Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS7018.roa
File:                     AS7018.roa (raw, json)
Hash identifier:          9BTyv+KB93oUes7fD3t8IKIvr6LjAY9bvOEppAPbHsM=
Subject key identifier:   FF:1A:60:39:60:BC:AF:D8:67:0B:7F:39:DC:73:58:C8:24:44:10:9B
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       05FE7B2512799D9105197F070955582121809120
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS7018.roa
Signing time:             Wed 26 Jun 2024 00:01:57 +0000
ROA not before:           Tue 25 Jun 2024 23:56:57 +0000
ROA not after:            Wed 25 Jun 2025 00:01:57 +0000
asID:                     7018
IP address blocks:        45.155.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:fe:7b:25:12:79:9d:91:05:19:7f:07:09:55:58:21:21:80:91:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 25 23:56:57 2024 GMT
            Not After : Jun 25 00:01:57 2025 GMT
        Subject: CN=FF1A603960BCAFD8670B7F39DC7358C82444109B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b8:4b:6a:a4:06:44:11:db:68:0f:3b:bc:6a:
                    a1:7d:5f:dd:0b:17:7a:f3:b5:ec:20:19:99:be:43:
                    dd:0d:73:42:db:74:2e:68:3e:34:d3:eb:a8:99:53:
                    cb:8f:88:3b:65:42:ee:15:6d:21:c3:c3:6e:36:ac:
                    df:29:96:9a:75:52:2c:e0:49:11:56:82:51:b6:33:
                    ac:2a:f4:a0:a6:34:34:c0:0c:99:67:f0:13:1d:49:
                    da:04:64:22:f7:c1:68:78:0b:35:59:97:bb:04:5a:
                    d4:fc:42:30:7d:82:76:f9:ef:73:93:89:b2:03:ef:
                    bd:ed:7a:aa:f7:e2:94:d2:7e:b3:b3:c3:f0:05:e5:
                    fc:0a:5b:91:3f:9a:f5:99:c1:3c:a8:3b:30:54:bf:
                    f9:8e:71:9e:7b:fc:94:e6:7c:ed:5c:c7:7f:14:38:
                    f9:e6:de:c1:a4:37:25:93:41:76:29:0b:00:32:e8:
                    06:7d:ac:c1:01:9b:1a:7f:c0:4e:c8:ff:85:71:64:
                    4c:be:46:58:8c:dd:4d:17:23:a2:a6:da:3a:73:7e:
                    cb:ce:44:5e:4c:ce:d2:d2:1f:c9:7b:96:c7:66:eb:
                    68:2e:f2:94:5c:15:ec:29:42:3f:11:64:9f:8e:a9:
                    fb:c8:70:38:9d:d7:52:71:4a:df:91:b7:a1:74:40:
                    cb:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:1A:60:39:60:BC:AF:D8:67:0B:7F:39:DC:73:58:C8:24:44:10:9B
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS7018.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:3e:eb:98:8f:ca:de:08:12:d6:c6:5e:31:b0:5b:d6:6b:5b:
         84:fe:13:c7:9a:a8:97:e8:4e:6f:8b:5b:e6:4f:9a:ef:c6:5c:
         61:6f:5c:d6:ad:cb:6a:7c:f0:71:9e:12:3f:2c:1c:4d:30:c8:
         de:c3:da:ff:39:20:65:6e:99:fb:0a:6a:40:e1:44:a6:b6:da:
         5a:56:7a:72:ac:a0:dc:ba:52:c9:78:3e:d9:6c:4a:34:57:6f:
         77:b3:62:b3:7a:35:b9:0e:80:6c:3d:d9:e6:ea:32:1b:a0:e5:
         f9:10:f2:4f:2f:12:ed:03:9f:c5:4e:ea:03:6a:e3:79:1f:f4:
         a7:2d:ba:28:8a:01:da:31:cf:ba:ed:5e:75:10:41:52:15:44:
         1c:dc:09:ef:5a:de:2e:fa:89:7a:8b:8e:67:c1:e0:f6:c2:48:
         61:3f:56:83:04:91:91:f4:ae:94:f2:4d:df:a4:e9:44:da:04:
         d7:25:04:b0:31:38:3e:c3:69:2d:59:98:43:aa:20:cb:84:b3:
         66:7e:3a:5a:a0:10:67:33:8e:0e:04:a8:4e:75:42:99:b3:86:
         8c:ec:98:4d:df:e7:a2:13:51:51:4c:b8:c6:af:df:a6:8b:bf:
         0a:cb:f5:d9:56:a6:ed:85:9f:c1:96:2e:1c:15:a2:4a:2a:e9:
         c7:67:8e:79
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUBf57JRJ5nZEFGX8HCVVYISGAkSAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA2MjUyMzU2NTdaFw0yNTA2MjUwMDAxNTdaMDMxMTAvBgNV
BAMTKEZGMUE2MDM5NjBCQ0FGRDg2NzBCN0YzOURDNzM1OEM4MjQ0NDEwOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxuEtqpAZEEdtoDzu8aqF9X90L
F3rztewgGZm+Q90Nc0LbdC5oPjTT66iZU8uPiDtlQu4VbSHDw242rN8plpp1Uizg
SRFWglG2M6wq9KCmNDTADJln8BMdSdoEZCL3wWh4CzVZl7sEWtT8QjB9gnb573OT
ibID773teqr34pTSfrOzw/AF5fwKW5E/mvWZwTyoOzBUv/mOcZ57/JTmfO1cx38U
OPnm3sGkNyWTQXYpCwAy6AZ9rMEBmxp/wE7I/4VxZEy+RliM3U0XI6Km2jpzfsvO
RF5MztLSH8l7lsdm62gu8pRcFewpQj8RZJ+OqfvIcDid11JxSt+Rt6F0QMuVAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU/xpgOWC8r9hnC3853HNYyCREEJswHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNzAxOC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2bEzAN
BgkqhkiG9w0BAQsFAAOCAQEArz7rmI/K3ggS1sZeMbBb1mtbhP4Tx5qol+hOb4tb
5k+a78ZcYW9c1q3LanzwcZ4SPywcTTDI3sPa/zkgZW6Z+wpqQOFEprbaWlZ6cqyg
3LpSyXg+2WxKNFdvd7Nis3o1uQ6AbD3Z5uoyG6Dl+RDyTy8S7QOfxU7qA2rjeR/0
py26KIoB2jHPuu1edRBBUhVEHNwJ71reLvqJeouOZ8Hg9sJIYT9WgwSRkfSulPJN
36TpRNoE1yUEsDE4PsNpLVmYQ6ogy4SzZn46WqAQZzOODgSoTnVCmbOGjOyYTd/n
ohNRUUy4xq/fpou/Csv12Vam7YWfwZYuHBWiSirpx2eOeQ==
-----END CERTIFICATE-----