Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS7018.roa
File:                     AS7018.roa (raw, json)
Hash identifier:          xMliSS/8dikACByzWM8fT3SoytJSXnX7gcMsRhph1Tk=
Subject key identifier:   4A:D2:CB:34:1D:94:E8:D6:17:F2:0F:BB:75:2A:FF:B1:03:FB:DA:68
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2F9D12598D65A71CD0A7EF9AEFED8F4F3B1770F7
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS7018.roa
Signing time:             Sun 14 Apr 2024 08:05:44 +0000
ROA not before:           Sun 14 Apr 2024 08:00:44 +0000
ROA not after:            Sun 13 Apr 2025 08:05:44 +0000
asID:                     7018
IP address blocks:        45.151.45.0/24 maxlen: 24
                          45.155.19.0/24 maxlen: 24
                          147.78.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:9d:12:59:8d:65:a7:1c:d0:a7:ef:9a:ef:ed:8f:4f:3b:17:70:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr 14 08:00:44 2024 GMT
            Not After : Apr 13 08:05:44 2025 GMT
        Subject: CN=4AD2CB341D94E8D617F20FBB752AFFB103FBDA68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:81:e7:43:f1:a8:79:22:ad:e0:52:e6:fe:11:
                    e7:72:67:62:a3:8c:a5:04:f9:94:10:66:e2:3c:78:
                    c6:6b:49:45:f4:d7:3e:21:2c:1f:4b:f4:77:42:c5:
                    68:a4:91:0b:8b:1a:0e:6a:10:ec:a6:a0:60:82:4c:
                    75:c4:ac:23:6f:c6:c6:5b:99:18:c6:49:86:46:75:
                    c9:4b:78:c5:70:87:6b:1c:05:18:9c:38:15:f7:56:
                    54:6c:e3:04:d9:52:96:fb:ba:95:89:8a:36:23:03:
                    c6:f0:3c:16:6e:9a:0e:42:4c:73:ee:75:05:65:e5:
                    5a:23:87:a8:75:b2:fe:b3:a1:89:ed:cb:15:be:8d:
                    55:fa:b8:18:e9:86:37:db:6d:2c:cf:28:07:d9:33:
                    a3:86:a8:e9:b2:b3:f5:b4:36:15:c0:76:95:dd:6f:
                    ad:7f:50:48:4a:6e:62:14:6f:2e:f4:a7:78:8a:c0:
                    f7:fb:22:91:94:a8:8f:68:72:97:f9:1e:be:94:8c:
                    d7:dd:f4:0b:c5:52:2d:6a:f6:d7:3d:b9:fc:ca:72:
                    69:a3:2f:e7:d1:21:34:6f:99:4f:83:79:dc:41:d6:
                    fe:90:8f:c9:9f:3b:f2:2c:8a:b1:31:4b:cb:c4:fe:
                    dd:66:8d:ec:05:af:56:b2:7e:07:b6:5b:f8:19:6a:
                    c7:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:D2:CB:34:1D:94:E8:D6:17:F2:0F:BB:75:2A:FF:B1:03:FB:DA:68
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS7018.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.45.0/24
                  45.155.19.0/24
                  147.78.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:97:42:ca:cc:0b:7f:71:27:ac:c1:2d:d6:c3:47:6b:32:bc:
         3f:c7:4f:a9:62:f9:66:bd:f9:02:2b:52:1b:97:1f:18:2f:bd:
         58:b9:d4:ad:8f:29:f1:4e:cd:d0:fd:8e:09:29:73:61:07:69:
         c4:9b:5f:3c:e2:f4:ac:66:46:05:a8:ae:58:01:86:40:5c:07:
         aa:86:cf:9c:74:2c:e9:c6:dd:70:90:42:ab:57:28:61:ff:29:
         61:87:59:be:67:a2:e6:bd:ed:1a:0e:8d:87:6f:5b:da:57:d7:
         97:65:a1:83:df:fd:68:e3:c1:b1:5a:09:1b:f1:63:02:fc:6d:
         94:95:cd:05:14:b4:6f:98:1b:20:14:06:e5:e5:a0:ca:51:51:
         a0:63:9a:18:ca:32:15:62:5a:d3:06:38:64:91:ec:cf:5a:19:
         0d:4f:e7:03:6e:d4:be:37:eb:65:9f:63:a9:77:90:76:e3:f5:
         bf:cc:25:af:2f:1e:d2:f9:af:4d:84:d2:f5:d6:02:e1:76:bc:
         45:10:a2:75:a2:cf:1f:e8:24:43:da:1a:79:be:1b:dd:5c:95:
         85:fc:0c:84:2e:cf:1c:8f:a0:ac:2a:46:47:8a:8e:a5:64:0a:
         b1:5c:67:3b:fb:67:a4:e5:37:ee:b1:e9:e7:cd:4b:c3:91:44:
         78:dc:c0:b7
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUL50SWY1lpxzQp++a7+2PTzsXcPcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA0MTQwODAwNDRaFw0yNTA0MTMwODA1NDRaMDMxMTAvBgNV
BAMTKDRBRDJDQjM0MUQ5NEU4RDYxN0YyMEZCQjc1MkFGRkIxMDNGQkRBNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPgedD8ah5Iq3gUub+EedyZ2Kj
jKUE+ZQQZuI8eMZrSUX01z4hLB9L9HdCxWikkQuLGg5qEOymoGCCTHXErCNvxsZb
mRjGSYZGdclLeMVwh2scBRicOBX3VlRs4wTZUpb7upWJijYjA8bwPBZumg5CTHPu
dQVl5Vojh6h1sv6zoYntyxW+jVX6uBjphjfbbSzPKAfZM6OGqOmys/W0NhXAdpXd
b61/UEhKbmIUby70p3iKwPf7IpGUqI9ocpf5Hr6UjNfd9AvFUi1q9tc9ufzKcmmj
L+fRITRvmU+DedxB1v6Qj8mfO/IsirExS8vE/t1mjewFr1ayfge2W/gZasflAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUStLLNB2U6NYX8g+7dSr/sQP72mgwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNzAxOC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAC2XLQME
AC2bEwMEAJNOezANBgkqhkiG9w0BAQsFAAOCAQEAcZdCyswLf3EnrMEt1sNHazK8
P8dPqWL5Zr35AitSG5cfGC+9WLnUrY8p8U7N0P2OCSlzYQdpxJtfPOL0rGZGBaiu
WAGGQFwHqobPnHQs6cbdcJBCq1coYf8pYYdZvmei5r3tGg6Nh29b2lfXl2Whg9/9
aOPBsVoJG/FjAvxtlJXNBRS0b5gbIBQG5eWgylFRoGOaGMoyFWJa0wY4ZJHsz1oZ
DU/nA27UvjfrZZ9jqXeQduP1v8wlry8e0vmvTYTS9dYC4Xa8RRCidaLPH+gkQ9oa
eb4b3VyVhfwMhC7PHI+grCpGR4qOpWQKsVxnO/tnpOU37rHp581Lw5FEeNzAtw==
-----END CERTIFICATE-----