Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47172.roa
File:                     AS47172.roa (raw, json)
Hash identifier:          o3m72LJbth7LH406V8umtxUTwZCsGxlJ35EhdmqHyVg=
Subject key identifier:   70:20:C6:7C:77:32:67:C9:3E:3B:7D:7C:02:1D:44:AD:40:BC:42:9D
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2237392FDDB33C8A2A55F089E3C238AB02114084
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47172.roa
Signing time:             Tue 08 Jul 2025 16:54:13 +0000
ROA not before:           Tue 08 Jul 2025 16:49:13 +0000
ROA not after:            Tue 07 Jul 2026 16:54:13 +0000
asID:                     47172
IP address blocks:        45.158.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:37:39:2f:dd:b3:3c:8a:2a:55:f0:89:e3:c2:38:ab:02:11:40:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jul  8 16:49:13 2025 GMT
            Not After : Jul  7 16:54:13 2026 GMT
        Subject: CN=7020C67C773267C93E3B7D7C021D44AD40BC429D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:4e:78:1c:b1:b5:c9:32:a4:57:7c:af:b0:75:
                    f0:cf:6d:d7:41:87:a8:83:41:f6:b4:02:f2:d7:4b:
                    82:10:3d:54:75:20:db:b6:c4:17:8c:6b:e8:15:fa:
                    b6:ba:7f:03:de:93:55:f9:e6:21:e2:ce:47:b4:30:
                    04:de:5b:d4:e4:57:93:a9:06:90:33:e0:6c:f7:67:
                    e9:76:3c:92:fc:0d:a3:19:a8:83:12:5a:41:45:08:
                    be:c8:f2:5e:9b:9f:1c:ea:94:9a:59:ab:94:59:11:
                    77:16:c4:17:bc:80:ce:21:6f:64:ed:99:e7:d9:99:
                    e0:66:0d:ee:5b:ba:f5:ca:35:d0:9c:ec:43:98:e4:
                    a4:da:2d:dc:06:b6:92:11:47:d6:c0:5c:61:b0:e5:
                    40:24:60:50:8f:0b:65:6b:ad:a8:ae:22:fa:60:68:
                    0f:1d:3c:8d:86:af:0e:33:79:46:ff:45:4a:0a:0e:
                    70:89:4e:28:88:41:ef:e1:b0:20:0d:86:29:47:2e:
                    ce:a3:0f:88:02:cb:fa:61:0c:12:fa:18:ba:60:85:
                    a0:a3:f7:08:29:f1:fa:f4:61:5a:34:dd:e2:89:7a:
                    81:e4:12:1a:30:a4:b9:ae:cd:1b:1c:a0:42:67:a0:
                    ec:1b:85:26:ff:4c:13:5e:9e:21:bb:89:a7:3c:07:
                    2c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:20:C6:7C:77:32:67:C9:3E:3B:7D:7C:02:1D:44:AD:40:BC:42:9D
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47172.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:d3:6a:e9:99:bc:f7:76:9a:93:13:0f:9b:e9:6f:a7:93:cb:
         89:ec:0d:c8:a3:e4:b0:00:bb:3e:1b:ed:af:2f:3e:53:8a:7f:
         09:c4:9d:be:37:a6:dc:97:58:15:8b:22:1c:6a:46:31:29:89:
         83:ee:19:5d:53:b3:a5:59:ad:aa:da:01:d3:e4:99:da:9e:8f:
         8d:cd:6f:dc:31:13:d4:73:98:0d:01:13:26:ef:45:43:71:2a:
         a8:c9:65:2e:3d:80:bc:87:d9:e9:86:5f:4a:5c:51:59:b0:33:
         6c:31:c9:c9:00:c8:4d:54:fd:02:95:5c:f2:df:a8:0a:e5:97:
         8a:22:70:c9:4b:3f:e0:56:a3:27:39:14:1d:3f:a6:93:b3:0b:
         35:e9:2d:93:47:88:85:5e:2f:0f:d3:01:a5:07:5a:17:9a:94:
         9b:ae:27:eb:59:ee:48:4a:b1:c6:f2:09:11:05:91:61:65:3a:
         f8:3c:09:b7:43:f6:35:79:85:35:7d:af:e8:f7:c0:24:f4:3b:
         2c:ee:ba:5f:f8:14:5f:e1:14:6d:ba:97:49:3f:02:a4:81:3a:
         1d:29:ea:83:45:e4:5b:0a:ae:e8:7b:57:25:85:74:39:16:23:
         bb:de:5f:3e:1d:0a:36:6e:a8:7a:5a:37:f0:94:0d:f0:2f:4e:
         82:45:e0:4e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUIjc5L92zPIoqVfCJ48I4qwIRQIQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA3MDgxNjQ5MTNaFw0yNjA3MDcxNjU0MTNaMDMxMTAvBgNV
BAMTKDcwMjBDNjdDNzczMjY3QzkzRTNCN0Q3QzAyMUQ0NEFENDBCQzQyOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPTngcsbXJMqRXfK+wdfDPbddB
h6iDQfa0AvLXS4IQPVR1INu2xBeMa+gV+ra6fwPek1X55iHizke0MATeW9TkV5Op
BpAz4Gz3Z+l2PJL8DaMZqIMSWkFFCL7I8l6bnxzqlJpZq5RZEXcWxBe8gM4hb2Tt
mefZmeBmDe5buvXKNdCc7EOY5KTaLdwGtpIRR9bAXGGw5UAkYFCPC2VrraiuIvpg
aA8dPI2Grw4zeUb/RUoKDnCJTiiIQe/hsCANhilHLs6jD4gCy/phDBL6GLpghaCj
9wgp8fr0YVo03eKJeoHkEhowpLmuzRscoEJnoOwbhSb/TBNeniG7iac8ByzdAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUcCDGfHcyZ8k+O318Ah1ErUC8Qp0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDcxNzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtnqsw
DQYJKoZIhvcNAQELBQADggEBAArTaumZvPd2mpMTD5vpb6eTy4nsDcij5LAAuz4b
7a8vPlOKfwnEnb43ptyXWBWLIhxqRjEpiYPuGV1Ts6VZraraAdPkmdqej43Nb9wx
E9RzmA0BEybvRUNxKqjJZS49gLyH2emGX0pcUVmwM2wxyckAyE1U/QKVXPLfqArl
l4oicMlLP+BWoyc5FB0/ppOzCzXpLZNHiIVeLw/TAaUHWhealJuuJ+tZ7khKscby
CREFkWFlOvg8CbdD9jV5hTV9r+j3wCT0Oyzuul/4FF/hFG26l0k/AqSBOh0p6oNF
5FsKruh7VyWFdDkWI7veXz4dCjZuqHpaN/CUDfAvToJF4E4=
-----END CERTIFICATE-----