Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132342e302f32332d3234203d3e20383334.roa
File:                     37382e32342e3132342e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          vZOAtz3IRBLhZ2Tf333wCxyx4PpIHXx//TgcLbjfhcI=
Subject key identifier:   CB:43:50:1F:E8:12:2D:F4:D9:BA:38:87:B9:C2:D5:85:C2:C6:46:E4
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       4056468998994FE370168E2AF5B34CBA34AE91CD
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132342e302f32332d3234203d3e20383334.roa
Signing time:             Mon 14 Aug 2023 00:00:05 +0000
ROA not before:           Sun 13 Aug 2023 23:55:05 +0000
ROA not after:            Mon 12 Aug 2024 00:00:05 +0000
asID:                     834
IP address blocks:        78.24.124.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:56:46:89:98:99:4f:e3:70:16:8e:2a:f5:b3:4c:ba:34:ae:91:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Aug 13 23:55:05 2023 GMT
            Not After : Aug 12 00:00:05 2024 GMT
        Subject: CN=CB43501FE8122DF4D9BA3887B9C2D585C2C646E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:c8:80:05:27:81:bc:22:e9:b4:e8:ef:d9:f9:
                    cc:aa:76:34:0e:43:f4:13:37:c6:c1:8f:cf:2b:5a:
                    05:eb:15:49:90:5a:c4:49:5e:d8:33:48:29:37:34:
                    07:dd:ed:53:5e:52:94:2b:20:76:4b:63:59:ba:79:
                    96:bd:6f:8d:80:2f:f0:f7:92:bc:c6:71:1c:13:72:
                    e1:77:a5:50:55:2f:9d:c2:f6:dd:15:ec:63:2d:7a:
                    9c:88:36:93:82:7c:af:a1:b1:c2:46:ad:58:33:2e:
                    d7:04:da:a8:e8:3d:2e:4c:4b:b2:f1:d9:73:d8:c3:
                    c5:71:b8:a5:1c:de:cc:bb:43:3e:ab:83:aa:2d:19:
                    16:1f:10:2c:99:cf:75:6c:8f:7e:1c:e3:83:91:c4:
                    1f:86:ac:68:74:26:4c:9d:8b:ed:e5:04:e4:eb:ed:
                    ce:7f:c0:82:26:b8:48:ad:85:5a:42:0b:50:c7:c2:
                    4b:8e:2c:b2:1d:a9:3e:70:f9:ce:40:0d:8b:47:08:
                    ab:ec:f0:07:28:11:96:87:17:9d:bd:e2:42:88:23:
                    31:b4:17:32:0a:12:97:e3:d2:a1:c0:bf:ac:db:11:
                    e8:41:13:f2:2c:b7:e5:5c:20:28:f1:e5:64:cb:92:
                    a4:78:b7:54:27:2e:25:f1:e2:8b:08:8d:78:1d:27:
                    c2:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:43:50:1F:E8:12:2D:F4:D9:BA:38:87:B9:C2:D5:85:C2:C6:46:E4
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132342e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:95:41:de:59:6d:e3:6f:ef:4b:90:3a:54:0b:11:08:bd:c4:
         54:e2:d5:74:1b:44:65:05:91:ac:38:71:e6:2d:d0:06:57:c2:
         d3:74:96:42:c5:53:98:15:58:08:e7:42:4e:32:8e:9b:b5:85:
         dc:8e:1b:d6:89:ee:3f:d9:58:e7:8c:3b:ba:2b:0d:96:4e:5f:
         92:e4:a5:24:68:b5:66:50:2f:ba:7a:c2:5f:ba:e8:99:b4:be:
         bd:c1:9d:0a:ad:a9:4e:37:79:c8:1d:8e:72:39:5b:05:28:d9:
         d7:8e:cb:bd:68:cd:ba:d3:60:62:14:c5:66:3f:77:5b:76:80:
         96:8d:6c:e0:e0:97:62:9e:a8:40:31:36:5c:d2:c5:ea:da:e2:
         9d:70:4f:8b:cf:ea:85:5a:03:da:15:e5:e9:2a:72:33:77:60:
         18:02:fb:2b:82:51:90:b9:f2:40:a4:23:6d:49:b5:ea:f4:6e:
         f0:93:ca:c6:38:07:77:19:ea:65:bf:92:1b:08:a6:6f:12:a5:
         ed:f3:c4:5f:ed:3f:49:e9:0d:b8:30:94:5e:da:ff:e2:fd:e2:
         e9:08:60:42:d0:26:6d:67:b4:85:e5:94:dc:19:b1:07:ce:a3:
         75:05:0d:54:b5:bd:7e:08:46:af:5e:ec:df:a1:b7:4c:5b:08:
         0a:fb:68:ae
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUQFZGiZiZT+NwFo4q9bNMujSukc0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yMzA4MTMyMzU1MDVaFw0yNDA4MTIwMDAwMDVaMDMxMTAvBgNV
BAMTKENCNDM1MDFGRTgxMjJERjREOUJBMzg4N0I5QzJENTg1QzJDNjQ2RTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDayIAFJ4G8Ium06O/Z+cyqdjQO
Q/QTN8bBj88rWgXrFUmQWsRJXtgzSCk3NAfd7VNeUpQrIHZLY1m6eZa9b42AL/D3
krzGcRwTcuF3pVBVL53C9t0V7GMtepyINpOCfK+hscJGrVgzLtcE2qjoPS5MS7Lx
2XPYw8VxuKUc3sy7Qz6rg6otGRYfECyZz3Vsj34c44ORxB+GrGh0Jkydi+3lBOTr
7c5/wIImuEithVpCC1DHwkuOLLIdqT5w+c5ADYtHCKvs8AcoEZaHF5294kKIIzG0
FzIKEpfj0qHAv6zbEehBE/Ist+VcICjx5WTLkqR4t1QnLiXx4osIjXgdJ8J1AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUy0NQH+gSLfTZujiHucLVhcLGRuQwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzczODJlMzIzNDJlMzEzMjM0
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBThh8MA0G
CSqGSIb3DQEBCwUAA4IBAQAJlUHeWW3jb+9LkDpUCxEIvcRU4tV0G0RlBZGsOHHm
LdAGV8LTdJZCxVOYFVgI50JOMo6btYXcjhvWie4/2VjnjDu6Kw2WTl+S5KUkaLVm
UC+6esJfuuiZtL69wZ0KralON3nIHY5yOVsFKNnXjsu9aM2602BiFMVmP3dbdoCW
jWzg4JdinqhAMTZc0sXq2uKdcE+Lz+qFWgPaFeXpKnIzd2AYAvsrglGQufJApCNt
SbXq9G7wk8rGOAd3Geplv5IbCKZvEqXt88Rf7T9J6Q24MJRe2v/i/eLpCGBC0CZt
Z7SF5ZTcGbEHzqN1BQ1Utb1+CEavXuzfobdMWwgK+2iu
-----END CERTIFICATE-----