Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS174.roa
File:                     AS174.roa (raw, json)
Hash identifier:          HbuBcky4Ze17ASPAYwLD72dwI7ZMmStupcGWqyaAEks=
Subject key identifier:   44:69:7A:2E:E2:09:63:87:DF:B9:C9:4C:81:58:B4:4C:34:EB:5E:C5
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7DACEA5F90EDAD3D39E045C6E07E2197432070B3
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS174.roa
Signing time:             Thu 26 Jun 2025 14:42:57 +0000
ROA not before:           Thu 26 Jun 2025 14:37:57 +0000
ROA not after:            Thu 25 Jun 2026 14:42:57 +0000
asID:                     174
IP address blocks:        143.20.34.0/24 maxlen: 24
                          143.20.35.0/24 maxlen: 24
                          143.20.80.0/24 maxlen: 24
                          143.20.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:ac:ea:5f:90:ed:ad:3d:39:e0:45:c6:e0:7e:21:97:43:20:70:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 26 14:37:57 2025 GMT
            Not After : Jun 25 14:42:57 2026 GMT
        Subject: CN=44697A2EE2096387DFB9C94C8158B44C34EB5EC5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:7d:e0:ae:3a:49:f4:0b:35:9e:2a:f1:0b:ae:
                    40:e7:83:20:a7:58:f9:3d:75:b0:dc:00:8f:64:9f:
                    37:68:bf:90:c5:83:a6:62:37:7f:ac:c1:d8:ba:6b:
                    cd:f1:57:e8:7a:9d:d3:96:3a:86:0e:25:cb:6c:1d:
                    bb:01:7c:7b:cd:fe:c5:e6:84:dd:d6:21:61:cf:81:
                    3b:9a:7b:51:0b:62:ec:f0:e4:ca:a8:13:9b:8e:56:
                    fa:3a:53:04:ce:3b:ec:80:4d:34:29:49:7e:83:7a:
                    c7:91:c6:f2:ae:f2:25:77:1a:a4:19:29:92:0a:27:
                    1a:9d:fb:f6:90:2a:22:c8:b2:63:ed:3d:82:40:77:
                    7e:66:16:e5:d5:40:5e:6d:26:f3:32:34:9d:fa:b4:
                    a3:33:40:c4:62:87:31:80:0e:cb:cc:bc:51:a0:b5:
                    4f:5b:d9:db:55:5f:19:ba:3d:76:5d:68:c4:82:2c:
                    c9:fa:7c:d3:3a:ee:3f:f0:1b:c6:eb:4d:b2:fb:cb:
                    3e:10:15:b2:3d:7c:10:1c:56:22:0e:db:c4:e4:83:
                    b3:fd:a5:ec:22:4e:eb:24:be:66:d5:f9:84:ea:52:
                    08:97:92:b0:49:50:8e:fe:75:dd:41:6a:7f:18:0c:
                    e7:2f:8d:87:ce:0b:d9:cd:dc:89:9c:67:43:9a:c6:
                    3e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:69:7A:2E:E2:09:63:87:DF:B9:C9:4C:81:58:B4:4C:34:EB:5E:C5
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS174.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.34.0/23
                  143.20.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:61:d0:35:be:45:cf:ac:46:b9:5c:3d:ac:78:71:04:99:52:
         98:69:0c:42:38:1f:39:58:9e:10:6e:db:ff:34:6b:79:5f:1c:
         49:79:6c:cd:df:73:f6:0a:56:23:cb:6f:18:97:7b:16:c3:30:
         69:5e:99:74:40:52:a5:fd:c0:a5:07:17:9d:d2:69:a2:61:d2:
         95:fa:5d:6c:90:c9:aa:db:9a:e2:dd:d5:67:29:3b:66:7d:59:
         e1:b7:65:cd:5d:98:c6:2f:32:89:2c:d0:31:ec:3d:0f:f9:8c:
         56:0c:d6:e6:e8:1c:1a:3a:62:f9:1f:c0:95:0a:34:22:a9:e1:
         8c:2a:6d:67:b2:15:17:d5:1f:52:00:03:02:23:d6:8e:a6:4b:
         8a:ac:68:3e:40:82:1e:0f:98:c7:3c:31:c7:5c:16:b7:41:9d:
         21:62:59:81:75:64:df:95:a0:fc:6b:94:2b:2e:4f:95:d3:32:
         2d:23:00:f2:80:d5:3e:db:3e:9a:cb:b2:28:86:d9:05:6a:b7:
         b6:a9:d6:a3:48:48:7a:ce:2b:ee:9e:db:86:79:e2:df:30:e0:
         10:ce:18:27:dc:84:93:ff:8e:83:58:95:94:4a:35:ca:7a:9f:
         80:ca:37:91:f9:f8:e1:8f:ec:fa:dd:11:de:96:8a:8d:99:16:
         90:84:a5:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUfazqX5DtrT054EXG4H4hl0MgcLMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MjYxNDM3NTdaFw0yNjA2MjUxNDQyNTdaMDMxMTAvBgNV
BAMTKDQ0Njk3QTJFRTIwOTYzODdERkI5Qzk0QzgxNThCNDRDMzRFQjVFQzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0feCuOkn0CzWeKvELrkDngyCn
WPk9dbDcAI9knzdov5DFg6ZiN3+swdi6a83xV+h6ndOWOoYOJctsHbsBfHvN/sXm
hN3WIWHPgTuae1ELYuzw5MqoE5uOVvo6UwTOO+yATTQpSX6DeseRxvKu8iV3GqQZ
KZIKJxqd+/aQKiLIsmPtPYJAd35mFuXVQF5tJvMyNJ36tKMzQMRihzGADsvMvFGg
tU9b2dtVXxm6PXZdaMSCLMn6fNM67j/wG8brTbL7yz4QFbI9fBAcViIO28Tkg7P9
pewiTuskvmbV+YTqUgiXkrBJUI7+dd1Ban8YDOcvjYfOC9nN3ImcZ0Oaxj5tAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQURGl6LuIJY4ffuclMgVi0TDTrXsUwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTc0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBjxQiAwQB
jxRQMA0GCSqGSIb3DQEBCwUAA4IBAQAcYdA1vkXPrEa5XD2seHEEmVKYaQxCOB85
WJ4Qbtv/NGt5XxxJeWzN33P2ClYjy28Yl3sWwzBpXpl0QFKl/cClBxed0mmiYdKV
+l1skMmq25ri3dVnKTtmfVnht2XNXZjGLzKJLNAx7D0P+YxWDNbm6BwaOmL5H8CV
CjQiqeGMKm1nshUX1R9SAAMCI9aOpkuKrGg+QIIeD5jHPDHHXBa3QZ0hYlmBdWTf
laD8a5QrLk+V0zItIwDygNU+2z6ay7IohtkFare2qdajSEh6zivuntuGeeLfMOAQ
zhgn3IST/46DWJWUSjXKep+AyjeR+fjhj+z63RHeloqNmRaQhKWk
-----END CERTIFICATE-----