Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132332e302f32342d3234203d3e2037303138.roa
File:                     37382e32342e3132332e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          /Sw/kTcH9aO7bMcRnVprTh49TII5UJ49lP8PepQkn1Y=
Subject key identifier:   BC:0B:99:16:06:18:A0:3E:E0:D1:54:6A:96:B0:5A:34:C2:3F:1A:DD
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       434C5593F85116BFF899DBF497DCD3E3445DA8EF
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132332e302f32342d3234203d3e2037303138.roa
Signing time:             Mon 12 Aug 2024 11:05:19 +0000
ROA not before:           Mon 12 Aug 2024 11:00:19 +0000
ROA not after:            Mon 11 Aug 2025 11:05:19 +0000
asID:                     7018
IP address blocks:        78.24.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:4c:55:93:f8:51:16:bf:f8:99:db:f4:97:dc:d3:e3:44:5d:a8:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Aug 12 11:00:19 2024 GMT
            Not After : Aug 11 11:05:19 2025 GMT
        Subject: CN=BC0B99160618A03EE0D1546A96B05A34C23F1ADD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:68:17:9d:25:3d:49:e1:57:8e:9e:67:96:66:
                    54:fd:7b:99:a4:0f:f0:fe:84:53:5a:cf:15:47:fb:
                    de:72:c5:36:e9:bd:ee:52:95:83:42:f5:3b:87:07:
                    14:45:9b:35:47:2e:df:76:20:c9:ac:82:86:07:ac:
                    7a:85:13:32:84:24:a5:57:8c:e4:03:63:33:38:39:
                    d2:77:ae:c4:ba:8b:dd:b3:61:a6:fe:3f:21:4c:a8:
                    56:a1:65:2a:e7:ca:bc:3f:c8:7d:d9:2f:d5:06:03:
                    f9:13:71:da:58:e3:c2:6d:18:a4:bd:75:ff:c0:c9:
                    20:42:34:c9:08:3f:cd:ea:73:2f:50:10:c9:6f:86:
                    a5:8d:b3:94:f1:ca:63:bb:1a:50:6b:48:58:d5:db:
                    01:72:57:f2:2c:f7:1a:2d:58:7a:73:81:f9:7c:a5:
                    d3:d6:a3:43:f5:9a:bd:bb:9c:60:86:be:28:1e:d9:
                    19:ee:13:1b:f1:36:c3:3f:b6:73:86:57:74:12:7d:
                    d9:87:ef:a1:84:51:17:7c:82:6e:70:da:0e:d3:92:
                    16:b8:fe:da:11:3a:07:e9:1a:02:d4:22:ea:ef:f6:
                    fd:4d:6e:48:1f:1b:2d:2e:02:7a:ea:c4:9e:c4:a1:
                    b8:f1:de:b1:51:ad:5b:02:d3:4d:d7:96:79:32:4d:
                    35:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:0B:99:16:06:18:A0:3E:E0:D1:54:6A:96:B0:5A:34:C2:3F:1A:DD
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132332e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:56:28:a7:3e:7d:4e:51:54:ec:cb:6b:9f:96:86:b3:4b:a6:
         80:03:52:8e:d2:6b:53:bb:6b:36:d6:b6:25:b4:6f:e0:1d:ee:
         36:16:ad:4e:c8:65:06:b3:df:6c:1b:93:bb:f2:2c:70:cf:e1:
         df:1a:e5:f1:3a:86:31:97:2f:9c:7a:e3:29:24:2e:35:1d:71:
         d0:d2:64:c5:ab:bf:5d:68:5b:4d:e1:60:41:2f:56:c0:86:5c:
         dd:77:5d:97:ca:9f:65:ab:d3:d4:4f:71:ac:05:36:2d:25:94:
         09:2f:b8:bf:76:3d:79:9d:16:a6:eb:01:d6:c5:54:11:e1:4c:
         17:5b:68:37:1e:67:e0:06:27:be:d3:d1:1b:6b:41:f8:4e:9e:
         75:cf:ba:c0:0b:c1:f1:bb:65:2e:5e:9e:75:d2:68:9d:72:5e:
         04:d8:94:9e:ff:35:b9:11:63:59:07:16:e7:59:f5:16:f1:26:
         77:0f:34:3a:47:2a:08:c1:75:17:71:69:c7:57:30:26:f9:6d:
         75:69:a8:66:c1:cd:81:95:2f:26:2d:8e:c4:fe:bc:47:cd:90:
         7a:f7:37:e8:0c:a9:40:c9:48:8a:be:2b:8f:5c:1c:e3:99:bc:
         d5:99:88:5d:a6:45:7b:f6:b0:98:44:ce:3c:fc:6c:fd:d4:b7:
         72:69:07:a4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQ0xVk/hRFr/4mdv0l9zT40RdqO8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNDA4MTIxMTAwMTlaFw0yNTA4MTExMTA1MTlaMDMxMTAvBgNV
BAMTKEJDMEI5OTE2MDYxOEEwM0VFMEQxNTQ2QTk2QjA1QTM0QzIzRjFBREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXaBedJT1J4VeOnmeWZlT9e5mk
D/D+hFNazxVH+95yxTbpve5SlYNC9TuHBxRFmzVHLt92IMmsgoYHrHqFEzKEJKVX
jOQDYzM4OdJ3rsS6i92zYab+PyFMqFahZSrnyrw/yH3ZL9UGA/kTcdpY48JtGKS9
df/AySBCNMkIP83qcy9QEMlvhqWNs5TxymO7GlBrSFjV2wFyV/Is9xotWHpzgfl8
pdPWo0P1mr27nGCGvige2RnuExvxNsM/tnOGV3QSfdmH76GEURd8gm5w2g7Tkha4
/toROgfpGgLUIurv9v1NbkgfGy0uAnrqxJ7Eobjx3rFRrVsC003XlnkyTTVXAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUvAuZFgYYoD7g0VRqlrBaNMI/Gt0wHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzczODJlMzIzNDJlMzEzMjMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzczMDMxMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABOGHsw
DQYJKoZIhvcNAQELBQADggEBAExWKKc+fU5RVOzLa5+WhrNLpoADUo7Sa1O7azbW
tiW0b+Ad7jYWrU7IZQaz32wbk7vyLHDP4d8a5fE6hjGXL5x64ykkLjUdcdDSZMWr
v11oW03hYEEvVsCGXN13XZfKn2Wr09RPcawFNi0llAkvuL92PXmdFqbrAdbFVBHh
TBdbaDceZ+AGJ77T0RtrQfhOnnXPusALwfG7ZS5ennXSaJ1yXgTYlJ7/NbkRY1kH
FudZ9RbxJncPNDpHKgjBdRdxacdXMCb5bXVpqGbBzYGVLyYtjsT+vEfNkHr3N+gM
qUDJSIq+K49cHOOZvNWZiF2mRXv2sJhEzjz8bP3Ut3JpB6Q=
-----END CERTIFICATE-----