Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS7018.roa
File:                     AS7018.roa (raw, json)
Hash identifier:          Ic9hngisYZa2aBxWh/An0VlR6pxYfLB1hlp7HiA7zoE=
Subject key identifier:   2B:F1:24:D7:61:74:38:27:CF:E0:EC:18:B2:81:7A:D2:39:29:20:68
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       185AD171A4491D2B17E5D816E664AC2023620ADA
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS7018.roa
Signing time:             Fri 21 Mar 2025 02:40:48 +0000
ROA not before:           Fri 21 Mar 2025 02:35:48 +0000
ROA not after:            Fri 20 Mar 2026 02:40:48 +0000
asID:                     7018
IP address blocks:        2a14:7582::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:5a:d1:71:a4:49:1d:2b:17:e5:d8:16:e6:64:ac:20:23:62:0a:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Mar 21 02:35:48 2025 GMT
            Not After : Mar 20 02:40:48 2026 GMT
        Subject: CN=2BF124D761743827CFE0EC18B2817AD239292068
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:85:10:a5:53:5d:6d:54:e4:11:64:99:3d:55:
                    b1:23:31:0d:00:bc:3a:b8:45:72:c8:8d:d3:c6:d1:
                    d6:d5:7c:3a:f6:b0:1f:ec:d6:08:e7:94:a1:74:13:
                    10:b6:39:f2:48:c1:38:6d:33:dc:a9:71:c4:73:4a:
                    92:27:4b:90:60:a5:58:ae:f5:2f:a1:f4:73:de:bf:
                    c1:42:66:0c:15:fd:6d:61:c9:c9:79:fd:8b:78:d2:
                    b3:f9:9b:48:b1:5b:d3:b5:9f:a0:6e:8b:49:ad:8f:
                    c3:24:75:9b:fc:e6:15:06:f5:0a:64:cc:7f:23:50:
                    48:f5:5e:c2:be:62:3b:de:0d:3c:10:12:7d:b4:20:
                    24:a4:ed:60:56:7e:b0:04:3f:04:cd:29:b0:b1:2b:
                    be:8f:61:5f:c7:42:06:ea:8f:71:81:43:65:07:d8:
                    1b:66:53:9b:b6:ee:4c:d9:42:64:22:fe:d0:eb:64:
                    38:43:ce:e0:e9:16:5d:06:77:98:3d:af:5f:30:ff:
                    97:3a:90:ca:73:92:49:10:2a:bf:be:16:a0:82:05:
                    4b:fa:96:b2:9d:8f:04:c5:42:73:2a:b6:e5:6f:13:
                    ad:e7:10:5b:f7:cc:33:9f:68:d1:b1:d7:92:55:e9:
                    fd:cd:e4:27:cd:ed:79:65:99:b2:03:c1:eb:00:e5:
                    bb:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:F1:24:D7:61:74:38:27:CF:E0:EC:18:B2:81:7A:D2:39:29:20:68
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS7018.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7582::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:62:06:05:58:21:1e:33:45:bb:2f:71:ce:70:9b:f9:23:b8:
         f2:9c:54:31:c9:91:8d:d6:fe:89:d9:a4:1c:d7:7b:55:2e:a6:
         07:c5:8e:96:32:82:db:93:ac:be:fb:28:9c:82:63:d8:8e:c5:
         08:c3:c7:df:00:a3:f5:c6:50:15:f6:9f:c7:cc:8d:f8:bf:4b:
         ff:20:fe:41:4b:57:07:bc:93:59:4c:5a:f8:f6:15:5e:0e:c6:
         b7:c2:d8:59:1f:67:49:fc:e1:60:83:40:b7:0c:8f:38:70:c3:
         94:70:66:b1:68:fd:84:75:86:ba:98:8c:66:73:74:d8:ad:21:
         34:24:b6:4b:30:6d:d5:d1:12:14:9b:e4:dd:0e:6b:5f:46:8b:
         78:c5:d3:03:b7:cf:34:ff:7f:8c:fe:89:8a:76:76:dc:c4:af:
         65:06:56:f1:cf:0c:f7:5a:ab:b9:46:ed:2a:14:7c:3c:16:34:
         2b:d4:17:25:17:77:9d:18:f1:aa:8e:d0:f6:cd:53:77:aa:3c:
         63:ac:63:94:c6:7c:27:f3:59:79:1e:8e:6d:5d:2e:49:1d:63:
         79:32:65:d4:10:3f:c8:0d:e0:e2:62:38:2c:80:a3:3b:aa:cd:
         11:cc:bb:47:6a:15:dd:be:b1:61:b3:5f:35:55:d6:89:b0:a9:
         dd:68:1c:1a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUGFrRcaRJHSsX5dgW5mSsICNiCtowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTAzMjEwMjM1NDhaFw0yNjAzMjAwMjQwNDhaMDMxMTAvBgNV
BAMTKDJCRjEyNEQ3NjE3NDM4MjdDRkUwRUMxOEIyODE3QUQyMzkyOTIwNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXhRClU11tVOQRZJk9VbEjMQ0A
vDq4RXLIjdPG0dbVfDr2sB/s1gjnlKF0ExC2OfJIwThtM9ypccRzSpInS5BgpViu
9S+h9HPev8FCZgwV/W1hycl5/Yt40rP5m0ixW9O1n6Bui0mtj8MkdZv85hUG9Qpk
zH8jUEj1XsK+YjveDTwQEn20ICSk7WBWfrAEPwTNKbCxK76PYV/HQgbqj3GBQ2UH
2BtmU5u27kzZQmQi/tDrZDhDzuDpFl0Gd5g9r18w/5c6kMpzkkkQKr++FqCCBUv6
lrKdjwTFQnMqtuVvE63nEFv3zDOfaNGx15JV6f3N5CfN7XllmbIDwesA5bvPAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUK/Ek12F0OCfP4OwYsoF60jkpIGgwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTNzAxOC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoUdYIw
DQYJKoZIhvcNAQELBQADggEBAAJiBgVYIR4zRbsvcc5wm/kjuPKcVDHJkY3W/onZ
pBzXe1UupgfFjpYygtuTrL77KJyCY9iOxQjDx98Ao/XGUBX2n8fMjfi/S/8g/kFL
Vwe8k1lMWvj2FV4OxrfC2FkfZ0n84WCDQLcMjzhww5RwZrFo/YR1hrqYjGZzdNit
ITQktkswbdXREhSb5N0Oa19Gi3jF0wO3zzT/f4z+iYp2dtzEr2UGVvHPDPdaq7lG
7SoUfDwWNCvUFyUXd50Y8aqO0PbNU3eqPGOsY5TGfCfzWXkejm1dLkkdY3kyZdQQ
P8gN4OJiOCyAozuqzRHMu0dqFd2+sWGzXzVV1omwqd1oHBo=
-----END CERTIFICATE-----