Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132332e302f32342d3234203d3e2037303138.roa
File:                     37382e32342e3132332e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          ZsJGAAYEYqLUIow7dg0/imQDjPe3T5XhlieP0sVxzm4=
Subject key identifier:   7E:A6:62:82:D0:77:70:48:B1:B7:95:46:E4:A9:07:F9:44:96:99:7C
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       0C40E383E1578C8E1905738266F2F21DCF554E43
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132332e302f32342d3234203d3e2037303138.roa
Signing time:             Mon 11 Sep 2023 11:03:28 +0000
ROA not before:           Mon 11 Sep 2023 10:58:28 +0000
ROA not after:            Mon 09 Sep 2024 11:03:28 +0000
asID:                     7018
IP address blocks:        78.24.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:40:e3:83:e1:57:8c:8e:19:05:73:82:66:f2:f2:1d:cf:55:4e:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Sep 11 10:58:28 2023 GMT
            Not After : Sep  9 11:03:28 2024 GMT
        Subject: CN=7EA66282D0777048B1B79546E4A907F94496997C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ac:c8:78:cf:80:a0:b1:a3:48:ea:3c:14:fc:
                    a6:1a:83:e0:1d:00:87:f0:f5:b1:9f:29:f0:9c:9b:
                    3d:70:fc:72:0f:9c:58:b1:f2:1b:00:18:bf:2a:90:
                    a6:29:6e:b3:9d:c4:42:1b:ac:d4:a3:13:55:f9:29:
                    15:1f:7e:d6:d6:1f:71:08:92:ef:52:69:ae:4d:4a:
                    e9:68:6b:c9:8b:41:65:e7:98:f5:30:1b:28:41:b8:
                    f5:59:0a:99:fd:d5:90:d2:61:62:1d:b2:4c:f7:f7:
                    aa:76:e6:1f:de:9c:40:c9:68:c9:d3:df:b2:54:b0:
                    7f:d8:15:2b:fd:c0:87:81:6a:83:c3:4a:e3:69:ea:
                    a8:14:3c:b4:45:6e:40:f9:c5:b0:d3:d7:3b:3c:5a:
                    4f:7f:d8:bc:e1:b4:fb:3a:5b:92:2b:a9:fc:cd:f3:
                    9d:4e:2f:89:ff:5f:e9:2e:c9:e0:78:39:aa:1c:d4:
                    84:d8:28:1a:d8:5e:06:30:c7:1f:33:5e:24:2d:bb:
                    7b:98:d2:b7:b7:3c:4b:0f:24:bb:c9:16:49:ac:b7:
                    7e:9d:a1:8d:b5:e9:87:50:20:8c:d1:7f:46:db:9e:
                    81:03:ba:07:e1:00:36:f4:e1:60:65:da:0a:32:9c:
                    ef:f6:bf:15:6f:76:92:a3:bb:27:96:49:22:8f:0e:
                    9f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:A6:62:82:D0:77:70:48:B1:B7:95:46:E4:A9:07:F9:44:96:99:7C
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132332e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:fe:bd:30:d5:00:4e:13:cc:6e:e6:ba:c9:af:c3:bc:d9:81:
         be:3c:7e:b9:55:d5:5a:09:4e:f4:46:f6:e6:38:9b:20:a2:d5:
         75:8e:34:92:a8:a8:d0:f0:48:45:9a:5f:7f:a2:80:90:32:b9:
         e8:54:0e:2b:88:40:14:b8:51:30:e3:85:33:09:05:6a:c6:20:
         b9:bb:18:1c:eb:83:9d:87:67:94:83:20:93:76:36:8d:4b:25:
         51:cc:9e:9b:be:35:62:66:14:b0:b5:2d:8c:4d:53:57:66:90:
         7b:7a:4a:c7:a5:5e:71:84:23:cd:54:21:bb:69:4b:83:0e:23:
         f8:e8:e7:7c:69:fb:7e:db:60:4c:2a:a7:7f:0f:1b:61:cd:0a:
         76:d8:38:71:23:95:ad:ac:68:a2:06:dd:1c:d3:c8:6e:23:0c:
         d0:98:02:4d:a9:ba:c1:41:41:64:a2:25:5a:c3:63:3b:93:0b:
         21:04:7a:2e:07:d6:1c:f8:8d:03:45:95:58:25:f8:f6:12:cc:
         35:4c:a5:69:96:4b:25:5e:06:97:90:f7:e0:eb:c5:43:ee:d0:
         11:bb:2f:dd:95:35:f3:3b:59:ad:ba:ee:83:b0:b0:c0:fb:45:
         09:fd:e2:2b:eb:17:b6:af:f7:b3:38:01:c5:98:37:70:fd:56:
         cc:69:a7:c2
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUDEDjg+FXjI4ZBXOCZvLyHc9VTkMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yMzA5MTExMDU4MjhaFw0yNDA5MDkxMTAzMjhaMDMxMTAvBgNV
BAMTKDdFQTY2MjgyRDA3NzcwNDhCMUI3OTU0NkU0QTkwN0Y5NDQ5Njk5N0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfrMh4z4CgsaNI6jwU/KYag+Ad
AIfw9bGfKfCcmz1w/HIPnFix8hsAGL8qkKYpbrOdxEIbrNSjE1X5KRUfftbWH3EI
ku9Saa5NSuloa8mLQWXnmPUwGyhBuPVZCpn91ZDSYWIdskz396p25h/enEDJaMnT
37JUsH/YFSv9wIeBaoPDSuNp6qgUPLRFbkD5xbDT1zs8Wk9/2LzhtPs6W5IrqfzN
851OL4n/X+kuyeB4Oaoc1ITYKBrYXgYwxx8zXiQtu3uY0re3PEsPJLvJFkmst36d
oY216YdQIIzRf0bbnoEDugfhADb04WBl2goynO/2vxVvdpKjuyeWSSKPDp+fAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUfqZigtB3cEixt5VG5KkH+USWmXwwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzczODJlMzIzNDJlMzEzMjMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzczMDMxMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABOGHsw
DQYJKoZIhvcNAQELBQADggEBAFD+vTDVAE4TzG7musmvw7zZgb48frlV1VoJTvRG
9uY4myCi1XWONJKoqNDwSEWaX3+igJAyuehUDiuIQBS4UTDjhTMJBWrGILm7GBzr
g52HZ5SDIJN2No1LJVHMnpu+NWJmFLC1LYxNU1dmkHt6SselXnGEI81UIbtpS4MO
I/jo53xp+37bYEwqp38PG2HNCnbYOHEjla2saKIG3RzTyG4jDNCYAk2pusFBQWSi
JVrDYzuTCyEEei4H1hz4jQNFlVgl+PYSzDVMpWmWSyVeBpeQ9+DrxUPu0BG7L92V
NfM7Wa267oOwsMD7RQn94ivrF7av97M4AcWYN3D9Vsxpp8I=
-----END CERTIFICATE-----