Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS174.roa
File:                     AS174.roa (raw, json)
Hash identifier:          02F/g2rrzo1+vBHgD9GbuMspF+JQJSdEugM7J8ynT9c=
Subject key identifier:   CB:61:11:1A:20:05:40:AF:C5:82:45:4A:0B:86:04:6A:E8:D5:3C:1C
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4627570399FC69DB9176FE2FA7AD943C3970E157
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS174.roa
Signing time:             Tue 14 Jan 2025 16:32:38 +0000
ROA not before:           Tue 14 Jan 2025 16:27:38 +0000
ROA not after:            Tue 13 Jan 2026 16:32:38 +0000
asID:                     174
IP address blocks:        82.29.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:27:57:03:99:fc:69:db:91:76:fe:2f:a7:ad:94:3c:39:70:e1:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 14 16:27:38 2025 GMT
            Not After : Jan 13 16:32:38 2026 GMT
        Subject: CN=CB61111A200540AFC582454A0B86046AE8D53C1C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:75:82:ba:d4:6a:a4:9c:60:c2:ec:19:72:80:
                    b7:49:b9:7b:04:9b:55:31:3c:d0:dc:c3:18:09:c1:
                    fe:e7:93:c8:e5:5b:65:05:e3:42:2a:6f:b4:83:24:
                    06:4a:ea:40:32:4b:6f:e8:cf:e5:a2:15:76:81:0b:
                    af:fb:47:dd:4a:46:a5:a5:45:96:ca:08:ce:53:86:
                    9e:09:dc:ce:5f:69:39:5b:12:2c:22:d5:fd:e9:2b:
                    3e:50:a1:7c:63:10:69:ec:f3:8f:f1:71:ae:29:6b:
                    de:97:b7:02:2f:25:bf:8a:07:f0:dc:1c:a7:0e:65:
                    02:6e:35:d0:6d:49:cd:f6:1c:cc:9b:75:dc:4d:31:
                    53:cd:f2:e1:c2:52:f2:5b:60:1b:57:f8:3d:c7:38:
                    a4:31:a0:d5:55:c2:2d:97:f3:16:ce:1f:b2:89:42:
                    77:04:17:46:ef:22:81:90:71:56:af:c9:1b:d7:d7:
                    2f:40:5a:8e:60:d1:df:d9:f6:91:96:71:a8:4b:f1:
                    b6:28:15:37:92:bf:61:a9:a9:34:4f:90:c0:e7:10:
                    67:b9:98:28:1e:82:f4:f3:dd:d5:9c:0d:1f:af:72:
                    c2:1e:3d:04:c5:23:16:8d:77:17:3a:93:55:56:a3:
                    84:d4:69:10:66:11:de:25:ed:db:3a:a6:a2:ab:db:
                    e5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:61:11:1A:20:05:40:AF:C5:82:45:4A:0B:86:04:6A:E8:D5:3C:1C
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS174.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:37:6c:b0:8a:dd:ff:12:11:0a:2b:05:21:79:ad:60:c0:ce:
         fb:35:09:ec:98:33:9e:a5:83:3b:d9:0c:a4:15:7e:b2:ae:d4:
         e9:f0:e8:78:f6:dd:4d:2d:7a:3d:e5:53:ab:7e:ff:2e:c9:31:
         38:95:9b:b8:c0:27:ab:f0:18:02:9d:d9:13:a7:8d:c4:1b:f3:
         32:cc:77:09:0e:0f:e5:df:dd:b8:91:97:20:05:5b:c3:34:a8:
         ec:ac:4a:0f:4d:ed:72:d1:97:15:05:d2:76:37:2b:9d:00:25:
         0a:bd:a7:33:85:0b:f4:fd:ea:84:0a:bf:1a:0e:7c:ab:27:10:
         d8:d3:b0:3f:34:30:f0:dd:da:07:d5:a5:be:7c:b8:97:d3:1b:
         bf:14:f8:0e:13:04:c6:b3:1d:54:43:0e:ef:13:bc:5b:1e:bc:
         37:ab:33:cd:d7:05:38:3c:0e:e3:c6:25:94:27:39:29:46:3c:
         bb:1e:64:05:9e:97:c6:60:74:4f:32:a7:6f:e1:84:ef:6b:8b:
         43:4b:27:bc:e7:1f:a8:7f:9a:a5:02:f9:48:39:22:58:50:ee:
         1d:4f:e2:9a:44:e2:10:88:59:2e:84:9c:14:ae:b2:24:e7:93:
         0f:23:69:44:58:2c:2b:52:36:11:78:19:32:88:0f:05:10:a0:
         b3:95:6a:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIURidXA5n8aduRdv4vp62UPDlw4VcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMTQxNjI3MzhaFw0yNjAxMTMxNjMyMzhaMDMxMTAvBgNV
BAMTKENCNjExMTFBMjAwNTQwQUZDNTgyNDU0QTBCODYwNDZBRThENTNDMUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGdYK61GqknGDC7BlygLdJuXsE
m1UxPNDcwxgJwf7nk8jlW2UF40Iqb7SDJAZK6kAyS2/oz+WiFXaBC6/7R91KRqWl
RZbKCM5Thp4J3M5faTlbEiwi1f3pKz5QoXxjEGns84/xca4pa96XtwIvJb+KB/Dc
HKcOZQJuNdBtSc32HMybddxNMVPN8uHCUvJbYBtX+D3HOKQxoNVVwi2X8xbOH7KJ
QncEF0bvIoGQcVavyRvX1y9AWo5g0d/Z9pGWcahL8bYoFTeSv2GpqTRPkMDnEGe5
mCgegvTz3dWcDR+vcsIePQTFIxaNdxc6k1VWo4TUaRBmEd4l7ds6pqKr2+VXAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUy2ERGiAFQK/FgkVKC4YEaujVPBwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTc0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUh0oMA0G
CSqGSIb3DQEBCwUAA4IBAQA7N2ywit3/EhEKKwUhea1gwM77NQnsmDOepYM72Qyk
FX6yrtTp8Oh49t1NLXo95VOrfv8uyTE4lZu4wCer8BgCndkTp43EG/MyzHcJDg/l
3924kZcgBVvDNKjsrEoPTe1y0ZcVBdJ2NyudACUKvaczhQv0/eqECr8aDnyrJxDY
07A/NDDw3doH1aW+fLiX0xu/FPgOEwTGsx1UQw7vE7xbHrw3qzPN1wU4PA7jxiWU
JzkpRjy7HmQFnpfGYHRPMqdv4YTva4tDSye85x+of5qlAvlIOSJYUO4dT+KaROIQ
iFkuhJwUrrIk55MPI2lEWCwrUjYReBkyiA8FEKCzlWrX
-----END CERTIFICATE-----