Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS14168.roa
File:                     AS14168.roa (raw, json)
Hash identifier:          oz66XpTGxkw8rd/5gyoCTdl9TPE7i05qFGDVMhfPyFU=
Subject key identifier:   D3:BA:5A:40:80:8B:4B:B4:9D:3A:F0:A5:01:81:83:CF:7F:24:EE:74
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       310F1B2B9F220026F797AB09E19867E83F9D6BD6
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS14168.roa
Signing time:             Fri 30 May 2025 18:52:11 +0000
ROA not before:           Fri 30 May 2025 18:47:11 +0000
ROA not after:            Fri 29 May 2026 18:52:11 +0000
asID:                     14168
IP address blocks:        167.148.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 13:25:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:0f:1b:2b:9f:22:00:26:f7:97:ab:09:e1:98:67:e8:3f:9d:6b:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 30 18:47:11 2025 GMT
            Not After : May 29 18:52:11 2026 GMT
        Subject: CN=D3BA5A40808B4BB49D3AF0A5018183CF7F24EE74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:17:a0:b1:a7:11:00:dc:02:85:4f:84:70:cf:
                    50:7a:db:74:73:82:21:69:03:7e:42:bf:58:53:cc:
                    b1:87:f3:94:00:03:ef:cd:34:fe:82:19:6b:14:6e:
                    f5:f1:13:1d:64:05:6f:dc:c3:04:3c:b3:6f:ac:0e:
                    fc:e2:7b:3a:23:b5:de:ac:08:fa:3e:9c:ad:a9:4e:
                    28:e3:e7:6e:75:b6:3c:94:1a:49:a1:bf:43:a2:71:
                    7c:03:ed:f5:ae:30:48:96:7e:c8:e4:37:7b:a9:d0:
                    b9:11:38:ef:21:5b:34:7b:41:a7:a7:17:a7:e3:b7:
                    8e:70:a7:2b:13:0c:de:6a:91:88:49:95:8b:45:50:
                    99:e7:b2:39:af:fb:5e:a4:03:e4:15:b2:3e:c7:d4:
                    93:33:79:30:4d:25:8c:6f:36:d3:45:77:12:e3:c1:
                    e4:ff:88:4c:2a:c1:bf:7b:d9:81:8c:85:6d:97:cd:
                    a5:6c:58:c4:5a:df:d0:d2:37:5e:6e:37:4e:21:39:
                    ff:1b:b1:b3:25:3b:f8:25:d3:1a:63:81:e1:76:7e:
                    40:8d:53:4e:42:28:c3:ff:f1:71:30:fe:bb:5d:76:
                    11:36:96:e8:80:43:f7:a7:a8:93:32:e1:ab:00:66:
                    a3:43:8c:e5:63:fa:a6:44:3f:f2:85:ff:1b:4e:48:
                    08:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:BA:5A:40:80:8B:4B:B4:9D:3A:F0:A5:01:81:83:CF:7F:24:EE:74
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS14168.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:6d:90:68:a4:37:b4:09:16:da:96:99:6f:63:12:50:d7:db:
         52:d8:3d:ce:9e:c8:f7:d6:df:5a:44:ff:da:43:18:aa:04:55:
         0b:6b:9e:41:64:cb:6d:2e:3a:5f:7f:9a:2f:c0:b9:f7:54:42:
         1b:0e:14:67:d5:35:af:1d:db:33:24:02:2b:49:d5:d5:5b:f1:
         52:60:ea:e3:15:75:a5:76:62:0a:ce:0b:37:77:e9:3a:4d:1c:
         47:c1:9c:8f:df:2a:a1:9c:c8:7c:c0:89:ca:05:9c:0c:a5:58:
         6d:62:98:55:0f:f3:5a:99:52:f0:84:e7:4f:36:7e:56:46:f3:
         b6:3e:2a:10:6c:3a:e0:b7:e2:02:2f:f1:59:80:93:27:37:8e:
         55:42:49:3c:37:d3:4e:0f:10:e8:c8:1f:24:ea:6f:dc:c6:f2:
         14:9a:0d:55:ca:b4:54:d8:0b:30:d8:d4:5a:52:7a:7f:b8:b3:
         00:b5:b5:5e:6f:0a:7e:8b:ec:1b:18:43:7a:08:60:87:d0:29:
         51:58:c9:64:fe:25:db:79:82:70:93:4d:d8:9e:df:a4:cc:f0:
         ab:a5:e5:94:4d:80:0a:87:10:ba:f2:e0:8c:5b:06:dd:21:d7:
         9d:e6:56:77:34:8e:f4:f1:a0:f6:74:28:43:23:3e:9a:bd:4a:
         ad:82:02:bf
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUMQ8bK58iACb3l6sJ4Zhn6D+da9YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MzAxODQ3MTFaFw0yNjA1MjkxODUyMTFaMDMxMTAvBgNV
BAMTKEQzQkE1QTQwODA4QjRCQjQ5RDNBRjBBNTAxODE4M0NGN0YyNEVFNzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5F6CxpxEA3AKFT4Rwz1B623Rz
giFpA35Cv1hTzLGH85QAA+/NNP6CGWsUbvXxEx1kBW/cwwQ8s2+sDvziezojtd6s
CPo+nK2pTijj5251tjyUGkmhv0OicXwD7fWuMEiWfsjkN3up0LkROO8hWzR7Qaen
F6fjt45wpysTDN5qkYhJlYtFUJnnsjmv+16kA+QVsj7H1JMzeTBNJYxvNtNFdxLj
weT/iEwqwb972YGMhW2XzaVsWMRa39DSN15uN04hOf8bsbMlO/gl0xpjgeF2fkCN
U05CKMP/8XEw/rtddhE2luiAQ/enqJMy4asAZqNDjOVj+qZEP/KF/xtOSAg1AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU07paQICLS7SdOvClAYGDz38k7nQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTQxNjgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACnlJAw
DQYJKoZIhvcNAQELBQADggEBAH1tkGikN7QJFtqWmW9jElDX21LYPc6eyPfW31pE
/9pDGKoEVQtrnkFky20uOl9/mi/AufdUQhsOFGfVNa8d2zMkAitJ1dVb8VJg6uMV
daV2YgrOCzd36TpNHEfBnI/fKqGcyHzAicoFnAylWG1imFUP81qZUvCE5082flZG
87Y+KhBsOuC34gIv8VmAkyc3jlVCSTw3004PEOjIHyTqb9zG8hSaDVXKtFTYCzDY
1FpSen+4swC1tV5vCn6L7BsYQ3oIYIfQKVFYyWT+Jdt5gnCTTdie36TM8Kul5ZRN
gAqHELry4IxbBt0h153mVnc0jvTxoPZ0KEMjPpq9Sq2CAr8=
-----END CERTIFICATE-----