Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS174.roa
File:                     AS174.roa (raw, json)
Hash identifier:          p8Mvh4bk8Jk3/WhQx3HHtty/tqEBSzeKsOnuek8nIaQ=
Subject key identifier:   A5:07:44:2F:79:04:2F:14:D3:47:3F:1A:82:57:0F:16:14:F8:A0:52
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       7564709DCC389034AD7C0539B641DF8EB1FA630A
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS174.roa
Signing time:             Wed 15 Jan 2025 16:37:18 +0000
ROA not before:           Wed 15 Jan 2025 16:32:18 +0000
ROA not after:            Wed 14 Jan 2026 16:37:18 +0000
asID:                     174
IP address blocks:        139.28.32.0/22 maxlen: 22
                          141.98.48.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:64:70:9d:cc:38:90:34:ad:7c:05:39:b6:41:df:8e:b1:fa:63:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 15 16:32:18 2025 GMT
            Not After : Jan 14 16:37:18 2026 GMT
        Subject: CN=A507442F79042F14D3473F1A82570F1614F8A052
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fe:ee:01:1d:cf:e2:ee:9c:6c:0f:ef:69:b3:
                    cd:ef:06:05:f4:9a:9a:9d:53:e8:f6:79:83:5c:ab:
                    a4:86:71:b3:d1:52:dc:e2:29:43:f8:e8:57:0d:34:
                    bc:a6:85:06:40:26:c5:c1:d4:f4:44:49:52:c3:a9:
                    39:f9:35:af:36:bb:e0:99:1a:29:f4:50:e5:56:e1:
                    fa:12:3a:16:11:de:a5:04:de:71:e8:7d:f1:4b:84:
                    af:00:ff:f2:08:33:5b:0d:32:0d:76:1f:0d:06:35:
                    c2:e9:fe:1b:bd:f4:63:3d:a2:9e:87:fa:2d:56:ea:
                    64:20:9d:55:d9:d6:f2:0a:d2:7b:4b:45:39:5d:a4:
                    ce:c4:f4:ca:73:48:33:03:8f:8f:d4:ce:f0:8b:16:
                    9d:38:69:26:0c:57:bb:6e:3b:37:ea:30:2b:ed:90:
                    f1:61:07:19:9d:e5:50:3d:c3:a1:c1:37:77:51:8c:
                    7b:a0:fa:cd:85:e1:5b:60:b1:c9:55:36:b4:6c:bf:
                    e6:22:e0:a8:0e:59:29:73:9f:08:e3:9a:68:41:14:
                    da:a5:56:3d:be:e7:5a:a0:c6:4f:68:e3:eb:3d:ac:
                    98:08:71:f7:43:ad:3e:93:27:a6:32:ab:13:c9:22:
                    67:35:9c:90:d0:1f:b3:48:a6:26:d6:a2:cb:bd:3b:
                    6d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:07:44:2F:79:04:2F:14:D3:47:3F:1A:82:57:0F:16:14:F8:A0:52
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS174.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.32.0/22
                  141.98.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:e1:df:45:08:1c:3b:b1:c8:a9:ca:4c:e0:99:3c:d7:3d:d0:
         ba:60:3c:cd:a0:6c:bd:a0:dd:57:c7:4a:3d:1f:3c:36:48:3b:
         87:93:00:34:e5:9e:1e:84:06:85:81:27:7f:a4:1b:54:b9:26:
         4d:77:62:74:c5:ba:48:3e:64:e0:36:37:c2:7f:07:6e:a9:11:
         08:f8:a8:80:0c:99:a6:7f:81:3a:38:57:77:6c:8a:5e:f1:ff:
         f5:21:39:ea:e8:af:6c:c5:56:cd:bd:cd:be:af:3a:f2:a4:60:
         fd:e5:cf:09:e4:26:02:4d:7e:db:cc:27:6f:9d:de:5f:3a:2e:
         91:68:b3:2d:db:39:fe:8a:40:16:39:c7:ff:98:f0:73:c0:15:
         1d:fc:f1:91:39:62:44:1d:41:8c:2c:9d:0a:8a:58:a6:93:d7:
         e8:04:bb:15:fd:f5:d0:86:cb:5d:4e:92:45:61:87:85:75:ae:
         08:21:8d:2a:62:92:61:ec:6f:17:dc:04:44:0f:9f:68:55:d4:
         af:4d:70:5d:49:65:5d:bb:ce:cb:77:42:3c:f9:a2:2c:de:a2:
         8b:61:ae:74:09:cf:72:60:31:30:be:1d:bd:fe:a7:c0:3e:48:
         a2:5a:80:a8:b5:18:61:09:d6:6b:fc:83:fb:71:74:40:ba:98:
         34:52:bf:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUdWRwncw4kDStfAU5tkHfjrH6YwowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMTUxNjMyMThaFw0yNjAxMTQxNjM3MThaMDMxMTAvBgNV
BAMTKEE1MDc0NDJGNzkwNDJGMTREMzQ3M0YxQTgyNTcwRjE2MTRGOEEwNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7/u4BHc/i7pxsD+9ps83vBgX0
mpqdU+j2eYNcq6SGcbPRUtziKUP46FcNNLymhQZAJsXB1PRESVLDqTn5Na82u+CZ
Gin0UOVW4foSOhYR3qUE3nHoffFLhK8A//IIM1sNMg12Hw0GNcLp/hu99GM9op6H
+i1W6mQgnVXZ1vIK0ntLRTldpM7E9MpzSDMDj4/UzvCLFp04aSYMV7tuOzfqMCvt
kPFhBxmd5VA9w6HBN3dRjHug+s2F4VtgsclVNrRsv+Yi4KgOWSlznwjjmmhBFNql
Vj2+51qgxk9o4+s9rJgIcfdDrT6TJ6YyqxPJImc1nJDQH7NIpibWosu9O23HAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUpQdEL3kELxTTRz8aglcPFhT4oFIwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMTc0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCixwgAwQC
jWIwMA0GCSqGSIb3DQEBCwUAA4IBAQBo4d9FCBw7scipykzgmTzXPdC6YDzNoGy9
oN1Xx0o9Hzw2SDuHkwA05Z4ehAaFgSd/pBtUuSZNd2J0xbpIPmTgNjfCfwduqREI
+KiADJmmf4E6OFd3bIpe8f/1ITnq6K9sxVbNvc2+rzrypGD95c8J5CYCTX7bzCdv
nd5fOi6RaLMt2zn+ikAWOcf/mPBzwBUd/PGROWJEHUGMLJ0Kilimk9foBLsV/fXQ
hstdTpJFYYeFda4IIY0qYpJh7G8X3ARED59oVdSvTXBdSWVdu87Ld0I8+aIs3qKL
Ya50Cc9yYDEwvh29/qfAPkiiWoCotRhhCdZr/IP7cXRAupg0Ur+t
-----END CERTIFICATE-----