Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132352e302f32342d3234203d3e203534333339.roa
File:                     37382e32342e3132352e302f32342d3234203d3e203534333339.roa (raw, json)
Hash identifier:          tTS+9WB6aAj3UkraYdy6dDyOFX6va3IxmxhXvq1u9m8=
Subject key identifier:   E2:F2:59:07:76:20:9B:D9:A1:09:EA:29:B0:7E:00:79:E6:76:AD:7C
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       07BC8CB4483AF3C7267B16B0C6FEC965B4F44A82
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132352e302f32342d3234203d3e203534333339.roa
Signing time:             Wed 27 Sep 2023 14:35:36 +0000
ROA not before:           Wed 27 Sep 2023 14:30:36 +0000
ROA not after:            Wed 25 Sep 2024 14:35:36 +0000
asID:                     54339
IP address blocks:        78.24.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:bc:8c:b4:48:3a:f3:c7:26:7b:16:b0:c6:fe:c9:65:b4:f4:4a:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Sep 27 14:30:36 2023 GMT
            Not After : Sep 25 14:35:36 2024 GMT
        Subject: CN=E2F2590776209BD9A109EA29B07E0079E676AD7C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:e5:52:6c:7e:d6:ba:a0:30:38:b1:cf:95:93:
                    89:87:27:78:42:e5:9a:89:bc:3b:f0:51:60:4d:26:
                    02:27:90:90:70:07:60:f7:dc:12:79:b8:91:64:0f:
                    0f:c1:5a:96:fe:3d:a9:86:15:fb:99:b9:05:ef:d0:
                    05:d2:11:d7:39:ce:0d:3e:7f:69:35:11:67:4f:97:
                    ff:ab:a3:9e:42:bc:e4:d7:99:53:16:d4:6a:89:bb:
                    14:c2:76:8a:bb:24:b5:d7:85:90:92:d9:24:95:30:
                    ee:b3:43:3a:30:5f:23:47:41:db:94:76:17:c3:04:
                    7e:d7:dc:5e:61:72:28:b6:da:76:da:f4:a7:f1:d3:
                    3b:fd:4b:5f:d7:d2:19:99:d6:41:9d:b9:96:f9:67:
                    2f:f8:34:90:08:a7:77:e5:aa:0f:bf:d0:65:4c:34:
                    44:41:09:f5:9a:29:53:32:27:b3:f9:fa:1b:8c:f4:
                    0a:ca:5b:4c:01:82:03:0b:3e:e9:18:4c:1d:ae:d1:
                    d4:06:51:cb:ee:6f:c2:61:ff:35:38:3c:c7:bd:bc:
                    38:fb:3b:39:05:b1:f3:d2:08:10:44:f7:77:59:db:
                    51:a3:c7:d7:87:9a:2f:3e:04:c8:cd:0c:cb:c0:a9:
                    7f:f5:d0:a0:e8:a0:3f:30:3b:ae:dd:4f:78:9b:c1:
                    8e:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:F2:59:07:76:20:9B:D9:A1:09:EA:29:B0:7E:00:79:E6:76:AD:7C
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132352e302f32342d3234203d3e203534333339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:fb:96:15:54:5f:ea:07:08:4b:32:08:5b:6e:44:82:5a:b6:
         d7:6f:9d:da:49:bc:27:57:9b:49:a9:44:e9:33:74:16:e4:73:
         87:c3:54:25:45:a9:04:c0:e4:b5:6a:cb:16:dd:28:55:70:e1:
         89:03:b1:9f:6a:35:79:dc:45:58:40:4d:22:63:6e:67:21:b3:
         ce:2f:67:16:89:54:f5:fe:d7:00:99:8e:29:f0:0c:bf:1b:4e:
         76:03:a8:42:c2:a2:a6:24:70:e6:87:4e:ad:10:13:4f:7d:37:
         40:e6:d2:fd:ca:68:0f:62:b3:54:27:95:89:2e:69:7e:d8:e7:
         5a:30:9f:4f:64:c0:1b:3e:b9:40:16:29:ee:93:90:3b:e5:28:
         5b:d4:d5:df:4f:51:bb:4b:2b:12:8f:4a:10:b0:c7:5f:cd:60:
         29:78:25:39:f6:67:35:bb:52:05:ce:7d:4d:ca:3c:51:62:51:
         5d:18:ba:9f:55:0b:e3:5b:b2:7c:ab:d1:48:5c:e8:17:52:45:
         91:55:3a:60:88:57:11:b4:0a:40:8f:b9:17:3a:af:fa:50:38:
         e2:fc:50:4f:48:ad:35:fb:c8:eb:38:4d:cb:f3:a8:8c:58:c7:
         77:af:ae:56:81:cf:7b:a9:9e:19:a7:5a:aa:d7:e9:e5:5d:b1:
         c1:17:72:ff
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUB7yMtEg688cmexawxv7JZbT0SoIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yMzA5MjcxNDMwMzZaFw0yNDA5MjUxNDM1MzZaMDMxMTAvBgNV
BAMTKEUyRjI1OTA3NzYyMDlCRDlBMTA5RUEyOUIwN0UwMDc5RTY3NkFEN0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb5VJsfta6oDA4sc+Vk4mHJ3hC
5ZqJvDvwUWBNJgInkJBwB2D33BJ5uJFkDw/BWpb+PamGFfuZuQXv0AXSEdc5zg0+
f2k1EWdPl/+ro55CvOTXmVMW1GqJuxTCdoq7JLXXhZCS2SSVMO6zQzowXyNHQduU
dhfDBH7X3F5hcii22nba9Kfx0zv9S1/X0hmZ1kGduZb5Zy/4NJAIp3flqg+/0GVM
NERBCfWaKVMyJ7P5+huM9ArKW0wBggMLPukYTB2u0dQGUcvub8Jh/zU4PMe9vDj7
OzkFsfPSCBBE93dZ21Gjx9eHmi8+BMjNDMvAqX/10KDooD8wO67dT3ibwY6NAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU4vJZB3Ygm9mhCeopsH4AeeZ2rXwwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzczODJlMzIzNDJlMzEzMjM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNDMzMzMzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE4Y
fTANBgkqhkiG9w0BAQsFAAOCAQEAafuWFVRf6gcISzIIW25Eglq212+d2km8J1eb
SalE6TN0FuRzh8NUJUWpBMDktWrLFt0oVXDhiQOxn2o1edxFWEBNImNuZyGzzi9n
FolU9f7XAJmOKfAMvxtOdgOoQsKipiRw5odOrRATT303QObS/cpoD2KzVCeViS5p
ftjnWjCfT2TAGz65QBYp7pOQO+UoW9TV309Ru0srEo9KELDHX81gKXglOfZnNbtS
Bc59Tco8UWJRXRi6n1UL41uyfKvRSFzoF1JFkVU6YIhXEbQKQI+5Fzqv+lA44vxQ
T0itNfvI6zhNy/OojFjHd6+uVoHPe6meGadaqtfp5V2xwRdy/w==
-----END CERTIFICATE-----