Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132322e302f32332d3234203d3e20383334.roa
File:                     37382e32342e3132322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          rfyiva0sk006w3lHerezBX9iWG8ykmsmtyPg33nQBSg=
Subject key identifier:   34:88:17:11:E8:D1:D0:15:A3:7F:47:18:62:1C:C4:34:F2:A6:0B:73
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       5FAA4C11ABC722314F34B1CE88DA59FC24D9FCF0
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132322e302f32332d3234203d3e20383334.roa
Signing time:             Wed 02 Aug 2023 00:00:04 +0000
ROA not before:           Tue 01 Aug 2023 23:55:04 +0000
ROA not after:            Wed 31 Jul 2024 00:00:04 +0000
asID:                     834
IP address blocks:        78.24.122.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:aa:4c:11:ab:c7:22:31:4f:34:b1:ce:88:da:59:fc:24:d9:fc:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Aug  1 23:55:04 2023 GMT
            Not After : Jul 31 00:00:04 2024 GMT
        Subject: CN=34881711E8D1D015A37F4718621CC434F2A60B73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:13:de:03:9c:0a:2d:b1:d7:d7:73:8b:d3:97:
                    12:c7:61:9c:73:51:4f:4d:1c:8d:9f:88:6c:4a:dc:
                    92:fa:50:f6:d4:d2:c7:ca:53:19:fb:0e:f3:ae:98:
                    bd:56:73:86:fb:fb:a7:8f:d0:ba:c3:07:fe:92:6c:
                    06:35:d5:fd:37:4d:12:f5:1c:cc:ff:a2:34:7d:f1:
                    59:e8:c4:04:e7:1f:72:c4:fb:70:cb:bb:1b:01:09:
                    b5:3b:27:2e:99:4e:27:a2:c7:97:04:8f:53:82:40:
                    ef:e5:67:f5:ee:c5:73:25:04:95:9a:9e:f0:41:33:
                    79:37:fe:9c:75:ef:9e:3a:81:00:d2:7c:03:3f:31:
                    34:0f:9e:fd:c5:f6:d9:b6:f3:ff:65:8a:85:c6:ef:
                    87:c2:90:7c:9d:54:22:8c:a6:21:c1:6b:a8:37:b8:
                    dd:c3:72:7d:5f:78:87:c8:ef:23:4e:ca:05:5c:d7:
                    0e:7d:13:56:36:d8:42:a8:1b:0b:22:e3:8b:62:b5:
                    53:ab:55:e8:b9:c4:63:cf:0a:52:ea:e1:52:92:ce:
                    5d:0b:b3:bf:54:27:48:52:5a:67:ef:a0:35:8a:43:
                    04:86:07:61:a0:f4:3f:0f:29:c3:b5:25:72:63:bb:
                    7d:de:7b:33:11:81:87:09:62:9a:8b:6e:a2:0c:18:
                    e6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:88:17:11:E8:D1:D0:15:A3:7F:47:18:62:1C:C4:34:F2:A6:0B:73
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:cf:71:97:53:60:f6:d4:af:a6:a3:35:55:a6:a1:86:be:06:
         55:a8:88:e8:c4:58:51:84:b5:82:8c:70:c0:12:38:d6:52:04:
         78:e2:d1:9c:f1:b3:62:e0:03:b5:73:e4:8e:30:32:30:83:05:
         30:d4:26:1a:5c:e0:aa:96:61:d2:99:92:c4:76:46:00:aa:4d:
         ec:8d:8d:1c:c1:5d:79:75:d1:e1:e0:70:55:90:d7:0d:97:23:
         b2:86:89:6b:1d:5d:07:a2:fa:3f:34:7c:f5:18:38:fe:cc:25:
         15:66:60:71:e0:82:85:44:18:88:8c:3f:3f:83:85:6f:11:82:
         a9:3c:69:ff:33:91:5a:ac:04:f3:de:60:90:5b:40:b4:bb:d4:
         f5:d3:98:cc:1e:d8:2f:db:94:05:c9:d8:4a:9a:8c:2c:53:52:
         77:e2:2f:c7:83:eb:cf:39:25:6d:47:b2:0a:55:4d:23:cf:5d:
         96:92:3c:3e:d9:80:28:15:9e:54:a6:e9:98:ee:d3:34:d2:70:
         fe:0b:1f:a6:86:40:66:6a:ba:41:85:97:13:19:57:f2:2b:04:
         36:3e:25:d3:85:bc:18:2d:d9:43:01:37:24:9d:3d:53:36:de:
         f6:4f:b0:08:5f:ec:55:87:1c:f3:61:3d:0d:f3:dd:4a:aa:8a:
         c9:9c:f6:a9
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUX6pMEavHIjFPNLHOiNpZ/CTZ/PAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yMzA4MDEyMzU1MDRaFw0yNDA3MzEwMDAwMDRaMDMxMTAvBgNV
BAMTKDM0ODgxNzExRThEMUQwMTVBMzdGNDcxODYyMUNDNDM0RjJBNjBCNzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFE94DnAotsdfXc4vTlxLHYZxz
UU9NHI2fiGxK3JL6UPbU0sfKUxn7DvOumL1Wc4b7+6eP0LrDB/6SbAY11f03TRL1
HMz/ojR98VnoxATnH3LE+3DLuxsBCbU7Jy6ZTieix5cEj1OCQO/lZ/XuxXMlBJWa
nvBBM3k3/px17546gQDSfAM/MTQPnv3F9tm28/9lioXG74fCkHydVCKMpiHBa6g3
uN3Dcn1feIfI7yNOygVc1w59E1Y22EKoGwsi44titVOrVei5xGPPClLq4VKSzl0L
s79UJ0hSWmfvoDWKQwSGB2Gg9D8PKcO1JXJju33eezMRgYcJYpqLbqIMGOYHAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUNIgXEejR0BWjf0cYYhzENPKmC3MwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzczODJlMzIzNDJlMzEzMjMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBThh6MA0G
CSqGSIb3DQEBCwUAA4IBAQANz3GXU2D21K+mozVVpqGGvgZVqIjoxFhRhLWCjHDA
EjjWUgR44tGc8bNi4AO1c+SOMDIwgwUw1CYaXOCqlmHSmZLEdkYAqk3sjY0cwV15
ddHh4HBVkNcNlyOyholrHV0Hovo/NHz1GDj+zCUVZmBx4IKFRBiIjD8/g4VvEYKp
PGn/M5FarATz3mCQW0C0u9T105jMHtgv25QFydhKmowsU1J34i/Hg+vPOSVtR7IK
VU0jz12Wkjw+2YAoFZ5UpumY7tM00nD+Cx+mhkBmarpBhZcTGVfyKwQ2PiXThbwY
LdlDATcknT1TNt72T7AIX+xVhxzzYT0N891KqorJnPap
-----END CERTIFICATE-----