Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS174.roa
File:                     AS174.roa (raw, json)
Hash identifier:          bCSX+sCTrnrAWiyuLkPaSLn1+pug/7Wd3HaVcp3VJ/c=
Subject key identifier:   91:C2:EB:44:9B:C4:9E:44:67:C4:D3:00:EA:56:B6:5B:F8:46:61:B8
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       39470FF6F9A8FAEDCB31677A8A8F58E8C66E2903
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS174.roa
Signing time:             Mon 29 Sep 2025 08:11:22 +0000
ROA not before:           Mon 29 Sep 2025 08:06:22 +0000
ROA not after:            Mon 28 Sep 2026 08:11:22 +0000
asID:                     174
IP address blocks:        143.20.108.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Oct 2025 14:36:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:47:0f:f6:f9:a8:fa:ed:cb:31:67:7a:8a:8f:58:e8:c6:6e:29:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 29 08:06:22 2025 GMT
            Not After : Sep 28 08:11:22 2026 GMT
        Subject: CN=91C2EB449BC49E4467C4D300EA56B65BF84661B8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:36:8d:98:8c:76:c7:82:50:54:ff:3f:b2:96:
                    b4:1d:f9:4e:41:48:cd:86:8d:b1:ad:a4:51:8b:80:
                    fe:fa:91:40:1b:f3:21:3c:27:26:d2:a9:4c:5b:5f:
                    0d:bd:05:fd:a5:db:03:f9:5c:8c:b0:56:38:44:b9:
                    9e:ef:e9:c6:5b:ff:26:e3:50:b9:47:88:be:31:3a:
                    79:bd:f8:b7:ae:62:f0:eb:11:86:40:f9:f3:ba:a1:
                    6f:3f:c9:a3:9c:fa:18:80:b4:41:ea:98:7c:59:c6:
                    7a:57:7b:1e:42:44:c7:6c:ec:11:b9:7a:8f:fd:2f:
                    b5:7b:51:08:fb:ef:b4:e2:10:e4:74:c2:f0:b0:16:
                    f1:79:33:2c:6a:6f:0a:c6:6d:cd:35:2d:2f:1f:62:
                    37:ec:71:f8:18:b1:29:b1:62:ea:06:b3:fa:ea:4d:
                    7f:a6:22:f2:17:fc:38:60:c8:31:49:72:8d:32:e9:
                    e6:a1:59:7f:21:97:79:59:f7:ff:32:63:42:63:05:
                    6e:da:8d:3e:73:6a:c5:8f:ef:a3:59:90:34:2d:3e:
                    ff:2b:99:66:c3:74:14:f7:47:df:14:13:3b:4d:6b:
                    77:0d:f2:44:11:e9:03:8a:08:49:90:7d:5f:e7:90:
                    b5:3d:c4:7a:10:ec:dd:7e:34:2f:ab:46:22:4e:46:
                    a7:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C2:EB:44:9B:C4:9E:44:67:C4:D3:00:EA:56:B6:5B:F8:46:61:B8
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS174.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:6b:c6:d9:45:85:b1:8b:f9:a0:8f:8d:a3:f2:5b:83:68:66:
         4a:53:58:f9:0e:b3:e8:bd:7a:49:f2:6d:90:8c:93:98:aa:1e:
         b0:8a:f6:db:d2:a8:96:30:88:b4:b0:11:b5:8b:c5:0c:25:f3:
         59:94:5a:cf:c2:da:e9:ff:54:47:01:ea:b1:33:4c:20:48:dc:
         a9:e6:ff:50:3a:00:eb:27:0c:b7:7f:71:43:16:05:28:16:71:
         d3:b2:61:55:3c:40:df:59:b5:55:0d:61:08:e2:2c:2d:f0:34:
         46:1b:2d:34:e0:3b:0d:6d:6a:d1:1c:11:9c:75:c0:bf:70:d2:
         78:a1:67:1d:47:d5:7e:a0:46:43:27:8b:19:45:5a:39:27:4a:
         76:5d:27:b3:5a:0d:8b:8b:4f:7d:be:86:e3:66:7b:af:64:73:
         f2:7b:50:5e:e2:46:83:e0:08:8f:75:52:e0:f4:b0:74:a8:44:
         67:f2:9d:f9:93:a4:e1:14:30:56:cc:05:5f:62:f8:a1:2e:2c:
         b6:d8:99:34:a9:ef:44:ea:07:68:c5:81:bb:4e:e8:d4:6b:c4:
         58:81:9e:40:13:b2:4d:b1:c7:8d:d3:1c:70:97:96:c2:0c:68:
         8f:66:77:e7:b2:39:17:15:8e:a4:ec:47:02:0f:9d:a7:ff:09:
         eb:be:6c:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUOUcP9vmo+u3LMWd6io9Y6MZuKQMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MjkwODA2MjJaFw0yNjA5MjgwODExMjJaMDMxMTAvBgNV
BAMTKDkxQzJFQjQ0OUJDNDlFNDQ2N0M0RDMwMEVBNTZCNjVCRjg0NjYxQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYNo2YjHbHglBU/z+ylrQd+U5B
SM2GjbGtpFGLgP76kUAb8yE8JybSqUxbXw29Bf2l2wP5XIywVjhEuZ7v6cZb/ybj
ULlHiL4xOnm9+LeuYvDrEYZA+fO6oW8/yaOc+hiAtEHqmHxZxnpXex5CRMds7BG5
eo/9L7V7UQj777TiEOR0wvCwFvF5MyxqbwrGbc01LS8fYjfscfgYsSmxYuoGs/rq
TX+mIvIX/DhgyDFJco0y6eahWX8hl3lZ9/8yY0JjBW7ajT5zasWP76NZkDQtPv8r
mWbDdBT3R98UEztNa3cN8kQR6QOKCEmQfV/nkLU9xHoQ7N1+NC+rRiJORqfBAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUkcLrRJvEnkRnxNMA6la2W/hGYbgwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTc0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjxRsMA0G
CSqGSIb3DQEBCwUAA4IBAQBQa8bZRYWxi/mgj42j8luDaGZKU1j5DrPovXpJ8m2Q
jJOYqh6wivbb0qiWMIi0sBG1i8UMJfNZlFrPwtrp/1RHAeqxM0wgSNyp5v9QOgDr
Jwy3f3FDFgUoFnHTsmFVPEDfWbVVDWEI4iwt8DRGGy004DsNbWrRHBGcdcC/cNJ4
oWcdR9V+oEZDJ4sZRVo5J0p2XSezWg2Li099vobjZnuvZHPye1Be4kaD4AiPdVLg
9LB0qERn8p35k6ThFDBWzAVfYvihLiy22Jk0qe9E6gdoxYG7TujUa8RYgZ5AE7JN
sceN0xxwl5bCDGiPZnfnsjkXFY6k7EcCD52n/wnrvmzr
-----END CERTIFICATE-----