Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS14618.roa
File:                     AS14618.roa (raw, json)
Hash identifier:          93Fd2ccgMnl6wp8DB7M48EHoflwxqviKcbBidL8kzwM=
Subject key identifier:   37:E8:1D:31:D4:ED:94:50:B5:13:56:D6:B8:3C:15:A7:AA:69:10:9D
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       51627AFE2BA89D3EAB1EFBA90882E4BC57837BF8
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS14618.roa
Signing time:             Fri 23 Aug 2024 08:01:22 +0000
ROA not before:           Fri 23 Aug 2024 07:56:22 +0000
ROA not after:            Fri 22 Aug 2025 08:01:22 +0000
asID:                     14618
IP address blocks:        2a0f:85c1:3a9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:62:7a:fe:2b:a8:9d:3e:ab:1e:fb:a9:08:82:e4:bc:57:83:7b:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:22 2024 GMT
            Not After : Aug 22 08:01:22 2025 GMT
        Subject: CN=37E81D31D4ED9450B51356D6B83C15A7AA69109D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:de:4e:4a:ae:f9:7f:65:f6:29:6a:c9:f2:c0:
                    94:4a:5a:09:df:e3:82:02:61:0d:ae:5c:9f:a8:8c:
                    75:c3:6e:ad:0b:bd:b7:b9:18:ce:d5:d1:16:e9:00:
                    a8:c2:0b:6f:4b:71:72:1a:da:be:24:20:2b:b7:df:
                    bb:38:b8:53:88:ef:c4:7d:ea:c7:8e:90:e2:d1:8b:
                    4c:82:0e:f7:c4:9f:fe:20:47:24:b4:46:b7:e5:c8:
                    ce:08:3b:c9:96:4c:0e:99:ba:e8:6b:d4:72:27:c7:
                    7c:39:24:50:8d:47:fd:f9:be:dd:42:ad:f0:32:8f:
                    6c:62:ae:9c:6a:6d:6f:7c:93:86:bc:22:d2:71:a9:
                    d4:e4:65:a1:ba:a3:ce:e1:a1:b5:81:87:c6:36:fd:
                    ef:58:c7:0a:12:37:c8:75:4c:ee:bd:ed:c3:b9:ac:
                    95:f1:da:06:02:58:97:78:52:f3:60:28:3f:4d:14:
                    58:bb:0f:66:c2:6a:9e:ae:1b:e4:f8:bd:47:61:65:
                    ea:c5:06:e9:d4:e8:a1:8e:41:1d:eb:e1:bc:35:8b:
                    1c:c0:ce:81:b3:58:22:ee:70:4c:da:a2:4c:20:46:
                    ac:ef:70:22:6a:51:78:24:27:d4:ab:b9:5f:5b:cc:
                    b2:5e:36:20:a0:92:90:c7:c9:cd:e2:88:4b:aa:73:
                    be:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:E8:1D:31:D4:ED:94:50:B5:13:56:D6:B8:3C:15:A7:AA:69:10:9D
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS14618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3a9::/48

    Signature Algorithm: sha256WithRSAEncryption
         c2:d1:71:bb:3c:71:f2:a2:82:a8:44:d7:da:8f:b4:98:05:5b:
         eb:a9:2c:16:ee:d7:0c:f2:e3:f3:90:5d:e9:04:ea:1b:f8:53:
         27:03:d1:ca:68:95:7a:9f:49:4a:f8:21:46:99:f2:0b:00:9d:
         19:bd:18:53:73:7f:f2:55:99:b5:1d:9d:97:a5:cf:12:b8:ad:
         01:1b:77:d3:32:8e:67:a7:f4:06:ad:8b:46:f2:cc:b5:bf:70:
         16:a1:88:6e:1d:0e:d5:94:18:11:fb:47:1f:67:44:08:7e:49:
         b4:c9:4f:10:c7:13:8e:9b:c7:af:86:ca:e2:a6:e4:79:ac:0f:
         23:d9:f4:6f:78:93:cc:f8:30:5d:a6:bc:31:7e:cc:41:15:fe:
         9c:62:f1:7a:22:ba:b2:b0:c4:cd:c2:a2:57:1e:a9:fd:c9:37:
         ec:75:56:fd:ab:7d:a1:9e:ab:45:bf:e0:83:91:5f:89:36:50:
         64:95:97:4a:ad:28:c4:49:36:77:9f:28:b4:85:e1:4b:42:4e:
         e5:51:54:d8:06:88:ef:61:97:d1:8c:3d:be:0e:80:2a:6c:b4:
         cc:03:24:93:ef:67:ec:e5:39:d8:dc:76:dd:c9:99:20:35:b7:
         0d:36:32:81:94:af:36:d5:86:2d:d9:a8:31:31:8f:8a:ee:79:
         d4:df:f9:8f
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUUWJ6/iuonT6rHvupCILkvFeDe/gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjJaFw0yNTA4MjIwODAxMjJaMDMxMTAvBgNV
BAMTKDM3RTgxRDMxRDRFRDk0NTBCNTEzNTZENkI4M0MxNUE3QUE2OTEwOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx3k5Krvl/ZfYpasnywJRKWgnf
44ICYQ2uXJ+ojHXDbq0Lvbe5GM7V0RbpAKjCC29LcXIa2r4kICu337s4uFOI78R9
6seOkOLRi0yCDvfEn/4gRyS0RrflyM4IO8mWTA6Zuuhr1HInx3w5JFCNR/35vt1C
rfAyj2xirpxqbW98k4a8ItJxqdTkZaG6o87hobWBh8Y2/e9YxwoSN8h1TO697cO5
rJXx2gYCWJd4UvNgKD9NFFi7D2bCap6uG+T4vUdhZerFBunU6KGOQR3r4bw1ixzA
zoGzWCLucEzaokwgRqzvcCJqUXgkJ9SruV9bzLJeNiCgkpDHyc3iiEuqc77RAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUN+gdMdTtlFC1E1bWuDwVp6ppEJ0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMTQ2MTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqD4XB
A6kwDQYJKoZIhvcNAQELBQADggEBAMLRcbs8cfKigqhE19qPtJgFW+upLBbu1wzy
4/OQXekE6hv4UycD0cpolXqfSUr4IUaZ8gsAnRm9GFNzf/JVmbUdnZelzxK4rQEb
d9Myjmen9Aati0byzLW/cBahiG4dDtWUGBH7Rx9nRAh+SbTJTxDHE46bx6+GyuKm
5HmsDyPZ9G94k8z4MF2mvDF+zEEV/pxi8XoiurKwxM3Colceqf3JN+x1Vv2rfaGe
q0W/4IORX4k2UGSVl0qtKMRJNnefKLSF4UtCTuVRVNgGiO9hl9GMPb4OgCpstMwD
JJPvZ+zlOdjcdt3JmSA1tw02MoGUrzbVhi3ZqDExj4ruedTf+Y8=
-----END CERTIFICATE-----