Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132362e302f32332d3234203d3e203131343236.roa
File:                     37382e32342e3132362e302f32332d3234203d3e203131343236.roa (raw, json)
Hash identifier:          QHhKDdx7KbEi2pWBI66gL/yJWrRkXWlW9Ll3iu5yUnk=
Subject key identifier:   02:35:B8:36:37:74:F7:BE:DF:9C:A8:EE:E7:43:69:A8:4F:28:2C:42
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       2EB09B9F5FFC24CEEEA90E2FC355332166CAC466
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132362e302f32332d3234203d3e203131343236.roa
Signing time:             Wed 14 Aug 2024 09:18:14 +0000
ROA not before:           Wed 14 Aug 2024 09:13:14 +0000
ROA not after:            Wed 13 Aug 2025 09:18:14 +0000
asID:                     11426
IP address blocks:        78.24.126.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:b0:9b:9f:5f:fc:24:ce:ee:a9:0e:2f:c3:55:33:21:66:ca:c4:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Aug 14 09:13:14 2024 GMT
            Not After : Aug 13 09:18:14 2025 GMT
        Subject: CN=0235B8363774F7BEDF9CA8EEE74369A84F282C42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:27:51:a1:dc:a1:eb:62:b3:59:81:a3:44:73:
                    a8:a7:0d:8c:36:81:69:b8:d4:ca:84:24:fa:98:3e:
                    18:14:52:55:a6:0e:cc:91:b4:71:45:c4:ef:9a:19:
                    30:06:25:94:ee:56:6d:8a:28:ce:7c:b6:4a:38:d3:
                    79:08:e2:ca:a8:cb:08:02:30:09:3f:b2:8d:43:8a:
                    39:68:62:e5:7e:29:f8:eb:cd:27:80:bf:50:58:66:
                    57:59:8d:64:5c:73:64:48:e7:28:ab:42:00:35:7c:
                    33:ab:ce:10:b8:2a:de:80:da:a9:89:25:3c:99:08:
                    f7:6e:59:3f:90:d8:28:18:df:d1:c9:a9:a2:70:10:
                    a1:07:f2:a1:9b:2e:f4:b3:05:ab:05:6d:74:cd:1e:
                    51:ee:8b:71:c9:c2:71:41:48:4d:0b:81:98:0f:d8:
                    a6:2c:eb:45:4d:ed:70:a2:22:8b:1f:39:3d:d2:76:
                    36:d5:b1:b1:95:92:bc:37:e2:b0:59:df:53:68:10:
                    1e:c0:f4:ac:fb:3e:af:14:ea:00:76:55:30:92:76:
                    bd:3c:b5:7e:09:48:f2:2d:34:f7:7c:39:98:42:d9:
                    10:74:18:52:32:8d:66:65:01:f4:da:9a:90:f3:a6:
                    6e:ce:a6:ae:da:30:a3:83:84:b4:9e:2a:b8:90:48:
                    a1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:35:B8:36:37:74:F7:BE:DF:9C:A8:EE:E7:43:69:A8:4F:28:2C:42
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132362e302f32332d3234203d3e203131343236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:11:9d:40:36:19:e7:9d:73:cd:28:93:b3:10:ba:a5:1a:ad:
         dd:8f:a5:90:c7:bf:57:98:ad:0c:6e:13:79:56:cc:d8:7c:26:
         27:c5:86:61:83:cb:47:4e:51:b6:17:ec:03:e4:c1:0b:02:49:
         a7:19:8b:da:75:3c:cd:c2:83:66:7a:37:19:b7:cd:d8:4b:82:
         00:74:0a:63:9e:be:61:3b:1b:a6:ba:22:06:1e:2f:ad:3a:b3:
         c4:0a:fe:b7:df:ba:8e:9e:df:c4:a1:fa:fe:2d:97:de:44:de:
         c1:3b:d6:d4:d4:53:d6:e0:4e:d2:f4:dd:da:71:57:de:cb:05:
         1a:ab:3e:1b:bf:2f:18:5f:0b:61:66:85:56:59:15:ca:75:61:
         73:69:58:30:bc:b1:f8:15:c0:68:11:0d:ec:e4:dd:b2:09:66:
         ae:11:ac:e7:88:5d:91:3d:de:e4:81:91:d8:f0:5a:37:67:04:
         8d:40:c2:19:37:18:2d:54:eb:e1:0a:86:b9:b6:d3:8b:06:2b:
         4e:5e:98:16:40:76:85:81:a9:e1:10:45:61:9f:30:67:8c:37:
         4e:0d:9c:f6:6e:5f:e0:c0:ed:fc:62:48:48:af:db:0a:5e:c3:
         7d:00:02:38:ac:98:5a:ab:eb:20:fd:23:dd:06:a3:db:b0:48:
         bb:a4:3c:cc
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULrCbn1/8JM7uqQ4vw1UzIWbKxGYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNDA4MTQwOTEzMTRaFw0yNTA4MTMwOTE4MTRaMDMxMTAvBgNV
BAMTKDAyMzVCODM2Mzc3NEY3QkVERjlDQThFRUU3NDM2OUE4NEYyODJDNDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVJ1Gh3KHrYrNZgaNEc6inDYw2
gWm41MqEJPqYPhgUUlWmDsyRtHFFxO+aGTAGJZTuVm2KKM58tko403kI4sqoywgC
MAk/so1DijloYuV+KfjrzSeAv1BYZldZjWRcc2RI5yirQgA1fDOrzhC4Kt6A2qmJ
JTyZCPduWT+Q2CgY39HJqaJwEKEH8qGbLvSzBasFbXTNHlHui3HJwnFBSE0LgZgP
2KYs60VN7XCiIosfOT3SdjbVsbGVkrw34rBZ31NoEB7A9Kz7Pq8U6gB2VTCSdr08
tX4JSPItNPd8OZhC2RB0GFIyjWZlAfTampDzpm7Opq7aMKODhLSeKriQSKHXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUAjW4Njd0977fnKju50NpqE8oLEIwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzczODJlMzIzNDJlMzEzMjM2
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzEzMTM0MzIzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAU4Y
fjANBgkqhkiG9w0BAQsFAAOCAQEAQRGdQDYZ551zzSiTsxC6pRqt3Y+lkMe/V5it
DG4TeVbM2HwmJ8WGYYPLR05RthfsA+TBCwJJpxmL2nU8zcKDZno3GbfN2EuCAHQK
Y56+YTsbproiBh4vrTqzxAr+t9+6jp7fxKH6/i2X3kTewTvW1NRT1uBO0vTd2nFX
3ssFGqs+G78vGF8LYWaFVlkVynVhc2lYMLyx+BXAaBEN7OTdsglmrhGs54hdkT3e
5IGR2PBaN2cEjUDCGTcYLVTr4QqGubbTiwYrTl6YFkB2hYGp4RBFYZ8wZ4w3Tg2c
9m5f4MDt/GJISK/bCl7DfQACOKyYWqvrIP0j3Qaj27BIu6Q8zA==
-----END CERTIFICATE-----