Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS14618.roa
File:                     AS14618.roa (raw, json)
Hash identifier:          rXV4bMX1WpbPJCHYl9lUC0KD/l4FjPinD0Wv3gQ40OU=
Subject key identifier:   54:68:A2:6E:24:9E:15:F9:CC:07:AD:1C:0D:A7:16:16:D0:36:3B:21
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       7DEE19654896AE4058A1ED16F2F3D6E54C6E6CDB
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS14618.roa
Signing time:             Wed 03 Jun 2026 12:25:54 +0000
ROA not before:           Wed 03 Jun 2026 12:20:54 +0000
ROA not after:            Wed 02 Jun 2027 12:25:54 +0000
asID:                     14618
IP address blocks:        188.220.80.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:ee:19:65:48:96:ae:40:58:a1:ed:16:f2:f3:d6:e5:4c:6e:6c:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  3 12:20:54 2026 GMT
            Not After : Jun  2 12:25:54 2027 GMT
        Subject: CN=5468A26E249E15F9CC07AD1C0DA71616D0363B21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:bd:29:b8:55:cd:79:be:cc:46:cd:fe:0c:c3:
                    e3:24:cd:72:d7:ea:89:0f:71:94:26:38:92:f2:fe:
                    54:0f:34:1b:64:23:6d:ca:01:8d:60:97:c1:4d:0a:
                    5c:48:eb:7c:a2:43:3b:48:9f:18:4c:c9:34:d5:08:
                    e0:6e:a2:93:f6:70:86:a6:28:2f:1f:14:28:f5:37:
                    c1:b1:85:14:66:2f:a9:e6:d8:fd:38:20:b7:c7:2b:
                    c1:af:db:e2:32:9e:e8:7b:a2:8d:62:c4:f7:a3:c0:
                    e5:60:ca:ce:c1:89:a7:88:c2:ee:fb:64:f7:77:06:
                    e6:2f:72:23:80:a9:2b:4d:d8:14:1e:4f:28:4e:b9:
                    2d:66:14:19:92:ae:e8:88:7b:e0:9f:90:0a:17:fa:
                    e9:fd:6b:3c:4d:dd:42:31:1f:0a:c5:48:75:c7:2a:
                    fa:03:0e:2c:8e:d0:10:47:26:a4:76:2d:c7:07:b7:
                    96:05:e0:52:d0:da:56:0c:a0:09:0a:86:67:92:3c:
                    31:32:53:b9:64:8c:a5:fe:21:af:cc:04:6e:ba:5e:
                    cb:21:97:62:d3:d0:74:0c:7d:79:5e:c0:05:a1:5b:
                    b0:a1:b0:7c:fc:97:3d:8b:bc:80:a7:c2:ba:5a:73:
                    9a:93:5e:3c:4d:9d:f6:15:37:cb:cd:44:dd:a1:c1:
                    84:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:68:A2:6E:24:9E:15:F9:CC:07:AD:1C:0D:A7:16:16:D0:36:3B:21
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS14618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.220.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:2a:c0:90:88:e9:73:09:58:3b:03:97:8f:50:fc:b0:4c:57:
         8f:b2:19:23:7c:56:00:5c:cc:23:66:f9:92:51:60:01:f3:c7:
         a3:c0:eb:17:be:5e:6f:48:a2:bd:df:7d:91:82:54:c3:3c:59:
         05:cc:b8:56:20:c7:86:3f:9c:1c:43:fb:ed:94:78:1f:57:83:
         47:1f:fd:ff:d0:b5:35:a9:a8:80:dd:54:ec:d9:bc:88:47:78:
         c0:b2:16:ba:09:33:8a:53:05:86:56:84:37:57:86:bf:da:51:
         91:98:70:6a:6c:9a:10:86:06:ab:4d:e5:e9:ab:5c:8e:13:6b:
         68:c6:0a:2c:0f:60:0a:7b:52:00:63:4f:8a:10:ae:6c:87:5f:
         c3:cb:12:f5:1f:81:06:e4:3d:70:d1:a1:3c:7e:0d:45:ca:6b:
         0a:1d:62:a5:57:5e:f3:19:94:3b:dc:1a:9a:ba:8b:c9:2d:16:
         a9:b4:08:d3:99:ce:60:30:c9:31:cb:36:a1:98:4d:da:60:1a:
         09:ec:cc:db:e7:3e:7c:73:66:e8:90:e7:15:41:2f:f8:71:4b:
         92:2b:c2:58:99:e2:7f:ba:98:b6:7a:4d:a4:4b:c4:15:09:eb:
         40:28:2c:b7:37:ca:a1:de:f8:76:96:3b:48:4f:af:1c:53:d0:
         57:29:fe:c8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUfe4ZZUiWrkBYoe0W8vPW5UxubNswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDMxMjIwNTRaFw0yNzA2MDIxMjI1NTRaMDMxMTAvBgNV
BAMTKDU0NjhBMjZFMjQ5RTE1RjlDQzA3QUQxQzBEQTcxNjE2RDAzNjNCMjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJvSm4Vc15vsxGzf4Mw+MkzXLX
6okPcZQmOJLy/lQPNBtkI23KAY1gl8FNClxI63yiQztInxhMyTTVCOBuopP2cIam
KC8fFCj1N8GxhRRmL6nm2P04ILfHK8Gv2+Iynuh7oo1ixPejwOVgys7BiaeIwu77
ZPd3BuYvciOAqStN2BQeTyhOuS1mFBmSruiIe+CfkAoX+un9azxN3UIxHwrFSHXH
KvoDDiyO0BBHJqR2LccHt5YF4FLQ2lYMoAkKhmeSPDEyU7lkjKX+Ia/MBG66Xssh
l2LT0HQMfXlewAWhW7ChsHz8lz2LvICnwrpac5qTXjxNnfYVN8vNRN2hwYRlAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUVGiibiSeFfnMB60cDacWFtA2OyEwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMTQ2MTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAK83FAw
DQYJKoZIhvcNAQELBQADggEBAAEqwJCI6XMJWDsDl49Q/LBMV4+yGSN8VgBczCNm
+ZJRYAHzx6PA6xe+Xm9Ior3ffZGCVMM8WQXMuFYgx4Y/nBxD++2UeB9Xg0cf/f/Q
tTWpqIDdVOzZvIhHeMCyFroJM4pTBYZWhDdXhr/aUZGYcGpsmhCGBqtN5emrXI4T
a2jGCiwPYAp7UgBjT4oQrmyHX8PLEvUfgQbkPXDRoTx+DUXKawodYqVXXvMZlDvc
Gpq6i8ktFqm0CNOZzmAwyTHLNqGYTdpgGgnszNvnPnxzZuiQ5xVBL/hxS5IrwliZ
4n+6mLZ6TaRLxBUJ60AoLLc3yqHe+HaWO0hPrxxT0Fcp/sg=
-----END CERTIFICATE-----