Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132322e302f32342d3234203d3e2037303138.roa
File:                     37382e32342e3132322e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          VqVKoF7iu6oZpBibUU7dIXHyYCOWDkKvo2nEluE8pdI=
Subject key identifier:   43:C3:33:F3:1F:23:19:F5:9B:80:0A:B9:C4:88:B6:CC:A3:89:8A:F7
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       409A50DB65FA3CA807B74A965C16A0F44F7C53ED
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132322e302f32342d3234203d3e2037303138.roa
Signing time:             Wed 01 May 2024 16:30:47 +0000
ROA not before:           Wed 01 May 2024 16:25:47 +0000
ROA not after:            Wed 30 Apr 2025 16:30:47 +0000
asID:                     7018
IP address blocks:        78.24.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:9a:50:db:65:fa:3c:a8:07:b7:4a:96:5c:16:a0:f4:4f:7c:53:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: May  1 16:25:47 2024 GMT
            Not After : Apr 30 16:30:47 2025 GMT
        Subject: CN=43C333F31F2319F59B800AB9C488B6CCA3898AF7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a3:e2:23:e2:e5:79:48:ab:a5:a0:db:f9:33:
                    3d:91:ff:93:a6:9d:fa:fe:97:20:6e:2a:d8:a0:1d:
                    c9:07:6d:5e:a6:94:c7:18:7c:f0:66:25:84:bc:47:
                    1d:a0:28:fc:48:6f:cd:99:cc:c3:a3:cb:d4:82:f5:
                    04:b6:f2:52:b9:a1:70:68:bb:9a:24:57:c5:e7:45:
                    9e:4f:1e:1e:bf:f7:4f:b6:b3:99:8b:d8:3e:ed:d0:
                    bf:f9:27:13:be:68:4e:39:0d:bf:d2:42:66:c9:b1:
                    f3:1b:5e:96:be:1b:bc:34:45:99:8c:07:76:11:cb:
                    d7:a4:07:6f:68:14:6e:db:fb:1b:e2:ff:8c:77:1f:
                    f4:b7:57:c5:0a:57:7c:61:ed:5c:3c:3f:5b:5b:13:
                    3a:a0:5d:59:ca:3d:6f:d7:54:8a:0b:19:9a:b8:6e:
                    a2:21:ef:eb:d1:ab:2a:d4:c2:62:31:02:bc:91:99:
                    71:7f:59:80:ac:26:85:06:24:e2:69:74:ff:5a:9f:
                    7c:32:2a:52:77:ad:72:b7:42:a6:64:9b:5f:d2:bc:
                    f4:50:c7:2d:3a:a8:de:ee:c7:e7:87:68:3e:56:7c:
                    44:dd:7d:8a:6a:cc:9c:0f:51:07:ef:54:de:77:5f:
                    bb:0f:38:fe:1d:50:c3:05:8d:eb:54:fb:df:a7:52:
                    7a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:C3:33:F3:1F:23:19:F5:9B:80:0A:B9:C4:88:B6:CC:A3:89:8A:F7
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132322e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:98:22:a4:09:c4:09:fc:41:9a:63:c1:f7:b8:84:e7:ae:7e:
         1b:4f:5c:16:2b:ec:35:a8:a2:cc:3b:7d:cf:f1:0d:72:62:bf:
         e0:13:dd:a5:d7:7c:e1:77:b2:b8:51:53:0d:7f:e5:1a:79:ae:
         6e:34:b2:26:a5:97:bc:13:e6:a2:16:9b:8c:9f:e4:cb:19:8a:
         cc:0c:61:9c:68:7e:55:53:34:f2:cc:7c:f6:4d:e5:5e:44:cd:
         b7:44:77:26:55:14:3a:fb:f7:24:98:6f:a9:68:d1:b0:d9:5c:
         e5:20:5c:fa:cd:8c:a0:41:ec:05:0a:44:1e:70:b7:d6:69:71:
         af:bc:a1:10:8d:ec:04:38:5e:5c:d2:82:24:22:a3:f5:1d:39:
         09:8a:b3:cc:17:f3:e4:70:1c:9f:9b:4d:eb:a0:83:be:92:3d:
         18:1f:7f:3f:3d:90:70:93:ac:3a:78:52:70:3a:83:cd:a1:93:
         82:5e:58:77:f0:de:ca:1c:84:10:f3:b0:be:44:8f:8d:e6:8e:
         45:7c:38:ec:88:dc:d3:5e:e5:68:84:41:c7:0b:b4:e0:f5:10:
         7b:f6:d9:8c:22:31:f8:4d:e9:aa:e1:49:6b:60:41:6a:47:80:
         c3:87:2c:7d:8e:44:7a:57:8d:99:54:4b:ff:29:89:5a:5e:8c:
         55:dd:5f:ee
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQJpQ22X6PKgHt0qWXBag9E98U+0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNDA1MDExNjI1NDdaFw0yNTA0MzAxNjMwNDdaMDMxMTAvBgNV
BAMTKDQzQzMzM0YzMUYyMzE5RjU5QjgwMEFCOUM0ODhCNkNDQTM4OThBRjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2o+Ij4uV5SKuloNv5Mz2R/5Om
nfr+lyBuKtigHckHbV6mlMcYfPBmJYS8Rx2gKPxIb82ZzMOjy9SC9QS28lK5oXBo
u5okV8XnRZ5PHh6/90+2s5mL2D7t0L/5JxO+aE45Db/SQmbJsfMbXpa+G7w0RZmM
B3YRy9ekB29oFG7b+xvi/4x3H/S3V8UKV3xh7Vw8P1tbEzqgXVnKPW/XVIoLGZq4
bqIh7+vRqyrUwmIxAryRmXF/WYCsJoUGJOJpdP9an3wyKlJ3rXK3QqZkm1/SvPRQ
xy06qN7ux+eHaD5WfETdfYpqzJwPUQfvVN53X7sPOP4dUMMFjetU+9+nUnpbAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUQ8Mz8x8jGfWbgAq5xIi2zKOJivcwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzczODJlMzIzNDJlMzEzMjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzczMDMxMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABOGHow
DQYJKoZIhvcNAQELBQADggEBAIiYIqQJxAn8QZpjwfe4hOeufhtPXBYr7DWoosw7
fc/xDXJiv+AT3aXXfOF3srhRUw1/5Rp5rm40siall7wT5qIWm4yf5MsZiswMYZxo
flVTNPLMfPZN5V5EzbdEdyZVFDr79ySYb6lo0bDZXOUgXPrNjKBB7AUKRB5wt9Zp
ca+8oRCN7AQ4XlzSgiQio/UdOQmKs8wX8+RwHJ+bTeugg76SPRgffz89kHCTrDp4
UnA6g82hk4JeWHfw3sochBDzsL5Ej43mjkV8OOyI3NNe5WiEQccLtOD1EHv22Ywi
MfhN6arhSWtgQWpHgMOHLH2ORHpXjZlUS/8piVpejFXdX+4=
-----END CERTIFICATE-----