Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS174.roa
File:                     AS174.roa (raw, json)
Hash identifier:          FOOJFtJ/Puq3XqfsQb011Y3VEhy2iGJYFjnr+CaLyQk=
Subject key identifier:   8F:98:D1:E8:1B:E1:DE:EF:4A:B5:3F:F8:BC:74:09:C7:FA:C0:D2:A0
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       29A076FC0869BDB596830EFDD784C1946614284B
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS174.roa
Signing time:             Wed 02 Jul 2025 08:05:36 +0000
ROA not before:           Wed 02 Jul 2025 08:00:36 +0000
ROA not after:            Wed 01 Jul 2026 08:05:36 +0000
asID:                     174
IP address blocks:        2a14:7584:f000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:a0:76:fc:08:69:bd:b5:96:83:0e:fd:d7:84:c1:94:66:14:28:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jul  2 08:00:36 2025 GMT
            Not After : Jul  1 08:05:36 2026 GMT
        Subject: CN=8F98D1E81BE1DEEF4AB53FF8BC7409C7FAC0D2A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:48:ca:51:b0:04:30:78:fc:46:76:29:ec:3e:
                    c5:10:95:73:ae:f2:06:48:c1:bd:53:85:92:23:ee:
                    a8:3b:d0:f9:77:38:10:08:01:be:91:e3:5d:ab:86:
                    d2:45:94:22:95:00:9d:c1:72:7b:99:c6:db:42:e3:
                    dc:f6:2a:11:b5:5d:d2:d7:8b:8b:84:b4:5a:d8:36:
                    60:c2:d8:ab:a1:13:41:d4:84:f5:e2:f9:05:20:47:
                    bd:5e:d6:9c:06:50:58:2d:eb:cf:50:ae:04:f0:3b:
                    e9:eb:0f:cb:62:70:12:3e:92:fa:af:7f:ec:23:e2:
                    6b:12:eb:63:02:5d:9c:b4:a0:06:a4:a2:ec:2b:2b:
                    2a:fd:8f:6b:66:81:5c:43:d9:39:09:df:c3:27:2d:
                    37:57:b5:bd:63:58:42:78:8b:cf:9d:ea:23:00:0b:
                    85:2b:da:39:2a:60:c8:a7:76:16:84:9c:06:33:b4:
                    b1:b9:ca:de:0a:15:53:df:c8:65:71:f3:36:66:1b:
                    af:24:eb:77:d1:86:db:cd:b7:b6:62:cd:c5:fb:b2:
                    ed:68:18:5a:e3:d9:e6:8d:15:18:22:6d:f5:b6:17:
                    01:51:65:dd:75:c4:31:74:0d:45:72:30:77:ea:12:
                    af:15:07:4a:95:d9:fd:7a:e7:84:ca:06:3b:de:b1:
                    39:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:98:D1:E8:1B:E1:DE:EF:4A:B5:3F:F8:BC:74:09:C7:FA:C0:D2:A0
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS174.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7584:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         88:09:18:a8:37:92:01:26:e8:fc:d4:18:63:8a:35:78:2c:56:
         b2:ea:5d:c4:99:4d:d3:13:4a:fd:de:58:bb:88:8f:f0:50:b8:
         85:3f:e5:b9:4a:28:64:14:fb:c5:0a:f8:3c:da:63:2c:e0:63:
         1f:28:ba:28:c6:ae:d3:42:2c:40:50:69:94:e1:49:26:b4:ef:
         92:1d:db:b1:cb:2d:e3:76:8d:fe:e4:e0:6d:d5:72:2f:ee:5b:
         59:8c:e8:0d:5a:5a:5b:7f:44:d6:1b:74:a0:81:53:28:8c:33:
         e9:2c:ac:a4:22:f5:26:46:3b:b6:d8:df:f2:21:b0:c0:f8:1e:
         68:4a:5a:d3:7b:aa:f3:c5:72:f6:00:16:05:a5:d3:27:af:93:
         99:29:94:9b:09:f0:d6:70:81:2b:0a:c1:46:59:f6:3d:bc:4d:
         09:0a:bb:14:50:5e:2b:68:9a:b2:39:2a:4d:d4:35:a3:21:1d:
         eb:88:6c:0e:d6:80:05:aa:c1:ad:61:25:42:4a:7f:40:69:b6:
         39:c6:64:43:55:79:7c:d2:48:ba:68:07:dd:3a:cd:62:8c:c1:
         b3:3c:42:fb:64:06:7e:ac:33:46:45:b6:21:c8:40:cb:3c:0c:
         e3:0e:80:b4:30:47:93:79:b2:79:db:0a:ae:6f:54:48:b5:ac:
         f2:0a:2b:63
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUKaB2/AhpvbWWgw7914TBlGYUKEswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA3MDIwODAwMzZaFw0yNjA3MDEwODA1MzZaMDMxMTAvBgNV
BAMTKDhGOThEMUU4MUJFMURFRUY0QUI1M0ZGOEJDNzQwOUM3RkFDMEQyQTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXSMpRsAQwePxGdinsPsUQlXOu
8gZIwb1ThZIj7qg70Pl3OBAIAb6R412rhtJFlCKVAJ3BcnuZxttC49z2KhG1XdLX
i4uEtFrYNmDC2KuhE0HUhPXi+QUgR71e1pwGUFgt689QrgTwO+nrD8ticBI+kvqv
f+wj4msS62MCXZy0oAakouwrKyr9j2tmgVxD2TkJ38MnLTdXtb1jWEJ4i8+d6iMA
C4Ur2jkqYMindhaEnAYztLG5yt4KFVPfyGVx8zZmG68k63fRhtvNt7ZizcX7su1o
GFrj2eaNFRgibfW2FwFRZd11xDF0DUVyMHfqEq8VB0qV2f1654TKBjvesTkzAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUj5jR6Bvh3u9KtT/4vHQJx/rA0qAwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMTc0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhR1hPAw
DQYJKoZIhvcNAQELBQADggEBAIgJGKg3kgEm6PzUGGOKNXgsVrLqXcSZTdMTSv3e
WLuIj/BQuIU/5blKKGQU+8UK+DzaYyzgYx8ouijGrtNCLEBQaZThSSa075Id27HL
LeN2jf7k4G3Vci/uW1mM6A1aWlt/RNYbdKCBUyiMM+ksrKQi9SZGO7bY3/IhsMD4
HmhKWtN7qvPFcvYAFgWl0yevk5kplJsJ8NZwgSsKwUZZ9j28TQkKuxRQXitomrI5
Kk3UNaMhHeuIbA7WgAWqwa1hJUJKf0BptjnGZENVeXzSSLpoB906zWKMwbM8Qvtk
Bn6sM0ZFtiHIQMs8DOMOgLQwR5N5snnbCq5vVEi1rPIKK2M=
-----END CERTIFICATE-----