Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS14618.roa
File:                     AS14618.roa (raw, json)
Hash identifier:          yvZcMll0lOPYaryiHQGpq9WWFg5KBApzkC7chigfGvQ=
Subject key identifier:   C6:48:A9:50:6F:7D:47:B2:B1:35:C7:46:C5:DC:04:E8:81:18:D7:83
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4C7975F654DA0F05CB04AA09F7EBF9ED780E8D79
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS14618.roa
Signing time:             Wed 29 Oct 2025 03:40:47 +0000
ROA not before:           Wed 29 Oct 2025 03:35:47 +0000
ROA not after:            Wed 28 Oct 2026 03:40:47 +0000
asID:                     14618
IP address blocks:        2a0f:85c1:3a9::/48 maxlen: 48
                          2a0f:85c1:d62::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:79:75:f6:54:da:0f:05:cb:04:aa:09:f7:eb:f9:ed:78:0e:8d:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 29 03:35:47 2025 GMT
            Not After : Oct 28 03:40:47 2026 GMT
        Subject: CN=C648A9506F7D47B2B135C746C5DC04E88118D783
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8c:02:bd:ac:30:d5:38:c2:28:49:2a:93:eb:
                    4d:e0:c5:2b:61:5a:22:33:d6:8f:99:7a:5a:37:9c:
                    c1:bc:b9:6f:b5:f0:b2:92:d4:c8:20:98:58:f1:5e:
                    cb:bf:a0:e7:51:41:1b:cd:4e:ab:4f:f2:b9:cb:f6:
                    43:05:62:d0:60:ed:86:be:f9:79:d0:39:b4:e7:0c:
                    23:9a:33:b7:39:ad:c2:1b:d1:cd:e1:0e:94:c2:73:
                    b5:2b:02:40:46:61:31:1f:0c:c7:ac:47:60:7f:69:
                    43:cc:93:dd:ec:4c:17:d7:83:cd:d1:05:f9:e1:31:
                    1a:56:05:3f:aa:93:a7:5e:49:4b:37:e8:69:6b:41:
                    37:19:6c:15:82:6e:22:50:46:ea:69:17:58:23:fc:
                    cb:93:48:ba:d4:81:15:85:34:5d:3f:f3:be:ee:2f:
                    f0:d0:d9:38:5e:2a:18:be:3c:64:f8:b9:83:f5:28:
                    16:33:33:b4:5d:e1:62:a7:c8:04:2f:94:ac:c1:d3:
                    29:7a:8f:f7:84:1f:9e:cf:45:f1:0c:6f:27:a3:f4:
                    d4:63:a0:b0:61:e4:38:74:39:50:4e:5d:82:43:d2:
                    98:8e:40:c6:68:1d:54:f2:97:24:55:64:fc:8c:a9:
                    a6:58:c9:0a:dd:44:7a:2b:3c:2a:3f:c3:ec:aa:3e:
                    ce:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:48:A9:50:6F:7D:47:B2:B1:35:C7:46:C5:DC:04:E8:81:18:D7:83
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS14618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3a9::/48
                  2a0f:85c1:d62::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:53:66:4a:7d:4b:da:27:1e:6c:6d:b2:7b:46:da:4f:eb:ac:
         63:6a:6a:c3:84:fc:c7:d5:92:a1:d6:87:2c:06:6c:58:a6:f4:
         bf:86:cf:27:22:07:2b:03:6c:9a:38:26:b2:37:8b:6c:e8:9c:
         fa:a6:fd:51:65:16:4f:ab:44:4e:f1:75:1a:2e:75:95:b2:61:
         30:3d:09:e7:2a:c5:95:9a:ec:75:e0:9c:96:f5:91:95:f2:8d:
         06:dd:e1:68:a1:a1:1b:3f:5e:0d:81:20:38:bc:fd:1c:dd:87:
         64:48:e9:e9:ba:46:e6:a4:73:6f:ca:a0:02:01:ac:86:36:a3:
         bb:93:ad:c8:33:1d:58:8a:9e:15:40:84:7d:71:49:68:d3:95:
         57:99:9a:ea:dd:df:21:29:4c:26:ee:bb:b3:9f:d9:c3:84:00:
         16:ac:ad:bc:26:86:87:83:49:88:d7:6e:3e:7d:bc:df:16:68:
         0f:8f:0e:57:7d:e5:26:4b:f3:98:30:f3:c1:67:5e:de:94:82:
         97:32:39:24:d1:92:61:2b:7d:73:c9:c9:bf:4a:d3:46:2c:99:
         2c:f6:00:10:7d:62:0d:13:fc:6a:76:00:c3:bb:53:fb:56:5e:
         f2:61:dc:a1:15:74:77:a7:8a:09:6b:c9:ce:d9:70:2b:e2:6f:
         e4:87:59:d9
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUTHl19lTaDwXLBKoJ9+v57XgOjXkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTEwMjkwMzM1NDdaFw0yNjEwMjgwMzQwNDdaMDMxMTAvBgNV
BAMTKEM2NDhBOTUwNkY3RDQ3QjJCMTM1Qzc0NkM1REMwNEU4ODExOEQ3ODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7jAK9rDDVOMIoSSqT603gxSth
WiIz1o+Zelo3nMG8uW+18LKS1MggmFjxXsu/oOdRQRvNTqtP8rnL9kMFYtBg7Ya+
+XnQObTnDCOaM7c5rcIb0c3hDpTCc7UrAkBGYTEfDMesR2B/aUPMk93sTBfXg83R
BfnhMRpWBT+qk6deSUs36GlrQTcZbBWCbiJQRuppF1gj/MuTSLrUgRWFNF0/877u
L/DQ2TheKhi+PGT4uYP1KBYzM7Rd4WKnyAQvlKzB0yl6j/eEH57PRfEMbyej9NRj
oLBh5Dh0OVBOXYJD0piOQMZoHVTylyRVZPyMqaZYyQrdRHorPCo/w+yqPs5HAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUxkipUG99R7KxNcdGxdwE6IEY14MwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMTQ2MTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwAqD4XB
A6kDBwAqD4XBDWIwDQYJKoZIhvcNAQELBQADggEBACNTZkp9S9onHmxtsntG2k/r
rGNqasOE/MfVkqHWhywGbFim9L+GzyciBysDbJo4JrI3i2zonPqm/VFlFk+rRE7x
dRoudZWyYTA9CecqxZWa7HXgnJb1kZXyjQbd4WihoRs/Xg2BIDi8/Rzdh2RI6em6
Ruakc2/KoAIBrIY2o7uTrcgzHViKnhVAhH1xSWjTlVeZmurd3yEpTCbuu7Of2cOE
ABasrbwmhoeDSYjXbj59vN8WaA+PDld95SZL85gw88FnXt6UgpcyOSTRkmErfXPJ
yb9K00YsmSz2ABB9Yg0T/Gp2AMO7U/tWXvJh3KEVdHeniglryc7ZcCvib+SHWdk=
-----END CERTIFICATE-----