Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS14618.roa
File:                     AS14618.roa (raw, json)
Hash identifier:          rL0mXs8bFnMrgo7XROKY7L1ma58k62P7RfQnChXmel4=
Subject key identifier:   5E:21:F9:BE:CC:F0:D8:7D:73:19:03:18:E6:B8:3A:F6:08:F9:78:DA
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       04C48817FE25393BB240D6E7BF21411D377F4D0C
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS14618.roa
Signing time:             Thu 09 May 2024 00:01:05 +0000
ROA not before:           Wed 08 May 2024 23:56:05 +0000
ROA not after:            Thu 08 May 2025 00:01:05 +0000
asID:                     14618
IP address blocks:        141.11.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:c4:88:17:fe:25:39:3b:b2:40:d6:e7:bf:21:41:1d:37:7f:4d:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  8 23:56:05 2024 GMT
            Not After : May  8 00:01:05 2025 GMT
        Subject: CN=5E21F9BECCF0D87D73190318E6B83AF608F978DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ec:43:12:78:15:a9:22:51:e9:ce:9a:b9:d4:
                    67:aa:96:e0:3f:56:36:56:22:9a:95:49:40:e5:7f:
                    a3:10:03:69:93:f7:fb:9d:76:0e:ad:b2:c0:43:7d:
                    0c:94:ef:a2:8e:17:db:69:7d:d7:28:a8:71:56:c8:
                    ae:32:85:3e:f9:ea:90:3d:4e:8c:5b:c9:9f:29:24:
                    66:d0:d2:87:d0:5f:ab:4a:01:66:ed:6f:a3:be:e3:
                    ca:09:35:d3:c9:21:ad:fd:81:da:b7:17:e7:0e:f5:
                    7b:cf:1b:e9:3d:2e:9b:7f:eb:b8:51:f6:97:e0:15:
                    aa:e0:11:3d:a4:27:e8:55:7e:a6:91:95:fd:10:0a:
                    ba:bf:ce:29:7b:c1:df:dc:fc:47:0f:e8:25:ec:57:
                    d2:16:fd:e7:76:db:72:70:5f:99:3e:54:4a:c4:50:
                    b0:46:52:53:0f:93:93:24:b1:7f:d4:01:56:ba:f5:
                    91:be:e3:78:42:19:58:0a:37:1a:08:6e:71:81:80:
                    08:50:61:42:cb:f3:c8:da:a4:d7:de:01:d7:25:3b:
                    af:59:53:d8:b2:c7:81:8f:b8:6a:7f:68:17:d5:5e:
                    92:0e:21:6c:13:cd:da:75:ea:d4:90:71:cd:fb:76:
                    0d:21:28:44:80:ef:3e:6f:b5:13:06:46:8d:07:f9:
                    fd:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:21:F9:BE:CC:F0:D8:7D:73:19:03:18:E6:B8:3A:F6:08:F9:78:DA
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS14618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:4f:9d:c5:28:fe:02:c8:f8:46:5d:19:3e:39:fc:75:21:bc:
         b5:51:a1:93:7c:03:8d:c9:bd:5d:b6:da:92:fe:39:bc:07:71:
         44:3e:1d:9f:5e:c5:03:ff:0b:ec:f3:4c:38:35:7c:7f:bf:dd:
         5c:67:54:11:e4:4d:ba:71:71:20:41:bf:bf:2f:c5:60:6b:a2:
         8b:50:67:ac:37:2b:ac:c2:03:53:bc:55:61:0b:7c:e1:e2:dc:
         bc:fa:6e:02:27:0a:c8:fe:55:3e:47:ba:0a:d2:ca:bc:3f:14:
         f7:0d:10:25:97:9c:47:e6:17:30:e5:ad:60:51:6e:70:f5:d2:
         e9:6d:57:48:84:02:fc:44:d8:16:58:e4:ef:6d:27:03:7b:a3:
         e9:91:f4:39:36:c3:ba:bf:f0:5a:10:e3:4d:0f:d8:02:d2:5e:
         88:ef:2a:4b:a9:82:76:cf:d6:5f:02:73:81:9b:89:74:47:81:
         44:b1:f3:3e:b3:ff:b6:76:2e:c1:ef:94:2b:7e:72:22:9a:4e:
         ca:28:f9:26:7f:9b:e0:ec:65:d2:3f:e0:92:f6:ac:50:fe:be:
         a7:29:79:cb:07:62:b5:e9:27:ed:d2:5e:c0:ae:ef:df:90:af:
         06:cd:2b:0d:ba:d5:db:56:16:9a:f8:96:c8:5b:12:b3:ef:29:
         00:fa:11:b4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUBMSIF/4lOTuyQNbnvyFBHTd/TQwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA1MDgyMzU2MDVaFw0yNTA1MDgwMDAxMDVaMDMxMTAvBgNV
BAMTKDVFMjFGOUJFQ0NGMEQ4N0Q3MzE5MDMxOEU2QjgzQUY2MDhGOTc4REEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw7EMSeBWpIlHpzpq51GeqluA/
VjZWIpqVSUDlf6MQA2mT9/uddg6tssBDfQyU76KOF9tpfdcoqHFWyK4yhT756pA9
ToxbyZ8pJGbQ0ofQX6tKAWbtb6O+48oJNdPJIa39gdq3F+cO9XvPG+k9Lpt/67hR
9pfgFargET2kJ+hVfqaRlf0QCrq/zil7wd/c/EcP6CXsV9IW/ed223JwX5k+VErE
ULBGUlMPk5MksX/UAVa69ZG+43hCGVgKNxoIbnGBgAhQYULL88japNfeAdclO69Z
U9iyx4GPuGp/aBfVXpIOIWwTzdp16tSQcc37dg0hKESA7z5vtRMGRo0H+f1nAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUXiH5vszw2H1zGQMY5rg69gj5eNowHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTQ2MTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKNCwww
DQYJKoZIhvcNAQELBQADggEBAKNPncUo/gLI+EZdGT45/HUhvLVRoZN8A43JvV22
2pL+ObwHcUQ+HZ9exQP/C+zzTDg1fH+/3VxnVBHkTbpxcSBBv78vxWBrootQZ6w3
K6zCA1O8VWELfOHi3Lz6bgInCsj+VT5HugrSyrw/FPcNECWXnEfmFzDlrWBRbnD1
0ultV0iEAvxE2BZY5O9tJwN7o+mR9Dk2w7q/8FoQ400P2ALSXojvKkupgnbP1l8C
c4GbiXRHgUSx8z6z/7Z2LsHvlCt+ciKaTsoo+SZ/m+DsZdI/4JL2rFD+vqcpecsH
YrXpJ+3SXsCu79+QrwbNKw261dtWFpr4lshbErPvKQD6EbQ=
-----END CERTIFICATE-----