Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS47172.roa
File:                     AS47172.roa (raw, json)
Hash identifier:          FMMj8nYb7qfUVFpJYcKAnIgrdR2dE4JTEUeobgIAnXs=
Subject key identifier:   F9:FC:52:40:8A:AC:27:AE:AD:66:3A:BD:37:72:8F:35:7A:22:85:5D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       52EB4EB342D43D91749598B185AC68A32DA67C60
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS47172.roa
Signing time:             Fri 05 Jan 2024 08:19:43 +0000
ROA not before:           Fri 05 Jan 2024 08:14:43 +0000
ROA not after:            Fri 03 Jan 2025 08:19:43 +0000
asID:                     47172
IP address blocks:        141.11.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:eb:4e:b3:42:d4:3d:91:74:95:98:b1:85:ac:68:a3:2d:a6:7c:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jan  5 08:14:43 2024 GMT
            Not After : Jan  3 08:19:43 2025 GMT
        Subject: CN=F9FC52408AAC27AEAD663ABD37728F357A22855D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:96:f3:2c:33:69:c4:be:50:c5:72:b2:75:81:
                    59:79:cf:19:03:3c:f3:a0:fb:b5:74:c0:cb:a9:02:
                    d0:fe:b3:24:29:8c:4c:f0:e5:ab:ca:32:e8:a6:40:
                    0b:f3:59:5d:37:35:55:a8:d5:e7:0e:0a:b1:36:86:
                    66:47:ed:6d:73:f8:7a:27:65:d7:bb:85:b3:6c:28:
                    6a:0c:2f:51:9e:f2:9d:9b:4e:bc:0e:1e:69:a1:11:
                    93:51:72:df:5f:07:9f:cb:43:28:aa:3d:63:20:93:
                    3c:6e:b2:f8:78:c2:13:bf:18:a2:e5:2d:25:26:73:
                    ec:94:e5:ba:34:23:bc:fa:e2:c9:35:df:de:80:5b:
                    9a:6d:94:d4:08:82:78:a7:68:4f:41:26:17:a7:cb:
                    32:f5:05:00:a4:9f:a1:5b:6e:50:92:be:a6:db:ef:
                    36:6c:60:61:86:b2:82:7d:2a:a8:d9:fe:5c:9a:17:
                    40:e8:06:db:63:d3:c0:82:ce:59:72:31:ef:80:5f:
                    15:60:4b:df:a0:cc:81:f8:6f:d7:25:85:27:ec:6d:
                    22:11:c2:7b:45:28:7b:22:ad:f4:17:12:91:39:6a:
                    06:16:1c:78:57:3f:7a:e6:3f:3c:ee:16:6b:67:f0:
                    ba:fe:33:67:d0:df:09:d6:03:7c:03:a8:26:b3:c8:
                    e4:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:FC:52:40:8A:AC:27:AE:AD:66:3A:BD:37:72:8F:35:7A:22:85:5D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS47172.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:02:2c:cd:ab:22:6b:31:a5:6f:5b:68:9b:e2:26:df:f1:5b:
         20:3d:e6:27:e1:a2:f1:1a:a4:ea:6e:30:bd:c2:01:ee:06:41:
         bf:d0:4c:d9:e0:36:98:bc:2f:fb:4f:ed:4c:9e:47:00:0a:ff:
         29:62:07:e1:17:1b:6b:2b:c6:3c:9f:dc:71:d0:e6:a9:7e:11:
         a3:f4:bf:b3:5a:ba:7a:a6:98:e0:cf:da:7f:0c:df:8a:bb:ca:
         b7:61:fd:3e:56:b0:d2:74:bb:5d:94:22:9d:76:e6:a7:7f:83:
         90:44:00:48:c1:ee:6b:1e:cb:0a:9c:5a:99:d4:fb:e9:66:b4:
         b7:f8:c8:6e:a2:59:b0:70:6d:4f:96:4a:40:d7:1c:23:a8:be:
         e8:da:1b:65:81:fa:6d:bb:fe:07:5e:81:d7:51:b2:fd:e1:29:
         06:c3:b4:c5:8b:b3:06:1b:a9:a0:93:c7:b0:93:e3:f9:17:e2:
         c5:7a:96:4d:36:76:64:51:9e:4d:c3:55:e7:d3:1c:41:15:66:
         88:e0:48:53:46:99:3b:6b:7d:91:5e:0a:a1:16:b8:73:5b:09:
         dc:fd:31:c4:35:ca:d5:05:ef:36:6a:e7:91:ae:1c:0c:84:d9:
         44:d1:84:a4:a9:38:84:f7:6b:1f:65:9a:03:a2:4f:51:9f:48:
         c2:e1:ba:59
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUUutOs0LUPZF0lZixhaxooy2mfGAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAxMDUwODE0NDNaFw0yNTAxMDMwODE5NDNaMDMxMTAvBgNV
BAMTKEY5RkM1MjQwOEFBQzI3QUVBRDY2M0FCRDM3NzI4RjM1N0EyMjg1NUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVlvMsM2nEvlDFcrJ1gVl5zxkD
PPOg+7V0wMupAtD+syQpjEzw5avKMuimQAvzWV03NVWo1ecOCrE2hmZH7W1z+Hon
Zde7hbNsKGoML1Ge8p2bTrwOHmmhEZNRct9fB5/LQyiqPWMgkzxusvh4whO/GKLl
LSUmc+yU5bo0I7z64sk1396AW5ptlNQIgninaE9BJhenyzL1BQCkn6FbblCSvqbb
7zZsYGGGsoJ9KqjZ/lyaF0DoBttj08CCzllyMe+AXxVgS9+gzIH4b9clhSfsbSIR
wntFKHsirfQXEpE5agYWHHhXP3rmPzzuFmtn8Lr+M2fQ3wnWA3wDqCazyOSFAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+fxSQIqsJ66tZjq9N3KPNXoihV0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDcxNzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC70w
DQYJKoZIhvcNAQELBQADggEBAH4CLM2rImsxpW9baJviJt/xWyA95ifhovEapOpu
ML3CAe4GQb/QTNngNpi8L/tP7UyeRwAK/yliB+EXG2srxjyf3HHQ5ql+EaP0v7Na
unqmmODP2n8M34q7yrdh/T5WsNJ0u12UIp125qd/g5BEAEjB7mseywqcWpnU++lm
tLf4yG6iWbBwbU+WSkDXHCOovujaG2WB+m27/gdegddRsv3hKQbDtMWLswYbqaCT
x7CT4/kX4sV6lk02dmRRnk3DVefTHEEVZojgSFNGmTtrfZFeCqEWuHNbCdz9McQ1
ytUF7zZq55GuHAyE2UTRhKSpOIT3ax9lmgOiT1GfSMLhulk=
-----END CERTIFICATE-----