Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132342e302f32332d3234203d3e20383334.roa
File:                     37382e32342e3132342e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          aR9bXXTYwrcEpOUA5zP1Au4UdLHmUATKygkKxMy2Hyo=
Subject key identifier:   9F:23:0D:3E:56:4A:FE:6B:88:CD:95:4F:34:9C:2E:89:87:BE:7A:92
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       033FC58DD2D5ED0B3490137B64BF46F5B94EF10D
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132342e302f32332d3234203d3e20383334.roa
Signing time:             Mon 15 Jul 2024 00:05:18 +0000
ROA not before:           Mon 15 Jul 2024 00:00:18 +0000
ROA not after:            Mon 14 Jul 2025 00:05:18 +0000
asID:                     834
IP address blocks:        78.24.124.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:3f:c5:8d:d2:d5:ed:0b:34:90:13:7b:64:bf:46:f5:b9:4e:f1:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Jul 15 00:00:18 2024 GMT
            Not After : Jul 14 00:05:18 2025 GMT
        Subject: CN=9F230D3E564AFE6B88CD954F349C2E8987BE7A92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2f:5a:2c:0c:8c:ec:11:ee:46:85:dc:3f:ec:
                    12:40:3a:5e:e3:47:7c:4c:17:04:81:40:fa:f2:52:
                    78:91:f2:e4:e5:d6:c1:a9:5a:19:28:3c:0f:67:53:
                    e6:9c:d2:1d:a6:20:b4:9d:5b:dd:81:16:a0:a3:f6:
                    dc:2e:b9:36:63:81:64:c1:32:2e:41:84:cc:15:f4:
                    ca:22:53:20:1b:d8:f9:76:77:0e:4c:b0:df:4a:ba:
                    4a:9f:09:ed:9b:8c:9a:c6:5c:50:52:49:be:8b:e1:
                    b4:6e:6e:ba:c4:05:5a:be:e4:66:60:ae:2f:2c:dc:
                    d5:f1:98:0b:fd:7c:bd:ac:60:25:59:75:f2:e3:32:
                    a7:30:d7:2b:81:4c:92:49:e1:b8:3e:3b:05:8b:56:
                    fd:e4:84:30:0c:70:a7:57:86:82:80:fd:c7:d2:5a:
                    a5:54:74:44:9f:9a:27:60:8d:b4:58:02:31:3c:c3:
                    30:c3:e5:53:f4:80:1d:f0:8a:04:23:6b:1e:b2:8f:
                    d3:56:9e:11:28:06:4e:1a:54:9f:5a:c7:97:95:0d:
                    68:2f:aa:97:3a:f8:f8:0f:a7:9d:88:8f:76:82:54:
                    db:dd:5d:9b:82:ec:e2:70:ac:75:ba:55:46:3d:20:
                    f3:37:0d:27:0f:19:f1:7c:f4:cb:c3:72:a5:26:a5:
                    1f:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:23:0D:3E:56:4A:FE:6B:88:CD:95:4F:34:9C:2E:89:87:BE:7A:92
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132342e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:02:33:de:4a:9b:6f:cf:61:b2:c9:05:85:b5:22:87:97:1e:
         fe:95:0d:7f:3f:6f:98:c7:14:c1:59:a3:b2:e2:a1:0f:92:60:
         6b:0e:f3:59:8c:a1:77:e9:2e:10:7f:06:30:22:42:cf:94:99:
         72:ea:4f:fc:c4:b7:ef:45:cc:d8:5a:80:a7:15:9b:ed:42:6a:
         33:5e:f5:15:5f:6d:06:8b:1a:cd:91:05:c5:49:a5:f4:79:b5:
         7a:05:67:10:ab:f8:78:55:e3:e3:de:b1:2e:3d:57:6d:24:9b:
         64:4a:2a:73:a5:35:2b:a5:16:db:54:e5:66:ad:37:07:a4:d0:
         e1:af:46:f5:12:5c:98:df:fe:f5:13:f1:bb:e3:2d:98:99:52:
         4e:4a:5f:22:fd:08:08:1a:79:d5:ee:6d:51:80:64:d0:8e:c4:
         03:4d:d4:3b:35:ff:37:20:d3:84:86:6e:71:71:6e:0d:04:7e:
         ef:a2:17:e1:bd:d1:9f:29:bb:68:2e:87:11:15:4a:dc:0b:bd:
         bd:e2:03:d5:52:eb:70:b8:2b:e4:25:1e:4a:30:bb:01:1b:be:
         0e:22:aa:68:37:e0:bc:9d:d3:76:3b:38:fa:aa:ee:93:18:8d:
         de:99:ee:5c:44:41:d7:37:1a:5b:f3:9b:f0:05:8f:ac:89:54:
         01:2d:cc:ab
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUAz/FjdLV7Qs0kBN7ZL9G9blO8Q0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNDA3MTUwMDAwMThaFw0yNTA3MTQwMDA1MThaMDMxMTAvBgNV
BAMTKDlGMjMwRDNFNTY0QUZFNkI4OENEOTU0RjM0OUMyRTg5ODdCRTdBOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqL1osDIzsEe5Ghdw/7BJAOl7j
R3xMFwSBQPryUniR8uTl1sGpWhkoPA9nU+ac0h2mILSdW92BFqCj9twuuTZjgWTB
Mi5BhMwV9MoiUyAb2Pl2dw5MsN9KukqfCe2bjJrGXFBSSb6L4bRubrrEBVq+5GZg
ri8s3NXxmAv9fL2sYCVZdfLjMqcw1yuBTJJJ4bg+OwWLVv3khDAMcKdXhoKA/cfS
WqVUdESfmidgjbRYAjE8wzDD5VP0gB3wigQjax6yj9NWnhEoBk4aVJ9ax5eVDWgv
qpc6+PgPp52Ij3aCVNvdXZuC7OJwrHW6VUY9IPM3DScPGfF89MvDcqUmpR9ZAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUnyMNPlZK/muIzZVPNJwuiYe+epIwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzczODJlMzIzNDJlMzEzMjM0
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBThh8MA0G
CSqGSIb3DQEBCwUAA4IBAQBPAjPeSptvz2GyyQWFtSKHlx7+lQ1/P2+YxxTBWaOy
4qEPkmBrDvNZjKF36S4QfwYwIkLPlJly6k/8xLfvRczYWoCnFZvtQmozXvUVX20G
ixrNkQXFSaX0ebV6BWcQq/h4VePj3rEuPVdtJJtkSipzpTUrpRbbVOVmrTcHpNDh
r0b1ElyY3/71E/G74y2YmVJOSl8i/QgIGnnV7m1RgGTQjsQDTdQ7Nf83INOEhm5x
cW4NBH7vohfhvdGfKbtoLocRFUrcC7294gPVUutwuCvkJR5KMLsBG74OIqpoN+C8
ndN2Ozj6qu6TGI3eme5cREHXNxpb85vwBY+siVQBLcyr
-----END CERTIFICATE-----