Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS14618.roa
File:                     AS14618.roa (raw, json)
Hash identifier:          X+kB8ODCmUjcESd72s2SvZCMHLtLhOTCEbBYTxtwhfI=
Subject key identifier:   5D:27:7E:9B:67:04:D7:91:EB:46:B2:32:77:D3:D3:E4:69:7E:EF:98
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       676F94AFC279416C519FB387BFC58C4239EE774E
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS14618.roa
Signing time:             Wed 23 Jul 2025 21:49:15 +0000
ROA not before:           Wed 23 Jul 2025 21:44:15 +0000
ROA not after:            Wed 22 Jul 2026 21:49:15 +0000
asID:                     14618
IP address blocks:        143.20.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 19:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:6f:94:af:c2:79:41:6c:51:9f:b3:87:bf:c5:8c:42:39:ee:77:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 23 21:44:15 2025 GMT
            Not After : Jul 22 21:49:15 2026 GMT
        Subject: CN=5D277E9B6704D791EB46B23277D3D3E4697EEF98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:32:7b:0d:c4:12:b6:25:f1:3f:ea:5e:9f:7b:
                    aa:22:0b:fd:43:a6:40:0a:ad:a8:38:79:6a:e8:7e:
                    22:4c:01:e8:27:78:5f:20:81:b7:42:28:bc:71:81:
                    01:43:03:2f:df:4b:32:78:bd:cc:d5:70:a3:ae:9b:
                    62:4d:95:8f:82:b2:a2:f0:ac:56:47:dd:48:84:8e:
                    5f:c0:e2:14:c9:b9:2a:74:ba:0c:9e:87:9e:16:b4:
                    dc:a1:a6:8f:ab:bc:dd:9d:2a:4a:b4:05:bf:6c:fc:
                    2b:4e:7b:15:a7:5d:5b:31:7d:90:4c:8b:a0:9f:ab:
                    2c:82:da:4a:28:88:f7:20:51:d9:ed:fe:e3:2e:7f:
                    4b:5a:90:f0:02:2b:2d:36:20:8a:33:1b:81:ca:94:
                    0a:8f:93:28:ef:13:e5:f7:53:e3:b8:29:1f:69:58:
                    cb:9c:23:1c:e1:1d:cc:8f:5e:26:16:84:d7:d4:56:
                    c0:96:99:41:4a:40:55:11:9c:d8:66:ec:e8:13:7b:
                    ed:a1:7f:0e:9c:46:fa:be:73:f9:c5:34:b1:18:fb:
                    90:ca:db:59:ca:ae:c2:64:bb:c3:7b:fe:b9:79:62:
                    27:68:b5:15:58:34:e2:f1:5e:52:89:c1:e0:5d:ef:
                    93:2b:82:71:e6:0d:8d:80:9e:0e:6c:a8:ff:e7:50:
                    00:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:27:7E:9B:67:04:D7:91:EB:46:B2:32:77:D3:D3:E4:69:7E:EF:98
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS14618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:f9:3b:3b:bf:60:32:61:9a:a9:23:ce:e3:bd:84:6a:e4:56:
         24:5a:b3:14:c5:28:7c:84:b6:82:9b:d9:94:6e:00:96:38:2f:
         03:0b:a0:f1:39:22:35:59:57:b7:2a:9d:2e:c1:5f:ab:58:9f:
         7d:98:2f:e3:c3:9b:9c:04:01:86:6a:6f:f2:97:64:d0:fe:c8:
         2e:f0:2a:91:5a:e8:7a:1d:a1:d6:ef:8e:b8:e5:60:4e:d5:6d:
         77:8d:ef:39:b0:d2:71:7f:b0:29:a6:d6:1a:c5:8e:c9:20:73:
         7e:3d:68:00:8b:6a:df:e1:b4:7e:70:b0:36:80:43:9f:9f:14:
         7b:3a:39:29:49:8b:de:fb:35:91:85:3b:61:92:00:b0:af:49:
         df:45:d0:28:06:63:1d:60:e5:5b:fe:a1:77:67:39:bd:52:33:
         31:f1:e7:9c:b3:7e:b6:a4:45:74:5f:67:6a:39:6c:c9:22:b6:
         c4:54:d3:af:4f:0d:ab:84:0f:66:f6:a9:4d:4a:7e:39:f0:02:
         99:8e:fe:fc:2e:09:7a:b5:ce:f9:56:3a:e0:65:d7:8a:fe:0f:
         e7:18:77:fd:f9:ed:61:0b:5e:19:dd:fa:94:21:aa:6e:8d:11:
         38:48:79:31:6f:46:d1:5f:00:e5:b5:28:48:90:14:0f:2c:0f:
         66:c0:78:4a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZ2+Ur8J5QWxRn7OHv8WMQjnud04wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjMyMTQ0MTVaFw0yNjA3MjIyMTQ5MTVaMDMxMTAvBgNV
BAMTKDVEMjc3RTlCNjcwNEQ3OTFFQjQ2QjIzMjc3RDNEM0U0Njk3RUVGOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxMnsNxBK2JfE/6l6fe6oiC/1D
pkAKrag4eWrofiJMAegneF8ggbdCKLxxgQFDAy/fSzJ4vczVcKOum2JNlY+CsqLw
rFZH3UiEjl/A4hTJuSp0ugyeh54WtNyhpo+rvN2dKkq0Bb9s/CtOexWnXVsxfZBM
i6CfqyyC2kooiPcgUdnt/uMuf0takPACKy02IIozG4HKlAqPkyjvE+X3U+O4KR9p
WMucIxzhHcyPXiYWhNfUVsCWmUFKQFURnNhm7OgTe+2hfw6cRvq+c/nFNLEY+5DK
21nKrsJku8N7/rl5YidotRVYNOLxXlKJweBd75MrgnHmDY2Ang5sqP/nUAC3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUXSd+m2cE15HrRrIyd9PT5Gl+75gwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTQ2MTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFE0w
DQYJKoZIhvcNAQELBQADggEBAIf5Ozu/YDJhmqkjzuO9hGrkViRasxTFKHyEtoKb
2ZRuAJY4LwMLoPE5IjVZV7cqnS7BX6tYn32YL+PDm5wEAYZqb/KXZND+yC7wKpFa
6HododbvjrjlYE7VbXeN7zmw0nF/sCmm1hrFjskgc349aACLat/htH5wsDaAQ5+f
FHs6OSlJi977NZGFO2GSALCvSd9F0CgGYx1g5Vv+oXdnOb1SMzHx55yzfrakRXRf
Z2o5bMkitsRU069PDauED2b2qU1KfjnwApmO/vwuCXq1zvlWOuBl14r+D+cYd/35
7WELXhnd+pQhqm6NEThIeTFvRtFfAOW1KEiQFA8sD2bAeEo=
-----END CERTIFICATE-----