Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS174.roa
File:                     AS174.roa (raw, json)
Hash identifier:          m9+3omi3PFPmwbFCoBPdNC4TTcFRCS28DX8VPftQ728=
Subject key identifier:   F6:34:15:47:F8:02:C4:02:E4:8C:38:90:85:F2:DB:2D:99:25:47:64
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4A25C9C3F09F4BD2423EF158E406823AEC6EF4D9
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS174.roa
Signing time:             Fri 08 Mar 2024 02:12:54 +0000
ROA not before:           Fri 08 Mar 2024 02:07:54 +0000
ROA not after:            Fri 07 Mar 2025 02:12:54 +0000
asID:                     174
IP address blocks:        141.11.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:25:c9:c3:f0:9f:4b:d2:42:3e:f1:58:e4:06:82:3a:ec:6e:f4:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar  8 02:07:54 2024 GMT
            Not After : Mar  7 02:12:54 2025 GMT
        Subject: CN=F6341547F802C402E48C389085F2DB2D99254764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b7:12:6c:d2:ed:81:92:2c:98:87:30:80:fc:
                    27:fc:f3:0e:96:4a:7e:41:f9:7b:6d:80:a1:60:56:
                    49:49:fa:b1:20:0e:4a:6c:a0:3e:4a:72:e4:65:7f:
                    43:77:56:31:2e:0f:76:57:5b:7a:ee:42:cb:9b:fd:
                    1b:2a:cb:6d:42:b7:85:a4:40:47:21:cb:82:ad:65:
                    83:46:3e:cd:af:76:45:93:53:be:a7:59:05:7b:6f:
                    3e:89:98:0d:e3:6b:46:57:d0:11:3b:ae:61:af:70:
                    0c:fc:dd:b7:42:8f:07:4c:eb:5a:0a:1f:c5:53:8d:
                    59:b7:ad:13:1a:b4:bf:13:18:e8:b4:5e:b5:0c:d8:
                    24:cf:41:57:73:b8:95:3b:e6:ca:ae:80:e8:f0:8c:
                    7a:db:ff:6e:0f:5b:04:79:b3:be:7e:cc:60:b4:b7:
                    0a:6e:e4:83:6c:6e:d9:c1:0b:33:a1:dc:c7:08:12:
                    12:37:57:ca:a9:03:02:70:30:f4:3d:29:31:6a:a8:
                    8d:0f:89:76:84:c9:c2:ae:83:7a:e5:44:6c:39:58:
                    f0:e0:1b:ac:7a:b1:42:2b:0f:8e:2d:e4:d3:52:f7:
                    69:1c:1f:20:c5:3d:80:93:c0:12:c3:e1:55:1c:4f:
                    1c:f5:86:5c:6f:bb:0b:e6:ae:ca:9f:6e:ac:37:ae:
                    30:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:34:15:47:F8:02:C4:02:E4:8C:38:90:85:F2:DB:2D:99:25:47:64
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS174.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:f0:c8:b0:c5:11:c9:bf:b1:fc:ba:7e:df:ab:36:47:83:b1:
         67:71:2d:85:42:58:ad:98:ad:84:43:65:da:e8:15:6c:93:46:
         69:1e:22:da:6a:2a:58:c0:0f:89:c3:60:5e:1b:95:50:cc:f2:
         b9:d7:74:24:bc:0b:46:d0:88:09:df:1e:a3:c6:ba:1b:f2:f6:
         b5:32:5f:71:16:d0:91:b0:5e:9c:14:da:ba:58:29:af:33:f3:
         07:d2:89:36:37:6a:1a:da:b7:10:25:1e:1f:26:bf:20:59:b4:
         26:70:2a:0d:f1:f3:55:15:96:a4:26:5b:98:a1:3f:3a:2f:7d:
         5b:4f:c2:5c:35:5f:a3:5f:21:14:9c:3e:34:31:10:29:99:3a:
         47:94:ca:c2:cd:67:95:08:28:81:f5:bb:78:d4:fe:0e:3f:d5:
         85:e1:92:ec:b4:02:b8:28:d2:a5:d0:04:cd:30:60:1b:e9:c7:
         35:8f:cb:22:6f:73:07:f7:b3:e5:82:9c:c8:fc:ad:79:3a:1e:
         ac:99:b1:ad:ba:d6:df:fe:f3:c8:6b:09:0e:fe:0a:16:79:07:
         04:53:68:63:f4:b3:5e:1b:61:33:3a:84:c2:fb:ae:12:02:19:
         f0:a0:15:98:6a:1f:78:7b:b7:52:c1:19:be:bf:b5:bf:a9:90:
         b1:76:26:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUSiXJw/CfS9JCPvFY5AaCOuxu9NkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAzMDgwMjA3NTRaFw0yNTAzMDcwMjEyNTRaMDMxMTAvBgNV
BAMTKEY2MzQxNTQ3RjgwMkM0MDJFNDhDMzg5MDg1RjJEQjJEOTkyNTQ3NjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdtxJs0u2BkiyYhzCA/Cf88w6W
Sn5B+XttgKFgVklJ+rEgDkpsoD5KcuRlf0N3VjEuD3ZXW3ruQsub/Rsqy21Ct4Wk
QEchy4KtZYNGPs2vdkWTU76nWQV7bz6JmA3ja0ZX0BE7rmGvcAz83bdCjwdM61oK
H8VTjVm3rRMatL8TGOi0XrUM2CTPQVdzuJU75squgOjwjHrb/24PWwR5s75+zGC0
twpu5INsbtnBCzOh3McIEhI3V8qpAwJwMPQ9KTFqqI0PiXaEycKug3rlRGw5WPDg
G6x6sUIrD44t5NNS92kcHyDFPYCTwBLD4VUcTxz1hlxvuwvmrsqfbqw3rjDVAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQU9jQVR/gCxALkjDiQhfLbLZklR2QwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTc0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQt0MA0G
CSqGSIb3DQEBCwUAA4IBAQCo8MiwxRHJv7H8un7fqzZHg7FncS2FQlitmK2EQ2Xa
6BVsk0ZpHiLaaipYwA+Jw2BeG5VQzPK513QkvAtG0IgJ3x6jxrob8va1Ml9xFtCR
sF6cFNq6WCmvM/MH0ok2N2oa2rcQJR4fJr8gWbQmcCoN8fNVFZakJluYoT86L31b
T8JcNV+jXyEUnD40MRApmTpHlMrCzWeVCCiB9bt41P4OP9WF4ZLstAK4KNKl0ATN
MGAb6cc1j8sib3MH97PlgpzI/K15Oh6smbGtutbf/vPIawkO/goWeQcEU2hj9LNe
G2EzOoTC+64SAhnwoBWYah94e7dSwRm+v7W/qZCxdiaD
-----END CERTIFICATE-----