Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS18450.roa
File:                     AS18450.roa (raw, json)
Hash identifier:          fyWCIooGLdnz2NyLTizrdoLYeQb1Jk0CkuPPiz2j6Jw=
Subject key identifier:   01:E1:8C:96:75:07:4F:36:58:97:C4:C8:D1:23:8B:3B:E4:0D:40:C8
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       468B30117E16B520AA4A39B6F7B7F8550C5B22CB
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS18450.roa
Signing time:             Tue 19 Aug 2025 11:17:56 +0000
ROA not before:           Tue 19 Aug 2025 11:12:56 +0000
ROA not after:            Tue 18 Aug 2026 11:17:56 +0000
asID:                     18450
IP address blocks:        143.20.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 01:49:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:8b:30:11:7e:16:b5:20:aa:4a:39:b6:f7:b7:f8:55:0c:5b:22:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 19 11:12:56 2025 GMT
            Not After : Aug 18 11:17:56 2026 GMT
        Subject: CN=01E18C9675074F365897C4C8D1238B3BE40D40C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:69:74:66:1d:c3:7c:7e:a5:e0:92:af:93:58:
                    70:fc:6c:f3:0f:16:5e:e4:b6:40:43:3c:68:7c:47:
                    91:58:c0:f7:de:62:5d:35:1c:f0:4c:57:6a:e7:da:
                    86:2f:77:b8:8f:a0:b4:55:fe:54:b5:3c:e0:c5:7e:
                    6d:b2:56:2e:7a:ca:b8:2f:0d:43:af:cf:5b:77:74:
                    9c:b9:15:83:3b:90:51:1f:82:70:fb:9e:98:47:62:
                    28:9a:53:f0:2f:03:0d:ab:a7:da:35:7e:cc:87:b7:
                    7e:ed:dc:e4:7c:66:b5:26:ce:3f:de:71:5c:79:ad:
                    d6:69:fd:34:9b:4f:61:15:cb:68:e0:d4:ad:d4:39:
                    ca:78:84:a5:9c:c4:2d:67:56:ca:71:b4:39:0c:9c:
                    0a:9d:8a:c4:47:ca:23:b2:9e:f0:7a:75:31:cc:b0:
                    6d:6a:ec:49:fc:b2:11:82:23:15:98:e6:25:b5:9d:
                    f6:25:0f:8a:c1:b3:65:61:aa:f5:8c:bb:ad:ad:ed:
                    1b:6b:cb:02:52:88:c5:e4:65:62:fc:c0:9b:0d:60:
                    0a:dd:34:cb:f1:93:5f:4e:61:b6:8b:fe:69:18:4f:
                    16:1e:93:9e:2d:cf:12:81:0a:f2:3c:b5:cf:39:66:
                    41:04:3c:5b:14:22:e1:03:6e:96:98:d5:77:8a:28:
                    45:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:E1:8C:96:75:07:4F:36:58:97:C4:C8:D1:23:8B:3B:E4:0D:40:C8
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS18450.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:7d:85:eb:3c:e3:bc:91:48:f2:07:78:42:50:cf:ac:86:0e:
         08:87:c9:5e:d0:dd:45:7d:5f:e6:6f:c1:fe:e4:95:3b:f7:98:
         ce:2b:08:80:75:99:05:7b:cd:45:20:e1:ce:77:46:a4:1d:34:
         3d:40:49:df:ce:c0:f6:84:43:d3:57:db:06:21:8a:a5:f7:19:
         14:3f:d6:bf:b0:8a:50:2b:93:f1:24:41:fa:33:38:6d:58:47:
         74:ee:86:b1:99:78:e3:9c:71:50:29:fb:ed:a9:ec:3d:8f:6d:
         83:02:82:f8:f1:be:e4:48:c4:c4:b2:67:b6:fd:63:d6:ca:16:
         78:1f:c4:16:29:14:d7:20:3f:5a:af:7f:fa:20:d0:3d:73:8b:
         1d:46:e1:0b:17:ec:b0:ee:4d:36:05:53:d8:cb:ec:5d:c1:29:
         a2:e5:d5:f3:e6:a1:fe:7b:d1:bc:99:f8:44:5d:5c:05:30:0f:
         c3:4a:3c:3f:66:d2:d6:a3:b0:78:1a:ef:b2:18:34:38:d6:6d:
         fa:aa:0c:15:e1:a9:65:75:90:d9:50:e8:b2:91:99:aa:08:ee:
         bb:e6:3a:aa:4e:b6:86:5a:7f:d0:b6:99:66:da:f0:a8:ed:9f:
         b7:3c:87:5b:2d:36:dd:76:70:e7:4a:6b:72:bb:e3:f0:b8:3c:
         56:00:e0:ca
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIURoswEX4WtSCqSjm297f4VQxbIsswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MTkxMTEyNTZaFw0yNjA4MTgxMTE3NTZaMDMxMTAvBgNV
BAMTKDAxRTE4Qzk2NzUwNzRGMzY1ODk3QzRDOEQxMjM4QjNCRTQwRDQwQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5aXRmHcN8fqXgkq+TWHD8bPMP
Fl7ktkBDPGh8R5FYwPfeYl01HPBMV2rn2oYvd7iPoLRV/lS1PODFfm2yVi56yrgv
DUOvz1t3dJy5FYM7kFEfgnD7nphHYiiaU/AvAw2rp9o1fsyHt37t3OR8ZrUmzj/e
cVx5rdZp/TSbT2EVy2jg1K3UOcp4hKWcxC1nVspxtDkMnAqdisRHyiOynvB6dTHM
sG1q7En8shGCIxWY5iW1nfYlD4rBs2VhqvWMu62t7RtrywJSiMXkZWL8wJsNYArd
NMvxk19OYbaL/mkYTxYek54tzxKBCvI8tc85ZkEEPFsUIuEDbpaY1XeKKEU9AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUAeGMlnUHTzZYl8TI0SOLO+QNQMgwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTg0NTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFEkw
DQYJKoZIhvcNAQELBQADggEBAJN9hes847yRSPIHeEJQz6yGDgiHyV7Q3UV9X+Zv
wf7klTv3mM4rCIB1mQV7zUUg4c53RqQdND1ASd/OwPaEQ9NX2wYhiqX3GRQ/1r+w
ilArk/EkQfozOG1YR3TuhrGZeOOccVAp++2p7D2PbYMCgvjxvuRIxMSyZ7b9Y9bK
FngfxBYpFNcgP1qvf/og0D1zix1G4QsX7LDuTTYFU9jL7F3BKaLl1fPmof570byZ
+ERdXAUwD8NKPD9m0tajsHga77IYNDjWbfqqDBXhqWV1kNlQ6LKRmaoI7rvmOqpO
toZaf9C2mWba8Kjtn7c8h1stNt12cOdKa3K74/C4PFYA4Mo=
-----END CERTIFICATE-----