Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132352e302f32342d3234203d3e203534333339.roa
File:                     37382e32342e3132352e302f32342d3234203d3e203534333339.roa (raw, json)
Hash identifier:          7W/JQiIhBxvV9lPwlVaE2K95jNPOksJaHe90LVwGv1I=
Subject key identifier:   16:9C:87:ED:24:CF:C6:F0:63:93:F5:2D:2B:EF:25:BD:39:60:3C:72
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       7C7BCFB4E6639199CE5B07CED2210AF914340201
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132352e302f32342d3234203d3e203534333339.roa
Signing time:             Wed 28 Aug 2024 15:05:19 +0000
ROA not before:           Wed 28 Aug 2024 15:00:19 +0000
ROA not after:            Wed 27 Aug 2025 15:05:19 +0000
asID:                     54339
IP address blocks:        78.24.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:7b:cf:b4:e6:63:91:99:ce:5b:07:ce:d2:21:0a:f9:14:34:02:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Aug 28 15:00:19 2024 GMT
            Not After : Aug 27 15:05:19 2025 GMT
        Subject: CN=169C87ED24CFC6F06393F52D2BEF25BD39603C72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:25:a3:a6:6f:ea:26:c0:1d:9c:88:06:30:16:
                    6b:b9:54:2c:11:bf:c8:c2:c9:51:e0:bf:83:d2:3a:
                    c5:39:6d:f2:44:9a:5f:a2:39:f3:55:4c:dc:50:ea:
                    9f:60:2a:d3:80:fa:41:d3:a0:48:ab:f3:7d:ce:aa:
                    e2:cb:42:a3:26:ae:70:4d:a0:44:41:ae:ba:d6:fa:
                    1e:2a:88:25:65:53:2c:11:b8:ca:66:7a:f4:ce:67:
                    f7:2b:d9:15:d5:e5:23:2f:9a:8f:d9:3d:f1:3e:01:
                    e6:84:86:b8:62:0a:aa:4b:99:be:7d:44:58:26:1c:
                    4b:d1:53:6d:1b:36:ad:db:d1:42:e7:91:8c:4c:de:
                    1f:e8:c6:46:56:ea:08:6c:11:65:fb:e0:92:4f:ca:
                    aa:41:0c:3d:a0:98:70:0d:f9:53:76:22:42:55:bd:
                    46:93:06:37:13:d5:6e:43:0c:88:34:c0:44:83:7c:
                    e2:9e:45:54:05:f3:9c:ee:05:39:13:a6:b5:cd:97:
                    cc:81:22:23:ba:f2:45:e4:c4:ea:8b:43:0a:b9:9e:
                    6f:fa:5f:4e:3b:63:da:e1:5e:f9:5e:4e:9a:61:b8:
                    64:cb:50:fe:8c:75:ce:0e:ec:d4:36:a0:ea:ba:5b:
                    b3:0d:76:d4:9b:3f:bd:97:e4:52:00:a3:65:6c:00:
                    00:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:9C:87:ED:24:CF:C6:F0:63:93:F5:2D:2B:EF:25:BD:39:60:3C:72
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132352e302f32342d3234203d3e203534333339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:ae:f2:bb:74:ae:03:28:71:7b:82:00:7c:23:33:df:1e:f5:
         62:61:e2:29:2f:13:94:43:30:13:ea:e3:6c:f1:02:16:30:20:
         1b:67:c3:8d:86:54:fb:d4:d0:86:5e:a9:53:82:e8:30:a0:85:
         1e:33:40:76:7f:ea:d4:11:68:8e:ae:7c:30:7a:1d:f6:99:da:
         d3:92:9f:19:73:43:29:ec:16:96:95:ce:b7:3e:44:40:5e:93:
         25:da:24:d2:12:30:29:d4:ba:8a:d3:dd:d4:00:a8:70:d7:07:
         c0:2a:53:1f:8d:23:56:b0:a6:12:c2:3f:df:9d:eb:d0:d1:b0:
         6d:0e:f3:8d:52:8b:81:83:ce:2d:2a:44:cf:d7:75:8a:8a:7a:
         ba:97:49:e3:c8:8f:21:e9:09:7e:32:1f:e5:69:98:32:20:7b:
         64:a6:0e:53:cf:4c:48:3d:02:77:14:4d:36:ad:b1:7a:db:58:
         de:c7:e1:b3:78:9c:ac:80:a9:c5:33:de:19:69:5f:ae:92:a9:
         74:f7:43:3b:fe:1b:fe:4a:f6:12:d5:3c:db:27:92:42:18:af:
         e2:7f:7b:2f:df:a9:14:1c:87:72:bf:37:e4:39:43:b7:75:50:
         10:18:75:ee:ef:9e:d6:70:00:4f:39:4a:ef:23:e9:2f:5a:5f:
         ac:37:14:6c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfHvPtOZjkZnOWwfO0iEK+RQ0AgEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNDA4MjgxNTAwMTlaFw0yNTA4MjcxNTA1MTlaMDMxMTAvBgNV
BAMTKDE2OUM4N0VEMjRDRkM2RjA2MzkzRjUyRDJCRUYyNUJEMzk2MDNDNzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiJaOmb+omwB2ciAYwFmu5VCwR
v8jCyVHgv4PSOsU5bfJEml+iOfNVTNxQ6p9gKtOA+kHToEir833OquLLQqMmrnBN
oERBrrrW+h4qiCVlUywRuMpmevTOZ/cr2RXV5SMvmo/ZPfE+AeaEhrhiCqpLmb59
RFgmHEvRU20bNq3b0ULnkYxM3h/oxkZW6ghsEWX74JJPyqpBDD2gmHAN+VN2IkJV
vUaTBjcT1W5DDIg0wESDfOKeRVQF85zuBTkTprXNl8yBIiO68kXkxOqLQwq5nm/6
X047Y9rhXvleTpphuGTLUP6Mdc4O7NQ2oOq6W7MNdtSbP72X5FIAo2VsAAABAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUFpyH7STPxvBjk/UtK+8lvTlgPHIwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzczODJlMzIzNDJlMzEzMjM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNDMzMzMzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE4Y
fTANBgkqhkiG9w0BAQsFAAOCAQEAaa7yu3SuAyhxe4IAfCMz3x71YmHiKS8TlEMw
E+rjbPECFjAgG2fDjYZU+9TQhl6pU4LoMKCFHjNAdn/q1BFojq58MHod9pna05Kf
GXNDKewWlpXOtz5EQF6TJdok0hIwKdS6itPd1ACocNcHwCpTH40jVrCmEsI/353r
0NGwbQ7zjVKLgYPOLSpEz9d1iop6updJ48iPIekJfjIf5WmYMiB7ZKYOU89MSD0C
dxRNNq2xettY3sfhs3icrICpxTPeGWlfrpKpdPdDO/4b/kr2EtU82yeSQhiv4n97
L9+pFByHcr835DlDt3VQEBh17u+e1nAATzlK7yPpL1pfrDcUbA==
-----END CERTIFICATE-----