Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132312e302f32342d3234203d3e203631333137.roa
File:                     37382e32342e3132312e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          RwfaSxxteSNcESziyQtnuZWAyXx/wSPpPO3hFCuLzuQ=
Subject key identifier:   DD:6F:0C:01:C7:65:C9:9F:F6:0D:9D:A8:6C:BA:A2:DB:C4:F8:1C:E0
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       5A838097096ED011694853D81BFB2AB57A16916E
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132312e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 04 Apr 2024 12:05:16 +0000
ROA not before:           Thu 04 Apr 2024 12:00:16 +0000
ROA not after:            Thu 03 Apr 2025 12:05:16 +0000
asID:                     61317
IP address blocks:        78.24.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 00:45:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:83:80:97:09:6e:d0:11:69:48:53:d8:1b:fb:2a:b5:7a:16:91:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Apr  4 12:00:16 2024 GMT
            Not After : Apr  3 12:05:16 2025 GMT
        Subject: CN=DD6F0C01C765C99FF60D9DA86CBAA2DBC4F81CE0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c3:30:37:5d:03:63:70:c3:af:aa:bd:2e:8a:
                    ca:8f:f7:24:f7:6d:7d:08:a2:00:4a:bb:9a:bf:36:
                    70:41:5d:99:a4:d3:43:ba:fd:c2:93:56:64:89:73:
                    5d:a8:aa:b4:2e:e2:d3:b7:32:7b:84:d8:4d:88:55:
                    58:2c:1b:8f:8a:2e:ca:2f:9b:86:70:ec:de:0f:71:
                    5e:ec:36:40:0a:de:c7:c4:63:89:9a:aa:da:e5:10:
                    34:68:c6:50:90:e2:49:24:23:16:b8:4e:bf:58:ac:
                    f6:91:f1:bf:eb:ad:d3:a7:f5:cf:9a:b5:9f:02:d4:
                    62:96:08:e1:7d:b7:4e:c1:af:85:1c:44:de:2c:9a:
                    42:f9:32:62:f9:90:95:d1:75:97:be:37:4b:4a:46:
                    47:69:e1:3f:18:92:ad:f0:2f:dc:9e:32:28:cf:e2:
                    dd:56:63:9b:cb:23:96:da:e9:ac:b0:68:2a:43:7f:
                    fa:cf:b6:7b:d1:18:89:84:81:10:5e:a1:19:ab:71:
                    7d:ba:1a:8c:f4:7e:d3:92:fb:3c:53:3b:fa:4d:09:
                    f0:02:12:7b:b1:b9:e2:bf:53:6a:4a:60:bf:78:02:
                    fc:dd:22:5b:ce:4d:3a:e9:e0:25:87:91:f5:08:4a:
                    15:41:a4:fc:23:fa:fc:16:e8:9b:35:7d:b5:bb:49:
                    45:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:6F:0C:01:C7:65:C9:9F:F6:0D:9D:A8:6C:BA:A2:DB:C4:F8:1C:E0
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132312e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:94:94:a4:78:d5:41:f0:b7:1f:0e:41:45:be:6e:53:7e:89:
         33:64:b9:6c:62:d7:dd:f9:9e:33:0b:06:f0:a7:71:f3:78:b1:
         7f:32:6a:c5:28:62:87:55:24:14:e4:d9:13:bc:70:62:0e:2d:
         31:bc:05:4b:f1:2f:48:ce:c6:a5:5c:78:d9:05:c7:e1:7c:7f:
         60:19:b9:1e:56:b7:d2:15:7a:6f:d7:78:a0:0b:c4:e0:6a:d9:
         52:eb:46:20:9c:23:cc:62:87:5a:c4:24:bf:08:59:f3:d5:26:
         e5:8b:6a:5d:a8:31:05:b6:ad:10:29:0d:bf:93:54:e2:09:96:
         77:03:10:ef:b7:ef:a1:0f:c1:2e:01:53:39:c4:f3:9e:fb:1a:
         20:64:6c:e7:18:53:c6:32:db:0e:d1:87:25:68:c9:f4:0d:e6:
         99:e3:3a:3f:9d:3b:f6:4b:60:9e:02:02:8e:70:3e:f7:9b:2f:
         2d:8e:51:3a:35:8d:35:8e:2c:e9:42:d0:36:7b:f2:55:43:ab:
         7e:ac:0b:92:44:c7:f9:d5:a7:d9:3c:a0:44:a6:d2:01:b7:b7:
         ee:5a:c7:aa:8d:30:04:ae:76:da:d0:52:0c:a0:90:55:8b:79:
         b5:27:4d:56:9e:2e:f8:f6:65:72:fa:36:2b:12:77:1f:47:44:
         1c:e2:33:60
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWoOAlwlu0BFpSFPYG/sqtXoWkW4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNDA0MDQxMjAwMTZaFw0yNTA0MDMxMjA1MTZaMDMxMTAvBgNV
BAMTKERENkYwQzAxQzc2NUM5OUZGNjBEOURBODZDQkFBMkRCQzRGODFDRTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6wzA3XQNjcMOvqr0uisqP9yT3
bX0IogBKu5q/NnBBXZmk00O6/cKTVmSJc12oqrQu4tO3MnuE2E2IVVgsG4+KLsov
m4Zw7N4PcV7sNkAK3sfEY4maqtrlEDRoxlCQ4kkkIxa4Tr9YrPaR8b/rrdOn9c+a
tZ8C1GKWCOF9t07Br4UcRN4smkL5MmL5kJXRdZe+N0tKRkdp4T8Ykq3wL9yeMijP
4t1WY5vLI5ba6aywaCpDf/rPtnvRGImEgRBeoRmrcX26Goz0ftOS+zxTO/pNCfAC
EnuxueK/U2pKYL94AvzdIlvOTTrp4CWHkfUIShVBpPwj+vwW6Js1fbW7SUXVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU3W8MAcdlyZ/2DZ2obLqi28T4HOAwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzczODJlMzIzNDJlMzEzMjMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE4Y
eTANBgkqhkiG9w0BAQsFAAOCAQEAYpSUpHjVQfC3Hw5BRb5uU36JM2S5bGLX3fme
MwsG8Kdx83ixfzJqxShih1UkFOTZE7xwYg4tMbwFS/EvSM7GpVx42QXH4Xx/YBm5
Hla30hV6b9d4oAvE4GrZUutGIJwjzGKHWsQkvwhZ89Um5YtqXagxBbatECkNv5NU
4gmWdwMQ77fvoQ/BLgFTOcTznvsaIGRs5xhTxjLbDtGHJWjJ9A3mmeM6P5079ktg
ngICjnA+95svLY5ROjWNNY4s6ULQNnvyVUOrfqwLkkTH+dWn2TygRKbSAbe37lrH
qo0wBK522tBSDKCQVYt5tSdNVp4u+PZlcvo2KxJ3H0dEHOIzYA==
-----END CERTIFICATE-----