Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47172.roa
File:                     AS47172.roa (raw, json)
Hash identifier:          kAbrq3O6QE/xWw/Ot3UYkLspiUJQtndTvZFlhSKilKA=
Subject key identifier:   40:72:EE:A9:07:2E:DF:50:8E:81:F9:97:E9:03:65:E5:8A:5E:32:21
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       67D6250BB2366A01BDFC3D2F54CE88B7A848CCE7
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47172.roa
Signing time:             Fri 05 Jan 2024 07:44:03 +0000
ROA not before:           Fri 05 Jan 2024 07:39:03 +0000
ROA not after:            Fri 03 Jan 2025 07:44:03 +0000
asID:                     47172
IP address blocks:        45.158.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:d6:25:0b:b2:36:6a:01:bd:fc:3d:2f:54:ce:88:b7:a8:48:cc:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan  5 07:39:03 2024 GMT
            Not After : Jan  3 07:44:03 2025 GMT
        Subject: CN=4072EEA9072EDF508E81F997E90365E58A5E3221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:62:46:88:48:10:62:9c:ca:2f:03:50:7b:e6:
                    40:eb:9c:a2:6b:f6:5a:cb:01:b4:92:15:43:e5:7c:
                    6e:b7:8b:7c:39:78:4a:d9:2c:21:ee:2f:08:b8:e4:
                    b5:c0:ef:6c:78:0a:cb:ec:b2:06:bc:98:a9:be:4e:
                    9d:3b:24:16:15:d7:84:24:e6:50:df:9f:c5:ed:54:
                    18:b6:09:e8:50:03:6b:47:43:4d:51:d6:85:b6:d5:
                    41:5c:ed:64:0b:83:50:85:77:b5:98:1a:45:81:b0:
                    2d:90:4c:fe:19:e8:8b:71:95:5b:d4:bb:0c:44:81:
                    86:ea:cb:99:cf:f1:a9:5c:b0:dc:2e:dd:c1:44:ac:
                    90:14:11:55:ca:9f:d0:bc:59:80:2d:0b:bb:7a:01:
                    3e:b4:05:b9:5c:0c:a3:12:98:da:98:18:6b:4e:ca:
                    fc:ba:dc:73:b2:85:0a:7d:05:44:56:d8:64:0a:04:
                    4e:77:62:d6:42:d0:e7:eb:2d:23:88:87:ee:a3:48:
                    27:e1:c2:fc:f4:04:c7:78:85:85:97:27:5b:12:0a:
                    f1:b4:de:ab:2c:3f:57:47:06:da:52:b4:56:31:6e:
                    1e:ea:d7:ce:21:8b:6e:e6:f5:9a:d7:a5:ba:80:3d:
                    da:97:b1:8b:d8:c7:57:33:1f:63:f3:6c:a2:89:b4:
                    27:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:72:EE:A9:07:2E:DF:50:8E:81:F9:97:E9:03:65:E5:8A:5E:32:21
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47172.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:c4:03:90:46:27:7b:e6:68:7c:19:c1:d5:30:a2:d2:b1:4f:
         3a:31:a1:10:5e:9f:9f:f9:6e:88:a6:72:2a:48:60:b3:1e:e0:
         aa:6d:40:a4:0c:79:6b:3a:09:d3:23:57:be:eb:d8:ef:b5:4d:
         7c:60:c8:4e:cd:f8:5c:06:16:15:74:0a:c7:2b:98:84:ab:08:
         94:72:87:c3:aa:43:a1:fe:78:fe:16:30:a3:04:99:5e:92:e8:
         33:f4:83:ef:fd:70:34:2e:6e:69:13:b2:d7:b6:67:46:94:f5:
         aa:3c:ee:63:bc:ed:00:f2:f9:ba:72:dd:17:f1:6e:18:44:74:
         58:87:7f:fd:3e:11:e4:cc:64:db:d7:e3:9c:0b:d7:6b:ee:5a:
         c7:25:f1:80:15:59:b4:ea:87:bf:1c:93:27:01:e6:63:bf:d9:
         96:39:a8:bc:22:90:b0:bb:e0:da:6f:fc:90:ad:85:14:83:79:
         13:a1:78:01:60:54:71:d1:3f:cc:b9:7a:a3:47:b6:d1:1d:40:
         b4:32:d0:ed:2d:e3:0b:e9:b5:f7:09:c9:b1:8c:76:0a:57:82:
         7c:d1:ea:b3:04:fc:3e:28:3b:18:65:30:c1:d0:9a:1f:b3:21:
         10:d1:eb:45:e0:ed:40:71:e5:4d:cb:8a:20:90:3d:9c:d0:72:
         b1:4a:c9:47
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZ9YlC7I2agG9/D0vVM6It6hIzOcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAxMDUwNzM5MDNaFw0yNTAxMDMwNzQ0MDNaMDMxMTAvBgNV
BAMTKDQwNzJFRUE5MDcyRURGNTA4RTgxRjk5N0U5MDM2NUU1OEE1RTMyMjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpYkaISBBinMovA1B75kDrnKJr
9lrLAbSSFUPlfG63i3w5eErZLCHuLwi45LXA72x4Csvssga8mKm+Tp07JBYV14Qk
5lDfn8XtVBi2CehQA2tHQ01R1oW21UFc7WQLg1CFd7WYGkWBsC2QTP4Z6ItxlVvU
uwxEgYbqy5nP8alcsNwu3cFErJAUEVXKn9C8WYAtC7t6AT60BblcDKMSmNqYGGtO
yvy63HOyhQp9BURW2GQKBE53YtZC0OfrLSOIh+6jSCfhwvz0BMd4hYWXJ1sSCvG0
3qssP1dHBtpStFYxbh7q184hi27m9ZrXpbqAPdqXsYvYx1czH2PzbKKJtCdfAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUQHLuqQcu31COgfmX6QNl5YpeMiEwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDcxNzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtnqsw
DQYJKoZIhvcNAQELBQADggEBADPEA5BGJ3vmaHwZwdUwotKxTzoxoRBen5/5boim
cipIYLMe4KptQKQMeWs6CdMjV77r2O+1TXxgyE7N+FwGFhV0CscrmISrCJRyh8Oq
Q6H+eP4WMKMEmV6S6DP0g+/9cDQubmkTste2Z0aU9ao87mO87QDy+bpy3RfxbhhE
dFiHf/0+EeTMZNvX45wL12vuWscl8YAVWbTqh78ckycB5mO/2ZY5qLwikLC74Npv
/JCthRSDeROheAFgVHHRP8y5eqNHttEdQLQy0O0t4wvptfcJybGMdgpXgnzR6rME
/D4oOxhlMMHQmh+zIRDR60Xg7UBx5U3LiiCQPZzQcrFKyUc=
-----END CERTIFICATE-----