Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS14618.roa
File:                     AS14618.roa (raw, json)
Hash identifier:          f4TKR2PE1IBuuzbJJztlWu6Aa9DFcxkmHiD09olN0Q0=
Subject key identifier:   07:18:23:36:90:47:9F:24:37:94:78:AF:EF:17:2E:DC:66:AA:0B:EE
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       07FE7D60729C39242C8F68B43BD578172C78F22C
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS14618.roa
Signing time:             Wed 06 Aug 2025 21:22:38 +0000
ROA not before:           Wed 06 Aug 2025 21:17:38 +0000
ROA not after:            Wed 05 Aug 2026 21:22:38 +0000
asID:                     14618
IP address blocks:        45.155.17.0/24 maxlen: 24
                          193.164.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:fe:7d:60:72:9c:39:24:2c:8f:68:b4:3b:d5:78:17:2c:78:f2:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug  6 21:17:38 2025 GMT
            Not After : Aug  5 21:22:38 2026 GMT
        Subject: CN=0718233690479F24379478AFEF172EDC66AA0BEE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e8:d1:31:5c:2e:cc:dd:b0:68:30:35:15:17:
                    b9:d2:5b:fb:4d:2d:bb:14:3d:40:2f:88:9b:96:36:
                    45:61:35:0b:20:f0:83:dd:ac:dd:88:3a:8d:74:8f:
                    79:b9:e0:0a:d0:c4:a1:8b:30:35:a2:43:c5:35:7e:
                    38:06:cd:85:e5:93:5b:5b:76:07:97:12:a8:a4:2c:
                    18:1d:c5:8b:57:93:cb:20:bc:da:9c:ad:5f:30:b1:
                    c3:5f:87:38:2a:99:cb:f1:e6:11:9c:b6:0c:fd:d4:
                    c0:d2:5a:1f:a7:75:3b:14:57:e0:8e:8e:a5:a1:73:
                    f7:ec:45:76:a9:7b:5c:e9:72:ba:9f:46:e1:5c:bb:
                    ff:e9:a1:f4:94:1b:d4:6f:bc:bd:43:ac:63:74:79:
                    3f:9c:23:1b:ab:3c:45:39:64:37:5b:2a:c1:00:77:
                    08:32:38:a9:6d:a1:f7:46:3e:26:ad:a9:33:2b:e1:
                    28:53:1b:6a:64:7f:7c:69:8a:ae:62:95:69:cd:f5:
                    85:63:42:f7:a3:a5:a7:c5:61:5b:fa:1a:b5:e9:e2:
                    e0:87:87:9d:08:77:38:a2:28:f6:30:0c:a9:48:70:
                    0e:38:c0:8c:ac:e3:eb:a7:09:39:58:f9:dd:71:27:
                    be:62:7e:e6:23:48:5a:f6:eb:c0:89:11:70:04:d0:
                    c4:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:18:23:36:90:47:9F:24:37:94:78:AF:EF:17:2E:DC:66:AA:0B:EE
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS14618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.17.0/24
                  193.164.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:b0:6d:2a:6e:da:28:25:02:75:25:5d:53:92:2c:41:6c:44:
         da:10:c7:50:54:56:fa:2e:4a:b5:08:f0:f3:43:13:ae:04:64:
         8b:e9:29:19:0d:94:1e:77:c3:db:9a:b8:bd:ad:83:e3:69:ed:
         a1:55:93:84:e3:c1:c8:b7:01:d4:e2:ea:0d:2f:3c:23:0f:df:
         eb:10:3e:f1:8c:ce:5f:dd:f7:86:cb:75:69:ab:ec:a3:2c:2c:
         55:84:39:c4:bb:1d:2e:e3:3a:47:94:1d:f4:92:60:53:d1:d0:
         94:78:2e:92:b2:0a:24:96:02:60:d4:b1:ef:12:54:8c:a7:c6:
         6f:59:27:2f:4c:c2:0d:d0:c0:85:f4:10:fe:5c:a6:b3:ed:20:
         43:37:aa:dd:d1:fc:fb:a1:ca:30:59:29:c0:04:0c:11:f9:be:
         b0:15:20:72:43:63:e4:8c:b0:a3:aa:56:65:79:3e:fb:cb:58:
         a4:c3:7a:be:b2:73:f1:e2:30:98:56:30:4f:99:1d:e6:e4:81:
         bc:e1:88:26:a8:fb:78:08:bd:51:e8:3f:9d:03:d3:9d:d3:67:
         ed:ac:e8:9c:33:33:62:e7:9a:30:9f:6b:68:eb:eb:20:e9:57:
         0a:79:91:44:a6:31:26:d8:c3:3d:60:fc:d9:39:7d:1f:30:e1:
         70:73:a9:32
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUB/59YHKcOSQsj2i0O9V4Fyx48iwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA4MDYyMTE3MzhaFw0yNjA4MDUyMTIyMzhaMDMxMTAvBgNV
BAMTKDA3MTgyMzM2OTA0NzlGMjQzNzk0NzhBRkVGMTcyRURDNjZBQTBCRUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp6NExXC7M3bBoMDUVF7nSW/tN
LbsUPUAviJuWNkVhNQsg8IPdrN2IOo10j3m54ArQxKGLMDWiQ8U1fjgGzYXlk1tb
dgeXEqikLBgdxYtXk8sgvNqcrV8wscNfhzgqmcvx5hGctgz91MDSWh+ndTsUV+CO
jqWhc/fsRXape1zpcrqfRuFcu//pofSUG9RvvL1DrGN0eT+cIxurPEU5ZDdbKsEA
dwgyOKltofdGPiatqTMr4ShTG2pkf3xpiq5ilWnN9YVjQvejpafFYVv6GrXp4uCH
h50IdziiKPYwDKlIcA44wIys4+unCTlY+d1xJ75ifuYjSFr268CJEXAE0MRpAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUBxgjNpBHnyQ3lHiv7xcu3GaqC+4wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTQ2MTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtmxED
BADBpAowDQYJKoZIhvcNAQELBQADggEBAD6wbSpu2iglAnUlXVOSLEFsRNoQx1BU
VvouSrUI8PNDE64EZIvpKRkNlB53w9uauL2tg+Np7aFVk4Tjwci3AdTi6g0vPCMP
3+sQPvGMzl/d94bLdWmr7KMsLFWEOcS7HS7jOkeUHfSSYFPR0JR4LpKyCiSWAmDU
se8SVIynxm9ZJy9Mwg3QwIX0EP5cprPtIEM3qt3R/PuhyjBZKcAEDBH5vrAVIHJD
Y+SMsKOqVmV5PvvLWKTDer6yc/HiMJhWME+ZHebkgbzhiCao+3gIvVHoP50D053T
Z+2s6JwzM2LnmjCfa2jr6yDpVwp5kUSmMSbYwz1g/Nk5fR8w4XBzqTI=
-----END CERTIFICATE-----