Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS174.roa
File:                     AS174.roa (raw, json)
Hash identifier:          8e1NDbNK1WCje+SFQyTHiDTEOPiHKSWE8MH2yOuEEto=
Subject key identifier:   99:85:64:86:66:D1:11:A3:20:6F:B1:C2:1B:F5:BB:4D:86:7A:6E:E1
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3BD8E5E8E2E4495CDDC5DCB39B6DF911FD946B44
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS174.roa
Signing time:             Sun 16 Nov 2025 00:17:25 +0000
ROA not before:           Sun 16 Nov 2025 00:12:25 +0000
ROA not after:            Sun 15 Nov 2026 00:17:25 +0000
asID:                     174
IP address blocks:        82.27.133.0/24 maxlen: 24
                          82.27.134.0/24 maxlen: 24
                          82.27.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Nov 2025 00:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:d8:e5:e8:e2:e4:49:5c:dd:c5:dc:b3:9b:6d:f9:11:fd:94:6b:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Nov 16 00:12:25 2025 GMT
            Not After : Nov 15 00:17:25 2026 GMT
        Subject: CN=9985648666D111A3206FB1C21BF5BB4D867A6EE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d9:78:a4:7d:e1:5e:c7:21:a0:43:93:57:0c:
                    a2:cf:cb:d9:6a:ec:7e:99:48:1b:71:2b:8c:bd:77:
                    e0:5a:c3:6f:34:8e:57:f4:f8:2b:0a:d2:ec:e4:c2:
                    b7:bd:7f:f1:86:22:35:3f:24:d6:1c:e9:2c:66:14:
                    b0:3a:25:5d:9a:1c:cc:66:27:2d:04:9d:21:6d:79:
                    e6:52:2f:53:8d:c1:05:0a:1d:ee:a9:c6:fd:1b:d5:
                    62:c7:6d:f2:dd:0e:5a:b6:a6:a7:67:be:62:1d:c8:
                    2b:f5:3a:98:2f:50:f8:3a:7a:f0:1a:56:af:e9:73:
                    de:da:bf:10:f3:e0:7f:93:46:6c:e7:42:e4:23:64:
                    76:3b:e3:a4:49:76:7f:e5:a8:0d:9a:76:5b:47:b0:
                    b4:d7:ec:8d:e7:44:f2:57:f2:af:28:6a:14:3a:8a:
                    52:21:b1:a5:eb:02:d6:b3:59:a1:cb:fc:5d:3b:a8:
                    e7:76:6f:7b:e1:28:c8:88:53:e6:55:e6:8a:a4:f9:
                    f2:16:67:b5:2e:e1:11:ad:15:2b:c6:b8:4a:57:7c:
                    45:6e:da:4a:62:5c:fa:68:be:2b:d6:cd:3d:e6:88:
                    33:5c:e5:38:3b:3c:8b:2f:0e:67:40:6a:5d:0a:c8:
                    f4:ae:72:15:29:51:46:70:0a:5f:b9:c1:fa:1f:60:
                    5e:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:85:64:86:66:D1:11:A3:20:6F:B1:C2:1B:F5:BB:4D:86:7A:6E:E1
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS174.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.27.133.0-82.27.135.255

    Signature Algorithm: sha256WithRSAEncryption
         23:bf:a0:9b:27:ce:26:64:ce:47:33:20:c0:63:95:91:a5:cf:
         dc:41:09:dd:21:a9:12:51:61:2e:d2:e8:a7:d1:cd:8e:8d:ee:
         41:81:3d:74:5f:c7:71:9a:39:a9:55:c8:84:aa:9f:0b:3c:c4:
         fd:81:d5:cf:8e:58:0f:20:91:f0:9b:77:e1:5a:c7:1b:41:33:
         b3:bd:b4:dd:47:74:8f:fd:6f:ef:27:e7:25:30:74:68:92:8a:
         c3:ec:44:e4:1f:29:69:ec:53:fb:5a:55:4a:40:38:3e:e4:ee:
         7e:dd:f0:9a:0a:a5:6f:40:d8:6f:1a:ea:14:62:c3:43:8a:c8:
         12:f3:01:b2:cf:9e:ec:4c:cd:f7:87:b5:f2:55:f2:f5:d2:dc:
         c8:95:5c:f1:99:79:04:24:79:e8:9c:76:ba:20:b1:24:3c:ee:
         dd:81:a7:0c:b4:78:4a:df:3b:a4:4d:50:13:b8:2b:32:15:d2:
         40:61:e0:66:c9:ea:67:52:2f:d2:52:74:72:62:cb:90:dc:cd:
         4b:72:ab:8d:ea:c5:56:ef:8d:48:98:80:78:6c:c7:85:ed:9c:
         a5:ab:40:67:d5:3b:5a:d1:4d:a8:72:81:c0:6a:04:65:e2:25:
         8e:3b:e9:15:36:c4:e4:de:cb:9c:85:4f:81:3e:13:50:00:c9:
         58:93:79:56
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUO9jl6OLkSVzdxdyzm235Ef2Ua0QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTExMTYwMDEyMjVaFw0yNjExMTUwMDE3MjVaMDMxMTAvBgNV
BAMTKDk5ODU2NDg2NjZEMTExQTMyMDZGQjFDMjFCRjVCQjREODY3QTZFRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs2XikfeFexyGgQ5NXDKLPy9lq
7H6ZSBtxK4y9d+Baw280jlf0+CsK0uzkwre9f/GGIjU/JNYc6SxmFLA6JV2aHMxm
Jy0EnSFteeZSL1ONwQUKHe6pxv0b1WLHbfLdDlq2pqdnvmIdyCv1OpgvUPg6evAa
Vq/pc97avxDz4H+TRmznQuQjZHY746RJdn/lqA2adltHsLTX7I3nRPJX8q8oahQ6
ilIhsaXrAtazWaHL/F07qOd2b3vhKMiIU+ZV5oqk+fIWZ7Uu4RGtFSvGuEpXfEVu
2kpiXPpovivWzT3miDNc5Tg7PIsvDmdAal0KyPSuchUpUUZwCl+5wfofYF4fAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUmYVkhmbREaMgb7HCG/W7TYZ6buEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTc0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABSG4UD
BANSG4AwDQYJKoZIhvcNAQELBQADggEBACO/oJsnziZkzkczIMBjlZGlz9xBCd0h
qRJRYS7S6KfRzY6N7kGBPXRfx3GaOalVyISqnws8xP2B1c+OWA8gkfCbd+FaxxtB
M7O9tN1HdI/9b+8n5yUwdGiSisPsROQfKWnsU/taVUpAOD7k7n7d8JoKpW9A2G8a
6hRiw0OKyBLzAbLPnuxMzfeHtfJV8vXS3MiVXPGZeQQkeeicdrogsSQ87t2Bpwy0
eErfO6RNUBO4KzIV0kBh4GbJ6mdSL9JSdHJiy5DczUtyq43qxVbvjUiYgHhsx4Xt
nKWrQGfVO1rRTahygcBqBGXiJY476RU2xOTey5yFT4E+E1AAyViTeVY=
-----END CERTIFICATE-----