Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47172.roa
File:                     AS47172.roa (raw, json)
Hash identifier:          RaijUjrhRNgDLU+oBa35loWOOqP5kRfsopdubML8LjE=
Subject key identifier:   B8:45:66:89:2A:61:2A:46:28:45:56:93:C3:EB:BC:AF:5E:A4:67:6B
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       34DB81BD93CAB5AFA2085904169A85C3A4CD4E35
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47172.roa
Signing time:             Tue 06 Aug 2024 16:14:03 +0000
ROA not before:           Tue 06 Aug 2024 16:09:03 +0000
ROA not after:            Tue 05 Aug 2025 16:14:03 +0000
asID:                     47172
IP address blocks:        45.158.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:db:81:bd:93:ca:b5:af:a2:08:59:04:16:9a:85:c3:a4:cd:4e:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug  6 16:09:03 2024 GMT
            Not After : Aug  5 16:14:03 2025 GMT
        Subject: CN=B84566892A612A4628455693C3EBBCAF5EA4676B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ab:06:a5:14:42:f9:35:32:c0:18:80:b7:ce:
                    1a:7b:84:67:af:24:af:80:11:d3:76:c8:0f:10:6a:
                    f9:ab:e3:41:95:93:ec:6d:03:ad:aa:6f:fc:56:fd:
                    dd:1d:81:93:29:92:a4:58:24:3b:30:18:e8:4d:28:
                    0d:5d:74:6d:3a:3f:0e:18:dd:bf:4c:b6:a5:07:0c:
                    0a:d2:77:fe:73:17:9f:7d:bd:f7:4c:16:72:da:7f:
                    2c:df:1e:6c:7c:9c:55:c5:65:a4:f1:16:18:c9:10:
                    13:fb:71:86:07:bc:37:d4:b3:59:04:d0:6d:2c:db:
                    42:d1:1e:86:99:38:cb:91:64:df:90:48:5b:fd:71:
                    11:42:72:73:7b:8f:6c:8e:25:55:46:9b:77:cb:a9:
                    f9:78:5d:b7:8f:8a:a4:66:d4:34:be:f0:39:79:bd:
                    52:a8:d1:e4:10:c3:ee:05:6b:50:ed:83:69:63:6d:
                    50:1e:5c:ac:06:4e:d2:d6:76:5b:e7:30:87:85:de:
                    58:28:19:ff:32:4c:23:42:82:72:b5:3a:75:77:b2:
                    71:cc:59:77:49:72:23:fa:14:83:01:2d:67:49:bf:
                    c0:89:d0:14:0e:08:ed:14:80:66:d7:5e:9d:bc:03:
                    ea:44:26:39:cb:ad:b6:d9:ac:89:33:9f:c4:e3:8c:
                    4c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:45:66:89:2A:61:2A:46:28:45:56:93:C3:EB:BC:AF:5E:A4:67:6B
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47172.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:05:d9:9c:e7:87:5f:e7:18:c8:7f:68:2b:f4:18:e8:3b:28:
         b0:7f:2b:3f:45:96:c0:23:35:6a:65:c7:e1:d3:82:19:2f:6d:
         83:d0:d5:35:81:2f:98:13:58:b2:40:5a:96:7a:c5:32:52:3d:
         b3:cf:be:45:34:e8:69:c3:e0:ff:1b:d3:3d:3f:1f:00:f5:10:
         ea:85:0f:30:ba:b7:c6:75:a7:7e:35:32:b1:64:b1:c9:83:dd:
         9c:ab:e2:c8:57:61:cb:95:f6:da:1e:84:09:0e:52:22:e8:4e:
         a9:72:cf:02:b6:42:b9:ba:f5:e7:60:61:53:13:0b:7e:55:d8:
         f7:27:96:cb:4a:5a:03:45:c6:75:46:9c:91:93:06:89:fc:0d:
         14:b3:13:ac:ce:4f:ac:4f:a2:aa:00:a3:eb:98:8a:85:9c:f1:
         8f:d7:94:97:e5:a6:e3:a6:8a:8f:ee:9a:b4:69:b4:2a:98:3f:
         37:f0:82:ff:dc:4a:4c:e1:3c:d9:8c:09:49:76:4f:e6:cf:92:
         0e:12:64:7a:fb:68:6c:ac:41:05:d4:ea:24:f2:0c:28:8c:8f:
         ce:57:9b:b8:19:16:90:05:88:bc:2f:17:f5:5d:18:9a:95:d8:
         f2:c0:b9:c8:ee:7f:38:63:ab:fd:c3:75:e9:a5:34:ef:1d:1e:
         0c:9e:47:16
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUNNuBvZPKta+iCFkEFpqFw6TNTjUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA4MDYxNjA5MDNaFw0yNTA4MDUxNjE0MDNaMDMxMTAvBgNV
BAMTKEI4NDU2Njg5MkE2MTJBNDYyODQ1NTY5M0MzRUJCQ0FGNUVBNDY3NkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/qwalFEL5NTLAGIC3zhp7hGev
JK+AEdN2yA8Qavmr40GVk+xtA62qb/xW/d0dgZMpkqRYJDswGOhNKA1ddG06Pw4Y
3b9MtqUHDArSd/5zF599vfdMFnLafyzfHmx8nFXFZaTxFhjJEBP7cYYHvDfUs1kE
0G0s20LRHoaZOMuRZN+QSFv9cRFCcnN7j2yOJVVGm3fLqfl4XbePiqRm1DS+8Dl5
vVKo0eQQw+4Fa1Dtg2ljbVAeXKwGTtLWdlvnMIeF3lgoGf8yTCNCgnK1OnV3snHM
WXdJciP6FIMBLWdJv8CJ0BQOCO0UgGbXXp28A+pEJjnLrbbZrIkzn8TjjEx/AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUuEVmiSphKkYoRVaTw+u8r16kZ2swHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDcxNzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtnqsw
DQYJKoZIhvcNAQELBQADggEBAK4F2Zznh1/nGMh/aCv0GOg7KLB/Kz9FlsAjNWpl
x+HTghkvbYPQ1TWBL5gTWLJAWpZ6xTJSPbPPvkU06GnD4P8b0z0/HwD1EOqFDzC6
t8Z1p341MrFkscmD3Zyr4shXYcuV9toehAkOUiLoTqlyzwK2Qrm69edgYVMTC35V
2PcnlstKWgNFxnVGnJGTBon8DRSzE6zOT6xPoqoAo+uYioWc8Y/XlJflpuOmio/u
mrRptCqYPzfwgv/cSkzhPNmMCUl2T+bPkg4SZHr7aGysQQXU6iTyDCiMj85Xm7gZ
FpAFiLwvF/VdGJqV2PLAucjufzhjq/3DdemlNO8dHgyeRxY=
-----END CERTIFICATE-----