8J+OeQRldXaULumaRN4bpuOqUaeq47HHqWEF/1T
zb8PbxujwNt0V+EP4V6rqeX5kX+7OYh2hXB2aDSu0ZXBspfMxLjKR/iHUoh/KzIJ
iSeuPPDrNMd7yXm1BPOJyEoCO57BXkSnMBV7RLDIbdlylw==
-----END CERTIFICATE-----