Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS174.roa
File:                     AS174.roa (raw, json)
Hash identifier:          v3vLa1+VY+yv1yP+L9Lr+23fWTNsw7fXX6dxWq0Tu2I=
Subject key identifier:   1B:BC:6E:56:9B:F8:D0:64:B1:D6:7E:74:6F:81:C6:8F:12:F6:10:C5
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3A585073FB627080C9BA7DF90A16A5163E813639
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS174.roa
Signing time:             Wed 01 Jul 2026 05:27:48 +0000
ROA not before:           Wed 01 Jul 2026 05:22:48 +0000
ROA not after:            Wed 30 Jun 2027 05:27:48 +0000
asID:                     174
IP address blocks:        179.61.197.0/24 maxlen: 24
                          181.41.202.0/24 maxlen: 24
                          181.41.206.0/24 maxlen: 24
                          181.214.93.0/24 maxlen: 24
                          181.214.153.0/24 maxlen: 24
                          181.214.173.0/24 maxlen: 24
                          181.215.182.0/24 maxlen: 24
                          191.96.36.0/24 maxlen: 24
                          191.96.106.0/24 maxlen: 24
                          191.96.150.0/24 maxlen: 24
                          191.96.168.0/24 maxlen: 24
                          191.96.185.0/24 maxlen: 24
                          191.96.227.0/24 maxlen: 24
                          191.96.255.0/24 maxlen: 24
                          191.101.31.0/24 maxlen: 24
                          191.101.61.0/24 maxlen: 24
                          191.101.157.0/24 maxlen: 24
                          191.101.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Jul 2026 07:32:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:58:50:73:fb:62:70:80:c9:ba:7d:f9:0a:16:a5:16:3e:81:36:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul  1 05:22:48 2026 GMT
            Not After : Jun 30 05:27:48 2027 GMT
        Subject: CN=1BBC6E569BF8D064B1D67E746F81C68F12F610C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:43:75:6d:9b:c3:bb:9f:78:27:11:de:35:13:
                    bb:10:e0:af:7c:84:b5:db:85:5c:84:b0:bf:d9:7e:
                    3f:9f:8d:95:6b:8d:c5:94:4d:19:8e:a9:8b:a2:08:
                    e5:8d:41:4b:d4:73:8a:8e:03:fa:fe:18:15:84:0b:
                    e3:88:c5:14:03:f8:b3:42:87:b1:7c:fb:b9:c4:3e:
                    16:72:64:6d:01:01:a6:2c:43:ae:81:67:d5:d9:dd:
                    1f:6c:b9:c1:56:06:f7:5d:ca:23:31:2c:fc:1b:ca:
                    69:6d:83:76:82:22:3d:1d:3d:ea:be:df:8b:de:f6:
                    4d:67:15:82:5f:e6:fa:a0:73:70:10:f1:09:d1:62:
                    e6:a1:4a:f1:0a:b9:07:4d:7b:23:aa:4c:bb:77:b7:
                    32:28:eb:85:06:8f:e2:23:a9:bf:40:b7:a5:ea:82:
                    f7:8a:7d:43:b3:b0:0c:b4:0e:33:64:c4:2a:78:91:
                    95:37:7e:29:d1:53:cd:45:54:4f:1a:be:78:11:42:
                    75:00:0f:44:7c:3c:cc:ff:5f:37:98:80:df:47:ae:
                    d0:5c:24:52:6d:ea:f5:e0:e6:1a:12:9a:11:ee:01:
                    7f:25:c8:95:3c:5f:a0:8f:4e:95:39:d3:34:d7:83:
                    c1:1f:f7:3c:5e:74:19:41:71:a2:e6:53:67:08:d0:
                    78:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:BC:6E:56:9B:F8:D0:64:B1:D6:7E:74:6F:81:C6:8F:12:F6:10:C5
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS174.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.197.0/24
                  181.41.202.0/24
                  181.41.206.0/24
                  181.214.93.0/24
                  181.214.153.0/24
                  181.214.173.0/24
                  181.215.182.0/24
                  191.96.36.0/24
                  191.96.106.0/24
                  191.96.150.0/24
                  191.96.168.0/24
                  191.96.185.0/24
                  191.96.227.0/24
                  191.96.255.0/24
                  191.101.31.0/24
                  191.101.61.0/24
                  191.101.157.0/24
                  191.101.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:34:72:b1:26:ef:eb:36:a1:60:76:04:0c:20:39:e3:8f:2c:
         82:79:0c:bb:b7:36:45:e2:51:0c:d9:92:84:0c:c2:2c:30:ba:
         3c:d1:90:25:82:af:cc:41:4a:6e:79:92:6d:62:0b:76:02:3d:
         1b:b7:9a:a6:07:5a:21:fd:7f:e8:4e:c5:aa:93:a9:41:af:bb:
         24:96:b6:3d:95:68:2c:7d:f3:68:b8:1c:ee:c6:a1:c0:34:ae:
         4e:ca:ff:2b:d3:9a:b9:58:b5:1b:85:45:d5:e8:62:09:38:2b:
         c3:fe:1a:5e:50:7e:27:41:4c:7d:6f:40:a5:d2:de:c5:56:e2:
         e8:b3:13:3f:34:6d:22:6f:40:89:09:d2:ca:3f:7b:22:56:a1:
         2f:4a:70:78:12:22:9f:c5:b3:f9:96:6a:e2:e4:7b:3a:2a:3f:
         67:01:d3:ec:24:5a:7d:2a:ca:90:88:a0:0c:cd:98:e1:19:6a:
         ba:3a:c3:fe:83:57:9e:42:94:73:fb:27:90:5b:83:8b:49:e0:
         c2:a1:3d:f6:39:8d:38:ba:2a:83:d0:d3:1b:8a:3d:d2:cc:e3:
         f1:97:1f:eb:bb:9d:cc:2f:89:6b:24:19:06:21:27:69:ba:a0:
         d9:84:95:78:c4:3e:06:b5:ae:04:5d:86:43:33:ee:14:60:dc:
         69:bc:e9:0e
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgIUOlhQc/ticIDJun35ChalFj6BNjkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA3MDEwNTIyNDhaFw0yNzA2MzAwNTI3NDhaMDMxMTAvBgNV
BAMTKDFCQkM2RTU2OUJGOEQwNjRCMUQ2N0U3NDZGODFDNjhGMTJGNjEwQzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLQ3Vtm8O7n3gnEd41E7sQ4K98
hLXbhVyEsL/Zfj+fjZVrjcWUTRmOqYuiCOWNQUvUc4qOA/r+GBWEC+OIxRQD+LNC
h7F8+7nEPhZyZG0BAaYsQ66BZ9XZ3R9sucFWBvddyiMxLPwbymltg3aCIj0dPeq+
34ve9k1nFYJf5vqgc3AQ8QnRYuahSvEKuQdNeyOqTLt3tzIo64UGj+Ijqb9At6Xq
gveKfUOzsAy0DjNkxCp4kZU3finRU81FVE8avngRQnUAD0R8PMz/XzeYgN9HrtBc
JFJt6vXg5hoSmhHuAX8lyJU8X6CPTpU50zTXg8Ef9zxedBlBcaLmU2cI0HidAgMB
AAGjggJuMIICajAdBgNVHQ4EFgQUG7xuVpv40GSx1n50b4HGjxL2EMUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTc0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwcgQCAAEwbAMEALM9xQME
ALUpygMEALUpzgMEALXWXQMEALXWmQMEALXWrQMEALXXtgMEAL9gJAMEAL9gagME
AL9glgMEAL9gqAMEAL9guQMEAL9g4wMEAL9g/wMEAL9lHwMEAL9lPQMEAL9lnQME
AL9l2TANBgkqhkiG9w0BAQsFAAOCAQEAezRysSbv6zahYHYEDCA5448sgnkMu7c2
ReJRDNmShAzCLDC6PNGQJYKvzEFKbnmSbWILdgI9G7eapgdaIf1/6E7FqpOpQa+7
JJa2PZVoLH3zaLgc7sahwDSuTsr/K9OauVi1G4VF1ehiCTgrw/4aXlB+J0FMfW9A
pdLexVbi6LMTPzRtIm9AiQnSyj97IlahL0pweBIin8Wz+ZZq4uR7Oio/ZwHT7CRa
fSrKkIigDM2Y4RlqujrD/oNXnkKUc/snkFuDi0ngwqE99jmNOLoqg9DTG4o90szj
8Zcf67udzC+JayQZBiEnabqg2YSVeMQ+BrWuBF2GQzPuFGDcabzpDg==
-----END CERTIFICATE-----
Generated at Sun Jul 19 16:38:20 2026 by rpki-client