Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS174.roa
File:                     AS174.roa (raw, json)
Hash identifier:          AnZ70odycjr4DeIEvt9kc6KoQYhva+P/1prW5yIbkFQ=
Subject key identifier:   BA:87:F8:92:38:84:8C:66:6F:34:E5:83:4B:4B:3E:E3:58:7A:2B:52
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       53B83DBA34DD51D1B8DF7E272885DB2B19B40F7F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS174.roa
Signing time:             Tue 28 Apr 2026 00:03:52 +0000
ROA not before:           Mon 27 Apr 2026 23:58:52 +0000
ROA not after:            Tue 27 Apr 2027 00:03:52 +0000
asID:                     174
IP address blocks:        2a13:9500:14f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:b8:3d:ba:34:dd:51:d1:b8:df:7e:27:28:85:db:2b:19:b4:0f:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 27 23:58:52 2026 GMT
            Not After : Apr 27 00:03:52 2027 GMT
        Subject: CN=BA87F89238848C666F34E5834B4B3EE3587A2B52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b7:1c:fb:43:e6:bb:9b:3f:2a:58:37:b2:69:
                    57:24:60:2e:d9:fa:0e:b2:60:f4:11:12:f6:38:63:
                    cd:3d:20:dc:53:e2:45:60:89:2c:0b:85:8d:59:f2:
                    51:c6:fb:ae:14:c4:29:c4:07:60:8a:27:a8:63:0d:
                    ed:da:a3:f3:0a:a9:02:4c:11:38:ee:85:f7:03:cf:
                    c3:81:9f:c7:13:a9:31:f9:f5:e6:4b:91:40:d1:72:
                    46:ae:7e:53:a7:b3:04:0f:b8:f7:c8:49:7b:55:1e:
                    d4:11:74:61:04:1f:74:40:cf:5e:05:95:50:96:55:
                    ef:2b:57:a8:32:8f:1a:19:55:b2:bd:18:67:68:a7:
                    ac:8b:7f:60:5f:08:00:67:69:76:a0:e6:d7:8c:6c:
                    24:d4:38:b0:1e:b7:f1:f9:ca:db:bc:e3:cc:f3:da:
                    04:1f:ac:40:3a:b5:d3:4f:33:74:ca:34:9b:63:88:
                    b2:f1:58:9e:fc:7a:89:22:7f:ca:38:4a:db:c1:15:
                    14:c2:2d:48:e0:e6:fb:f3:f7:c1:07:da:dd:d5:b8:
                    bb:dc:98:35:01:00:22:f4:37:e4:11:d2:aa:df:08:
                    06:2f:cf:11:6b:4e:ae:42:7f:d0:6f:62:38:a9:84:
                    bc:77:2d:4a:29:7b:8a:35:6a:43:3c:d0:78:7b:77:
                    53:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:87:F8:92:38:84:8C:66:6F:34:E5:83:4B:4B:3E:E3:58:7A:2B:52
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS174.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:14f::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:71:1e:08:54:a6:31:6f:83:07:26:13:de:c2:f6:bc:17:ea:
         17:b9:e8:a1:bc:7c:be:79:b7:81:f7:bd:5f:65:09:c8:2b:f8:
         00:f3:93:bc:5f:fc:5c:42:33:d9:f4:64:b1:b0:9b:77:52:7c:
         c6:e1:b1:a9:26:ea:de:1b:31:71:3d:2b:4d:0c:6e:c9:32:e8:
         ec:53:7f:ec:24:27:a9:25:c7:26:49:16:b0:15:55:1e:22:f2:
         84:e0:f6:90:02:28:bc:41:3a:5e:25:73:f2:36:a0:c2:b9:01:
         96:e3:58:e2:fe:2d:29:49:b1:e3:04:64:83:b8:86:ae:aa:43:
         15:65:f8:43:da:f3:e0:0e:0a:74:f8:d1:02:70:a9:88:cd:16:
         99:0b:37:e6:6c:85:36:16:ab:5f:a2:78:18:ec:79:89:97:0e:
         5c:98:5c:f4:fd:28:58:80:b1:1d:9c:57:d1:8a:c4:94:7b:b0:
         b9:b0:32:ba:f2:41:0c:11:c4:e7:4c:4e:31:43:63:b2:32:75:
         03:4e:bc:c4:d0:62:eb:02:b5:81:85:1f:54:c5:44:d0:a6:8b:
         24:d0:33:bd:43:7c:b3:ad:df:f1:6c:c3:01:3c:69:a2:bc:1d:
         0e:2b:25:f9:33:a6:39:a6:66:55:cd:bb:97:89:7b:b9:28:df:
         63:c7:26:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUU7g9ujTdUdG4334nKIXbKxm0D38wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjcyMzU4NTJaFw0yNzA0MjcwMDAzNTJaMDMxMTAvBgNV
BAMTKEJBODdGODkyMzg4NDhDNjY2RjM0RTU4MzRCNEIzRUUzNTg3QTJCNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKtxz7Q+a7mz8qWDeyaVckYC7Z
+g6yYPQREvY4Y809INxT4kVgiSwLhY1Z8lHG+64UxCnEB2CKJ6hjDe3ao/MKqQJM
ETjuhfcDz8OBn8cTqTH59eZLkUDRckauflOnswQPuPfISXtVHtQRdGEEH3RAz14F
lVCWVe8rV6gyjxoZVbK9GGdop6yLf2BfCABnaXag5teMbCTUOLAet/H5ytu848zz
2gQfrEA6tdNPM3TKNJtjiLLxWJ78eokif8o4StvBFRTCLUjg5vvz98EH2t3VuLvc
mDUBACL0N+QR0qrfCAYvzxFrTq5Cf9BvYjiphLx3LUope4o1akM80Hh7d1NzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUuof4kjiEjGZvNOWDS0s+41h6K1IwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTc0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOVAAFP
MA0GCSqGSIb3DQEBCwUAA4IBAQCEcR4IVKYxb4MHJhPewva8F+oXueihvHy+ebeB
971fZQnIK/gA85O8X/xcQjPZ9GSxsJt3UnzG4bGpJureGzFxPStNDG7JMujsU3/s
JCepJccmSRawFVUeIvKE4PaQAii8QTpeJXPyNqDCuQGW41ji/i0pSbHjBGSDuIau
qkMVZfhD2vPgDgp0+NECcKmIzRaZCzfmbIU2FqtfongY7HmJlw5cmFz0/ShYgLEd
nFfRisSUe7C5sDK68kEMEcTnTE4xQ2OyMnUDTrzE0GLrArWBhR9UxUTQposk0DO9
Q3yzrd/xbMMBPGmivB0OKyX5M6Y5pmZVzbuXiXu5KN9jxybp
-----END CERTIFICATE-----