Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS174.roa
File:                     AS174.roa (raw, json)
Hash identifier:          L29ZEQDEH3243d+/AQ2LR51XSuJJ5zMoUqLFbIzDgMI=
Subject key identifier:   FF:97:26:72:C9:9A:17:BF:BF:6F:F3:E2:5A:EE:F7:9A:EA:2B:06:CC
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       179B3F926087E3D751B9B0A39015550E12BD43D6
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS174.roa
Signing time:             Mon 16 Feb 2026 00:06:58 +0000
ROA not before:           Mon 16 Feb 2026 00:01:58 +0000
ROA not after:            Mon 15 Feb 2027 00:06:58 +0000
asID:                     174
IP address blocks:        212.60.152.0/24 maxlen: 24
                          212.60.156.0/24 maxlen: 24
                          212.60.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:9b:3f:92:60:87:e3:d7:51:b9:b0:a3:90:15:55:0e:12:bd:43:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Feb 16 00:01:58 2026 GMT
            Not After : Feb 15 00:06:58 2027 GMT
        Subject: CN=FF972672C99A17BFBF6FF3E25AEEF79AEA2B06CC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:3e:f6:02:aa:4b:ff:57:5c:29:49:41:3f:a9:
                    20:74:90:7e:c9:5c:73:0c:bf:33:5e:6b:79:93:f2:
                    71:57:66:5e:0c:f9:ce:5d:d6:41:5c:cc:e4:95:30:
                    62:be:b4:d5:01:16:57:18:b3:b7:b8:a2:86:68:6a:
                    19:92:2d:16:6d:ad:87:cf:b2:2d:b5:ac:a8:1e:09:
                    fc:46:69:c3:28:9a:dd:ab:9c:46:99:5b:69:01:30:
                    e6:a7:23:9d:61:9b:e8:f1:4c:2a:18:5b:2c:67:de:
                    46:2a:31:bc:a7:27:fa:c2:60:99:20:a3:ce:9b:0d:
                    f4:68:ef:9a:cc:52:0c:2b:c9:d8:9f:d2:0e:df:e1:
                    fd:b6:c1:92:8b:44:a8:d8:3a:e2:db:61:c3:8c:36:
                    e9:82:85:a6:a1:22:26:17:49:74:aa:4d:7b:c9:8b:
                    cb:37:7d:cf:e3:21:29:5f:14:18:2d:8b:66:fb:98:
                    a0:8d:ac:ad:ad:ce:9a:93:71:d0:60:f1:0b:c2:0b:
                    e6:f8:d4:1c:fd:a5:57:e9:00:b3:c3:3d:25:7b:f5:
                    30:23:c2:f8:6e:43:74:bc:52:b5:8d:eb:1a:9d:f9:
                    6d:f1:bf:79:87:99:1f:9e:95:d2:8e:c5:92:96:8e:
                    9c:3c:69:2e:7d:3c:8e:01:fb:65:28:b8:48:e5:4e:
                    fc:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:97:26:72:C9:9A:17:BF:BF:6F:F3:E2:5A:EE:F7:9A:EA:2B:06:CC
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS174.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.152.0/24
                  212.60.156.0/24
                  212.60.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:3f:68:d8:ad:6d:90:c5:b4:82:7f:6e:a2:76:7b:c9:70:18:
         d2:10:04:67:6b:85:21:36:f3:45:c6:de:28:fc:54:bd:88:02:
         48:68:cf:de:e8:cd:3e:23:de:52:13:a9:5d:d5:36:3e:4a:00:
         48:44:ab:33:3c:13:58:39:f3:65:35:04:9c:aa:67:27:66:00:
         d7:f0:0a:aa:90:87:38:17:fc:54:ae:4d:07:d5:2f:19:4d:e7:
         66:03:2d:20:b6:7b:1c:76:3a:6e:c1:1b:64:75:56:17:e9:20:
         75:cc:47:dd:f3:c0:c7:d7:74:c0:1f:80:3f:1e:c2:ca:19:21:
         6b:cb:36:c9:23:a9:a8:7c:70:11:17:d7:17:62:cb:0a:88:83:
         51:29:a3:86:02:17:bf:57:27:fe:ee:c3:ad:1b:0d:23:31:09:
         ef:cf:25:d6:1c:92:6c:ee:f6:c3:6f:8b:7c:8d:37:39:3f:d8:
         be:05:84:7e:7d:0f:ec:4e:ae:d4:44:7f:22:d8:4d:2b:42:bd:
         29:a9:8f:da:d5:23:6d:11:a5:3b:4e:c2:f0:c8:45:1f:72:48:
         97:68:fb:6a:54:df:7b:51:c9:6b:3e:41:35:db:ee:b6:5e:b0:
         8b:b1:db:52:e2:d5:74:90:94:ce:89:73:b2:dc:ea:1d:f6:e7:
         0d:33:10:61
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIUF5s/kmCH49dRubCjkBVVDhK9Q9YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjAyMTYwMDAxNThaFw0yNzAyMTUwMDA2NThaMDMxMTAvBgNV
BAMTKEZGOTcyNjcyQzk5QTE3QkZCRjZGRjNFMjVBRUVGNzlBRUEyQjA2Q0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgPvYCqkv/V1wpSUE/qSB0kH7J
XHMMvzNea3mT8nFXZl4M+c5d1kFczOSVMGK+tNUBFlcYs7e4ooZoahmSLRZtrYfP
si21rKgeCfxGacMomt2rnEaZW2kBMOanI51hm+jxTCoYWyxn3kYqMbynJ/rCYJkg
o86bDfRo75rMUgwrydif0g7f4f22wZKLRKjYOuLbYcOMNumChaahIiYXSXSqTXvJ
i8s3fc/jISlfFBgti2b7mKCNrK2tzpqTcdBg8QvCC+b41Bz9pVfpALPDPSV79TAj
wvhuQ3S8UrWN6xqd+W3xv3mHmR+eldKOxZKWjpw8aS59PI4B+2UouEjlTvzXAgMB
AAGjggITMIICDzAdBgNVHQ4EFgQU/5cmcsmaF7+/b/PiWu73muorBswwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMTc0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1DyYAwQA
1DycAwQA1DyeMA0GCSqGSIb3DQEBCwUAA4IBAQA2P2jYrW2QxbSCf26idnvJcBjS
EARna4UhNvNFxt4o/FS9iAJIaM/e6M0+I95SE6ld1TY+SgBIRKszPBNYOfNlNQSc
qmcnZgDX8AqqkIc4F/xUrk0H1S8ZTedmAy0gtnscdjpuwRtkdVYX6SB1zEfd88DH
13TAH4A/HsLKGSFryzbJI6mofHARF9cXYssKiINRKaOGAhe/Vyf+7sOtGw0jMQnv
zyXWHJJs7vbDb4t8jTc5P9i+BYR+fQ/sTq7URH8i2E0rQr0pqY/a1SNtEaU7TsLw
yEUfckiXaPtqVN97UclrPkE12+62XrCLsdtS4tV0kJTOiXOy3Ood9ucNMxBh
-----END CERTIFICATE-----