Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS14618.roa
File:                     AS14618.roa (raw, json)
Hash identifier:          yEMHVvY8jwcyulhqhkK4tmWzReNtAco8Bo5G1l9x0U0=
Subject key identifier:   EB:6E:30:31:57:A0:46:74:CF:FD:8B:46:AF:5B:74:88:CA:2A:7C:FA
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       7F4E09AC35FB9F4E8D267120954B9AFA47ACAD5B
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS14618.roa
Signing time:             Fri 25 Jul 2025 08:07:38 +0000
ROA not before:           Fri 25 Jul 2025 08:02:38 +0000
ROA not after:            Fri 24 Jul 2026 08:07:38 +0000
asID:                     14618
IP address blocks:        2a0f:85c1:3a9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:4e:09:ac:35:fb:9f:4e:8d:26:71:20:95:4b:9a:fa:47:ac:ad:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:38 2025 GMT
            Not After : Jul 24 08:07:38 2026 GMT
        Subject: CN=EB6E303157A04674CFFD8B46AF5B7488CA2A7CFA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8f:e0:d8:bd:6f:2c:1e:2b:58:4b:52:cf:06:
                    7a:ef:a0:4c:88:c3:a5:65:65:71:4a:e0:f6:ff:2d:
                    52:98:a8:3f:97:d3:c6:68:3b:3b:f4:92:8c:d7:4b:
                    2f:d2:37:7a:70:82:32:30:06:b4:ba:7c:b5:76:cd:
                    5e:2c:f3:ff:be:46:d9:03:6d:4c:6a:05:c0:3a:f0:
                    1b:e6:27:c5:93:e6:41:98:49:85:c6:12:9a:cc:1a:
                    9d:5c:05:b1:14:c4:58:30:5a:51:03:d0:ae:ff:31:
                    93:ff:e4:ca:5f:43:bf:01:90:55:c7:0a:d3:d0:7d:
                    67:99:37:08:2e:64:b8:0a:0c:8f:f5:79:a3:87:3f:
                    cd:48:cd:11:84:a1:c9:a6:74:a8:51:7f:56:91:f5:
                    8a:55:6b:86:19:8f:9a:8e:e0:49:aa:6f:8e:f0:ac:
                    6f:fb:3b:e1:23:41:6b:87:70:15:6c:d9:48:c7:23:
                    2e:a0:6b:52:a6:08:fb:21:ce:d6:97:c5:7f:2e:7d:
                    f0:61:2e:d9:a7:24:aa:69:97:98:c5:f3:aa:86:5a:
                    ff:dd:f8:0b:a2:0b:6d:84:db:6a:27:97:c2:e6:21:
                    8b:f4:9a:dc:11:9d:8d:0f:06:be:7a:8c:21:fb:f4:
                    a4:40:c6:e2:02:01:26:22:b5:44:73:2a:4c:e6:81:
                    26:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:6E:30:31:57:A0:46:74:CF:FD:8B:46:AF:5B:74:88:CA:2A:7C:FA
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS14618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3a9::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:c9:43:53:07:f1:23:f9:6f:54:2c:72:65:79:e0:a8:8d:a1:
         65:03:35:6f:46:f0:6d:b3:84:50:1d:3d:c9:4a:4a:36:05:16:
         49:09:c4:73:4b:95:20:cd:df:9b:57:03:1a:5e:8a:c6:c0:ad:
         9a:0f:82:47:f6:56:1b:e1:96:24:ad:10:15:e9:5b:2c:28:d0:
         33:e1:1e:f5:b6:71:1e:62:1c:f4:4b:f9:bf:3a:89:00:87:10:
         03:ad:dc:dd:c5:47:8e:7a:5d:ec:67:60:2f:2d:a0:30:e0:4f:
         df:af:9e:38:5a:9a:77:12:4d:e1:58:a9:cc:76:e2:53:36:77:
         4a:24:72:4b:0f:89:c6:bc:05:06:4f:58:ab:e8:78:8b:c7:90:
         5d:56:ee:53:4c:64:0f:d0:5d:91:e5:2b:70:90:34:c9:d8:f8:
         75:cc:d3:0b:ad:f0:5a:e2:45:95:cf:76:06:31:f2:de:69:14:
         b9:6e:52:ef:70:c5:98:b9:f9:1d:64:57:1c:e3:51:38:da:9e:
         e4:e9:4f:fc:5f:86:d2:e3:1e:c0:d6:f0:e1:e6:af:ec:f7:26:
         01:01:39:d0:54:fd:60:dc:01:31:a1:9d:0e:11:e2:43:a8:dc:
         85:e1:f6:33:54:f6:ed:38:3e:54:09:2e:fa:98:12:03:55:35:
         0b:4b:14:77
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUf04JrDX7n06NJnEglUua+kesrVswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzhaFw0yNjA3MjQwODA3MzhaMDMxMTAvBgNV
BAMTKEVCNkUzMDMxNTdBMDQ2NzRDRkZEOEI0NkFGNUI3NDg4Q0EyQTdDRkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClj+DYvW8sHitYS1LPBnrvoEyI
w6VlZXFK4Pb/LVKYqD+X08ZoOzv0kozXSy/SN3pwgjIwBrS6fLV2zV4s8/++RtkD
bUxqBcA68BvmJ8WT5kGYSYXGEprMGp1cBbEUxFgwWlED0K7/MZP/5MpfQ78BkFXH
CtPQfWeZNwguZLgKDI/1eaOHP81IzRGEocmmdKhRf1aR9YpVa4YZj5qO4Emqb47w
rG/7O+EjQWuHcBVs2UjHIy6ga1KmCPshztaXxX8uffBhLtmnJKppl5jF86qGWv/d
+AuiC22E22onl8LmIYv0mtwRnY0PBr56jCH79KRAxuICASYitURzKkzmgSa5AgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQU624wMVegRnTP/YtGr1t0iMoqfPowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMTQ2MTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqD4XB
A6kwDQYJKoZIhvcNAQELBQADggEBAHfJQ1MH8SP5b1QscmV54KiNoWUDNW9G8G2z
hFAdPclKSjYFFkkJxHNLlSDN35tXAxpeisbArZoPgkf2VhvhliStEBXpWywo0DPh
HvW2cR5iHPRL+b86iQCHEAOt3N3FR456XexnYC8toDDgT9+vnjhamncSTeFYqcx2
4lM2d0okcksPica8BQZPWKvoeIvHkF1W7lNMZA/QXZHlK3CQNMnY+HXM0wut8Fri
RZXPdgYx8t5pFLluUu9wxZi5+R1kVxzjUTjanuTpT/xfhtLjHsDW8OHmr+z3JgEB
OdBU/WDcATGhnQ4R4kOo3IXh9jNU9u04PlQJLvqYEgNVNQtLFHc=
-----END CERTIFICATE-----