Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS14618.roa
File:                     AS14618.roa (raw, json)
Hash identifier:          qZc1aGE/E46w8JWN65yPKZduZ9n24O8LWf6oxxcrqLk=
Subject key identifier:   AC:77:B5:74:80:EB:3F:07:A7:43:DC:37:22:30:3E:AB:F2:6E:46:21
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1DAC6303C9D2C687F94396560BA43D470EE41576
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS14618.roa
Signing time:             Sat 31 May 2025 00:00:13 +0000
ROA not before:           Fri 30 May 2025 23:55:13 +0000
ROA not after:            Sat 30 May 2026 00:00:13 +0000
asID:                     14618
IP address blocks:        45.155.17.0/24 maxlen: 24
                          193.164.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Jun 2025 22:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:ac:63:03:c9:d2:c6:87:f9:43:96:56:0b:a4:3d:47:0e:e4:15:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: May 30 23:55:13 2025 GMT
            Not After : May 30 00:00:13 2026 GMT
        Subject: CN=AC77B57480EB3F07A743DC3722303EABF26E4621
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e5:ce:6f:57:11:cc:7c:6f:7d:0a:48:b8:3d:
                    4e:ff:0b:44:b2:24:52:5c:7c:5b:23:cc:8e:f5:b8:
                    7d:59:df:7c:ba:cf:a3:29:0f:b2:d9:a7:47:05:e5:
                    0f:81:eb:57:db:45:76:e6:b6:14:52:18:b3:63:56:
                    c3:f8:0d:9a:bb:bc:3c:7c:74:38:ee:c9:d4:23:63:
                    2c:c9:e4:a7:96:c1:c2:83:da:5e:ba:90:04:d2:7c:
                    78:9f:ab:03:b8:8f:16:d6:af:2a:d5:a8:c1:76:e5:
                    f0:1a:1a:ac:9c:de:dc:fd:a2:07:8f:73:08:cd:69:
                    4c:06:55:28:19:46:df:b4:a5:5e:83:cd:bf:9f:80:
                    4a:e1:f8:1c:78:0e:15:69:f5:7c:23:f0:b8:00:b8:
                    92:d5:77:9c:f6:52:b3:11:55:ec:d6:fc:2b:a4:a8:
                    d6:ff:e2:e8:6f:34:ab:68:a6:ee:b1:89:00:9f:c8:
                    37:9e:41:e1:44:e2:bd:32:7a:0e:43:6b:ba:e7:00:
                    e3:62:be:0d:8a:76:c4:e1:92:75:97:d5:1f:7c:84:
                    92:aa:d7:2e:88:bf:39:bb:0a:0b:2b:b5:18:57:09:
                    83:2a:0b:61:f0:30:81:50:0e:6a:95:c3:84:aa:0a:
                    a0:74:b1:35:9c:3b:af:2c:ff:50:f4:17:f8:b2:30:
                    e1:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:77:B5:74:80:EB:3F:07:A7:43:DC:37:22:30:3E:AB:F2:6E:46:21
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS14618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.17.0/24
                  193.164.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:3f:50:69:d5:0c:6d:77:b2:a6:31:60:60:0e:d4:e3:d5:b0:
         6d:54:77:86:26:76:a2:4f:01:d2:26:05:f4:79:f5:ed:e6:36:
         f2:34:a7:28:15:f3:c5:86:a8:0a:3c:b5:3a:46:9d:61:34:21:
         06:d7:06:28:44:8d:b3:a7:ba:c6:f6:15:fe:b3:b8:37:08:8a:
         72:b5:9c:ef:b5:3c:00:4c:29:2b:92:50:b5:82:48:9c:b9:a1:
         09:b8:82:f1:37:93:61:1b:6f:98:35:8e:c1:56:47:4c:6d:00:
         87:b2:a1:1a:12:22:79:6c:b8:15:47:38:7e:55:c7:1b:7c:67:
         ab:d5:3a:69:3d:90:f6:fd:2e:17:91:16:54:d6:29:e0:23:50:
         ab:3e:f8:c1:8f:1f:28:41:34:9d:a9:00:ba:06:6d:c3:48:42:
         37:d0:a3:34:5d:d5:dc:39:5e:30:42:31:5f:62:e9:61:0b:ff:
         78:bd:7d:09:45:60:59:6c:8a:82:8e:bc:52:bf:a0:37:1d:ea:
         37:6f:90:7c:cb:40:36:97:c4:03:87:00:4a:81:8d:a3:ec:bc:
         8d:66:6d:7b:1a:a2:50:94:e3:c2:4c:15:c1:2a:7f:b0:f7:c7:
         cc:45:07:9e:4b:fb:2b:6d:75:78:57:b2:29:5a:b0:2b:2c:8c:
         8d:4b:ef:95
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUHaxjA8nSxof5Q5ZWC6Q9Rw7kFXYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA1MzAyMzU1MTNaFw0yNjA1MzAwMDAwMTNaMDMxMTAvBgNV
BAMTKEFDNzdCNTc0ODBFQjNGMDdBNzQzREMzNzIyMzAzRUFCRjI2RTQ2MjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv5c5vVxHMfG99Cki4PU7/C0Sy
JFJcfFsjzI71uH1Z33y6z6MpD7LZp0cF5Q+B61fbRXbmthRSGLNjVsP4DZq7vDx8
dDjuydQjYyzJ5KeWwcKD2l66kATSfHifqwO4jxbWryrVqMF25fAaGqyc3tz9ogeP
cwjNaUwGVSgZRt+0pV6Dzb+fgErh+Bx4DhVp9Xwj8LgAuJLVd5z2UrMRVezW/Cuk
qNb/4uhvNKtopu6xiQCfyDeeQeFE4r0yeg5Da7rnAONivg2KdsThknWX1R98hJKq
1y6Ivzm7CgsrtRhXCYMqC2HwMIFQDmqVw4SqCqB0sTWcO68s/1D0F/iyMOHVAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUrHe1dIDrPwenQ9w3IjA+q/JuRiEwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTQ2MTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtmxED
BADBpAowDQYJKoZIhvcNAQELBQADggEBAFs/UGnVDG13sqYxYGAO1OPVsG1Ud4Ym
dqJPAdImBfR59e3mNvI0pygV88WGqAo8tTpGnWE0IQbXBihEjbOnusb2Ff6zuDcI
inK1nO+1PABMKSuSULWCSJy5oQm4gvE3k2Ebb5g1jsFWR0xtAIeyoRoSInlsuBVH
OH5Vxxt8Z6vVOmk9kPb9LheRFlTWKeAjUKs++MGPHyhBNJ2pALoGbcNIQjfQozRd
1dw5XjBCMV9i6WEL/3i9fQlFYFlsioKOvFK/oDcd6jdvkHzLQDaXxAOHAEqBjaPs
vI1mbXsaolCU48JMFcEqf7D3x8xFB55L+yttdXhXsilasCssjI1L75U=
-----END CERTIFICATE-----