Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS174.roa
File:                     AS174.roa (raw, json)
Hash identifier:          o5r2GBeXdTHk91Itq0uAJ+fnsmUX2FSAGMFJqi74KsU=
Subject key identifier:   A7:F1:C6:2F:E3:F8:59:75:CE:7A:24:72:50:6D:A3:23:F6:BD:8D:D4
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7EE37ACFFE4CE2A4002F497904264C584393F8E9
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS174.roa
Signing time:             Wed 27 Nov 2024 09:50:02 +0000
ROA not before:           Wed 27 Nov 2024 09:45:02 +0000
ROA not after:            Wed 26 Nov 2025 09:50:02 +0000
asID:                     174
IP address blocks:        45.157.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:e3:7a:cf:fe:4c:e2:a4:00:2f:49:79:04:26:4c:58:43:93:f8:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 27 09:45:02 2024 GMT
            Not After : Nov 26 09:50:02 2025 GMT
        Subject: CN=A7F1C62FE3F85975CE7A2472506DA323F6BD8DD4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:73:6c:93:c3:b9:39:ae:df:95:50:81:75:9b:
                    ff:21:f2:9f:9e:5b:6b:50:d4:b6:7f:e8:b5:5c:06:
                    38:2a:d2:b0:9e:65:07:39:b2:49:5e:7e:1c:7b:2d:
                    3d:26:46:59:31:2c:1b:07:d9:43:bc:1b:ae:a8:b3:
                    cb:27:a6:19:59:d0:ff:ca:3f:18:9b:00:ca:1d:23:
                    1a:d7:ca:63:d2:76:c4:d8:15:0a:9c:7a:1b:39:d4:
                    4e:27:a3:ed:55:34:56:2b:8b:a8:1e:6e:04:71:22:
                    a7:67:d7:91:c4:2a:02:5f:f8:e6:be:81:97:34:ce:
                    a4:6f:94:8c:68:e3:6e:c6:18:6b:39:ce:c4:39:cd:
                    2f:fa:b9:69:66:36:2e:26:ef:26:57:1b:62:30:a4:
                    43:68:bc:82:19:50:0b:4b:70:92:ce:1a:e2:84:76:
                    69:5b:3c:66:c6:89:fb:d6:cf:cb:86:8c:92:cf:84:
                    36:2b:6c:17:5b:dd:d5:fb:1a:ce:4e:5a:62:d7:84:
                    16:a0:47:2c:40:f6:5f:77:09:58:5d:a4:d6:e4:ea:
                    e6:81:12:29:08:7d:7b:2a:5d:c0:26:e3:f5:64:8d:
                    88:5e:20:14:d7:e5:79:01:d7:2b:1d:0f:bc:a1:11:
                    f7:bc:e1:02:d0:c5:df:45:30:46:0b:dd:0d:7d:06:
                    7a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:F1:C6:2F:E3:F8:59:75:CE:7A:24:72:50:6D:A3:23:F6:BD:8D:D4
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS174.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:bc:60:c0:eb:5c:0c:9e:0a:58:2d:87:6d:05:ef:e0:28:51:
         81:78:a7:82:4c:44:6f:7b:0f:3a:d4:90:68:f9:02:bd:69:3e:
         f3:fa:f4:b5:3a:3d:db:f4:c1:82:42:f4:ae:94:66:cd:5b:5b:
         9d:45:ff:12:42:9a:dd:10:27:b4:f8:06:41:cc:25:a5:24:21:
         a6:f7:e9:85:f6:33:ae:3a:c7:32:a2:46:1e:a7:e2:52:13:bc:
         b0:20:22:a9:92:7e:7f:10:12:9b:16:82:ec:71:b9:b5:5f:b1:
         73:80:c5:32:2b:5d:3b:28:1e:f2:9c:72:e2:ed:87:54:4b:24:
         a4:5e:7b:4d:58:e3:99:68:c8:1d:a8:aa:99:0b:f8:df:30:12:
         18:67:a7:cd:6c:6b:8c:64:98:be:73:7b:a6:6d:9c:08:a3:8f:
         a8:a7:e7:6f:1a:cc:96:8f:b2:06:67:39:68:80:6f:64:32:fe:
         04:d0:a7:3c:a0:81:f4:65:de:17:c0:de:e4:75:3b:81:59:d6:
         eb:f4:d3:66:ab:e2:9a:ce:a6:b6:50:01:a6:11:27:6a:7d:c9:
         7d:73:27:b1:fd:b9:87:61:80:72:a2:2e:0d:bf:d5:b8:71:a8:
         42:be:70:03:16:76:c3:e8:6c:da:5e:4c:0a:55:68:15:6c:fc:
         bf:d8:27:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUfuN6z/5M4qQAL0l5BCZMWEOT+OkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDExMjcwOTQ1MDJaFw0yNTExMjYwOTUwMDJaMDMxMTAvBgNV
BAMTKEE3RjFDNjJGRTNGODU5NzVDRTdBMjQ3MjUwNkRBMzIzRjZCRDhERDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXc2yTw7k5rt+VUIF1m/8h8p+e
W2tQ1LZ/6LVcBjgq0rCeZQc5sklefhx7LT0mRlkxLBsH2UO8G66os8snphlZ0P/K
PxibAModIxrXymPSdsTYFQqcehs51E4no+1VNFYri6gebgRxIqdn15HEKgJf+Oa+
gZc0zqRvlIxo427GGGs5zsQ5zS/6uWlmNi4m7yZXG2IwpENovIIZUAtLcJLOGuKE
dmlbPGbGifvWz8uGjJLPhDYrbBdb3dX7Gs5OWmLXhBagRyxA9l93CVhdpNbk6uaB
EikIfXsqXcAm4/VkjYheIBTX5XkB1ysdD7yhEfe84QLQxd9FMEYL3Q19Bno9AgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUp/HGL+P4WXXOeiRyUG2jI/a9jdQwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTc0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ0TMA0G
CSqGSIb3DQEBCwUAA4IBAQBfvGDA61wMngpYLYdtBe/gKFGBeKeCTERvew861JBo
+QK9aT7z+vS1Oj3b9MGCQvSulGbNW1udRf8SQprdECe0+AZBzCWlJCGm9+mF9jOu
OscyokYep+JSE7ywICKpkn5/EBKbFoLscbm1X7FzgMUyK107KB7ynHLi7YdUSySk
XntNWOOZaMgdqKqZC/jfMBIYZ6fNbGuMZJi+c3umbZwIo4+op+dvGsyWj7IGZzlo
gG9kMv4E0Kc8oIH0Zd4XwN7kdTuBWdbr9NNmq+Kazqa2UAGmESdqfcl9cyex/bmH
YYByoi4Nv9W4cahCvnADFnbD6GzaXkwKVWgVbPy/2CdG
-----END CERTIFICATE-----