Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS14618.roa
File:                     AS14618.roa (raw, json)
Hash identifier:          rkqXnOi8N+hPNnBYtCBG9o4PVA/cKrQdOd8fpop7p7A=
Subject key identifier:   FF:90:53:22:B7:3A:9E:93:10:23:CF:27:48:3C:5F:DA:DD:4A:D0:7B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2FBEB6E6C10887F40B792CDA79D5F28B999D95D8
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS14618.roa
Signing time:             Thu 16 Jul 2026 16:00:44 +0000
ROA not before:           Thu 16 Jul 2026 15:55:44 +0000
ROA not after:            Thu 15 Jul 2027 16:00:44 +0000
asID:                     14618
IP address blocks:        82.21.0.0/24 maxlen: 24
                          82.24.76.0/24 maxlen: 24
                          82.26.154.0/24 maxlen: 24
                          82.26.201.0/24 maxlen: 24
                          82.29.0.0/24 maxlen: 24
                          82.29.2.0/24 maxlen: 24
                          82.29.3.0/24 maxlen: 24
                          82.29.4.0/24 maxlen: 24
                          82.29.44.0/24 maxlen: 24
                          82.29.102.0/24 maxlen: 24
                          82.29.104.0/24 maxlen: 24
                          82.29.105.0/24 maxlen: 24
                          82.41.98.0/24 maxlen: 24
                          82.41.168.0/24 maxlen: 24
                          82.41.200.0/24 maxlen: 24
                          82.47.64.0/19 maxlen: 24
                          84.75.18.0/24 maxlen: 24
                          84.75.19.0/24 maxlen: 24
                          84.75.34.0/24 maxlen: 24
                          84.75.36.0/24 maxlen: 24
                          84.75.37.0/24 maxlen: 24
                          84.75.38.0/24 maxlen: 24
                          84.75.41.0/24 maxlen: 24
                          84.75.42.0/24 maxlen: 24
                          84.75.48.0/24 maxlen: 24
                          84.75.50.0/24 maxlen: 24
                          84.75.51.0/24 maxlen: 24
                          84.75.52.0/24 maxlen: 24
                          84.75.53.0/24 maxlen: 24
                          84.75.55.0/24 maxlen: 24
                          84.75.61.0/24 maxlen: 24
                          84.75.62.0/24 maxlen: 24
                          84.75.63.0/24 maxlen: 24
                          84.75.64.0/24 maxlen: 24
                          84.75.65.0/24 maxlen: 24
                          84.75.67.0/24 maxlen: 24
                          84.75.68.0/24 maxlen: 24
                          84.75.69.0/24 maxlen: 24
                          84.75.70.0/24 maxlen: 24
                          84.75.96.0/19 maxlen: 24
                          2a13:9500:126::/48 maxlen: 48
                          2a13:9500:127::/48 maxlen: 48
                          2a13:9500:13a::/48 maxlen: 48
                          2a13:9500:157::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 16:14:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:be:b6:e6:c1:08:87:f4:0b:79:2c:da:79:d5:f2:8b:99:9d:95:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 16 15:55:44 2026 GMT
            Not After : Jul 15 16:00:44 2027 GMT
        Subject: CN=FF905322B73A9E931023CF27483C5FDADD4AD07B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:79:86:11:96:82:18:04:97:58:19:eb:73:a4:
                    67:68:37:d2:17:36:80:8a:c5:13:6e:08:26:f4:be:
                    33:1d:7d:c6:8e:3e:a8:d0:be:a8:07:fd:7b:d4:e5:
                    1b:0a:a8:60:02:af:9b:45:eb:c1:a9:43:f2:95:0d:
                    bd:c0:f4:43:de:ce:b2:a3:eb:10:9b:5a:8d:34:5b:
                    45:8f:d0:91:12:f0:ae:f4:30:ec:0f:34:6a:17:6b:
                    fb:41:a9:7d:ba:f0:ef:73:a1:be:ba:c5:92:e1:f6:
                    91:64:4a:0f:04:f6:46:c6:bc:3c:8e:5b:43:03:6f:
                    a3:9a:8c:9b:87:7a:b5:e4:35:21:f2:47:c3:fc:05:
                    4e:63:65:a3:a8:70:8c:fd:72:c0:a4:8c:89:8b:42:
                    19:a2:23:0d:e4:26:e4:d9:0f:94:c8:ce:b9:99:7b:
                    14:cc:06:e3:da:2b:be:03:e1:2e:f7:dc:d2:57:4e:
                    bc:d3:1f:39:3b:a5:04:17:53:5f:f2:9d:b3:f0:c2:
                    af:5e:50:64:4b:a0:2d:49:e8:97:bb:11:97:23:b3:
                    1b:b0:84:47:63:f5:27:ed:84:65:68:6b:55:c3:3b:
                    99:55:d5:f3:a7:eb:28:90:a2:73:52:90:ff:86:b8:
                    0a:ea:30:b5:09:dd:82:ca:61:4c:f0:9e:70:e1:8f:
                    b2:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:90:53:22:B7:3A:9E:93:10:23:CF:27:48:3C:5F:DA:DD:4A:D0:7B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS14618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.0.0/24
                  82.24.76.0/24
                  82.26.154.0/24
                  82.26.201.0/24
                  82.29.0.0/24
                  82.29.2.0-82.29.4.255
                  82.29.44.0/24
                  82.29.102.0/24
                  82.29.104.0/23
                  82.41.98.0/24
                  82.41.168.0/24
                  82.41.200.0/24
                  82.47.64.0/19
                  84.75.18.0/23
                  84.75.34.0/24
                  84.75.36.0-84.75.38.255
                  84.75.41.0-84.75.42.255
                  84.75.48.0/24
                  84.75.50.0-84.75.53.255
                  84.75.55.0/24
                  84.75.61.0-84.75.65.255
                  84.75.67.0-84.75.70.255
                  84.75.96.0/19
                IPv6:
                  2a13:9500:126::/47
                  2a13:9500:13a::/48
                  2a13:9500:157::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:7a:97:08:19:37:3f:90:3e:02:5b:ad:8b:ab:6f:16:26:7d:
         ce:dc:ba:f8:e6:6f:ef:ec:0e:0e:62:88:b4:f5:b7:e1:4d:e2:
         2a:89:7a:4c:0e:d0:79:97:2f:89:31:f2:42:a3:ef:18:3e:d4:
         5a:0e:a1:d3:ed:56:63:b9:8e:79:ea:c1:3c:fd:14:65:a6:3f:
         74:6d:f1:a5:5f:08:84:26:53:c0:86:ea:5f:e5:05:c0:91:c8:
         86:fb:47:15:b2:41:5a:f2:5f:7b:43:60:44:d7:a6:16:56:17:
         b2:fd:cd:35:41:97:a0:28:83:e8:b9:7f:42:52:38:6a:09:97:
         2f:a4:db:18:43:ff:b2:25:e6:71:c6:3d:35:85:86:80:fa:65:
         96:7d:7e:cb:31:9b:e2:87:b5:67:f0:ee:c6:c3:c9:e1:30:e4:
         91:64:64:c5:0d:a1:08:53:e7:6e:06:3a:55:a3:f6:86:ac:92:
         f3:9a:b7:fa:a9:87:6e:83:a2:ff:05:0e:81:23:3b:1c:7a:7a:
         7e:7e:b6:89:24:ad:21:a4:e8:d9:94:07:7f:80:27:fa:ec:eb:
         6c:be:b5:4d:35:94:bd:23:3c:37:8a:55:05:5e:1d:7a:84:90:
         5c:46:74:66:b5:11:f4:36:51:a4:88:5a:e6:2e:f4:63:ca:ed:
         d9:57:76:e7
-----BEGIN CERTIFICATE-----
MIIF2zCCBMOgAwIBAgIUL7625sEIh/QLeSzaedXyi5mdldgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA3MTYxNTU1NDRaFw0yNzA3MTUxNjAwNDRaMDMxMTAvBgNV
BAMTKEZGOTA1MzIyQjczQTlFOTMxMDIzQ0YyNzQ4M0M1RkRBREQ0QUQwN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCueYYRloIYBJdYGetzpGdoN9IX
NoCKxRNuCCb0vjMdfcaOPqjQvqgH/XvU5RsKqGACr5tF68GpQ/KVDb3A9EPezrKj
6xCbWo00W0WP0JES8K70MOwPNGoXa/tBqX268O9zob66xZLh9pFkSg8E9kbGvDyO
W0MDb6OajJuHerXkNSHyR8P8BU5jZaOocIz9csCkjImLQhmiIw3kJuTZD5TIzrmZ
exTMBuPaK74D4S733NJXTrzTHzk7pQQXU1/ynbPwwq9eUGRLoC1J6Je7EZcjsxuw
hEdj9SfthGVoa1XDO5lV1fOn6yiQonNSkP+GuArqMLUJ3YLKYUzwnnDhj7ItAgMB
AAGjggLlMIIC4TAdBgNVHQ4EFgQU/5BTIrc6npMQI88nSDxf2t1K0HswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTQ2MTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgfoGCCsGAQUFBwEHAQH/BIHqMIHnMIHBBAIAATCBugME
AFIVAAMEAFIYTAMEAFIamgMEAFIayQMEAFIdADAMAwQBUh0CAwQAUh0EAwQAUh0s
AwQAUh1mAwQBUh1oAwQAUiliAwQAUimoAwQAUinIAwQFUi9AAwQBVEsSAwQAVEsi
MAwDBAJUSyQDBABUSyYwDAMEAFRLKQMEAFRLKgMEAFRLMDAMAwQBVEsyAwQBVEs0
AwQAVEs3MAwDBABUSz0DBAFUS0AwDAMEAFRLQwMEAFRLRgMEBVRLYDAhBAIAAjAb
AwcBKhOVAAEmAwcAKhOVAAE6AwcAKhOVAAFXMA0GCSqGSIb3DQEBCwUAA4IBAQAb
epcIGTc/kD4CW62Lq28WJn3O3Lr45m/v7A4OYoi09bfhTeIqiXpMDtB5ly+JMfJC
o+8YPtRaDqHT7VZjuY556sE8/RRlpj90bfGlXwiEJlPAhupf5QXAkciG+0cVskFa
8l97Q2BE16YWVhey/c01QZegKIPouX9CUjhqCZcvpNsYQ/+yJeZxxj01hYaA+mWW
fX7LMZvih7Vn8O7Gw8nhMOSRZGTFDaEIU+duBjpVo/aGrJLzmrf6qYdug6L/BQ6B
Izscenp+fraJJK0hpOjZlAd/gCf67OtsvrVNNZS9Izw3ilUFXh16hJBcRnRmtRH0
NlGkiFrmLvRjyu3ZV3bn
-----END CERTIFICATE-----
Generated at Fri Jul 17 23:07:05 2026 by rpki-client