Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132342e302f32332d3234203d3e20383334.roa
File:                     37382e32342e3132342e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          NsnuSxYl6unNGzK/UX953Nm8V+PIcPCCM5lN4meDmN4=
Subject key identifier:   E3:B1:1B:F8:0C:86:8D:1D:B6:7C:18:2D:DD:05:CA:8B:54:61:DB:95
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       0A8B8EC4D8B2E96439718523742AFC8886DD022D
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132342e302f32332d3234203d3e20383334.roa
Signing time:             Mon 16 Jun 2025 00:54:09 +0000
ROA not before:           Mon 16 Jun 2025 00:49:09 +0000
ROA not after:            Mon 15 Jun 2026 00:54:09 +0000
asID:                     834
IP address blocks:        78.24.124.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 10:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:8b:8e:c4:d8:b2:e9:64:39:71:85:23:74:2a:fc:88:86:dd:02:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Jun 16 00:49:09 2025 GMT
            Not After : Jun 15 00:54:09 2026 GMT
        Subject: CN=E3B11BF80C868D1DB67C182DDD05CA8B5461DB95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e1:ee:45:67:76:3f:df:90:79:98:2a:be:31:
                    f1:f4:14:07:67:5c:44:db:78:5d:15:e9:ee:da:a0:
                    4f:d4:d6:c6:a4:f3:dd:b7:ca:b5:7d:65:a7:eb:4b:
                    3f:26:d5:e6:6d:cc:7f:61:1b:48:b9:52:d2:bb:a7:
                    72:4d:38:ca:8d:12:6f:07:e8:d3:91:37:d9:98:37:
                    f7:69:8c:2b:ce:22:94:ce:a1:88:98:91:9c:9a:f1:
                    18:dc:25:a6:da:73:f4:e5:9c:40:54:84:1c:c8:f3:
                    ca:37:fe:96:d3:18:d3:36:97:d6:68:cf:2f:c0:80:
                    59:ed:6e:e3:55:ce:00:14:67:01:11:b6:bc:b4:9c:
                    8a:5d:68:c8:18:91:93:58:e3:67:be:a2:e6:fc:98:
                    c1:33:28:bd:20:e4:cd:97:c9:aa:2e:3c:f5:5a:61:
                    e2:2b:cd:74:12:af:41:b9:62:17:2d:a5:6a:a9:4b:
                    4b:79:8c:a4:02:7c:7f:b7:89:28:bd:1d:7f:70:ce:
                    35:89:29:a7:db:d4:cb:85:65:db:65:69:8d:b5:b6:
                    03:aa:dc:17:73:e9:13:ab:07:f3:03:a3:88:51:66:
                    c5:52:05:b7:96:91:17:e3:76:5c:41:e0:71:52:e7:
                    0c:b5:9d:f6:15:b8:15:fc:cc:cc:65:1d:fe:ce:2f:
                    09:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:B1:1B:F8:0C:86:8D:1D:B6:7C:18:2D:DD:05:CA:8B:54:61:DB:95
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132342e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:d5:a9:24:52:65:dc:51:62:45:e8:58:78:0a:6b:2b:19:f5:
         de:19:89:51:c1:51:29:ea:f6:11:0d:1b:59:1a:71:04:ba:18:
         2c:13:4b:32:20:10:d3:c4:3e:98:48:3a:87:da:11:2e:00:ac:
         d5:8c:61:05:b0:d7:49:94:5e:fd:55:6b:a2:59:bc:1a:b0:38:
         6d:5c:58:8a:57:e5:0e:b7:3d:c2:03:b4:e3:f4:b6:31:f3:be:
         e7:2d:f1:68:df:a5:d0:57:ba:cb:33:22:02:0b:f2:d7:24:6f:
         27:a7:52:65:df:f1:30:a6:a2:e3:ad:8b:ad:84:de:de:01:e6:
         05:75:52:31:aa:f8:74:dd:f8:fc:f2:87:ba:50:d5:59:fc:30:
         f9:3d:7f:27:27:3d:c1:25:f3:a2:be:ba:c6:10:8c:de:2e:e3:
         b8:17:ca:c3:67:c0:9d:54:58:0d:2f:cd:22:3a:46:35:e6:14:
         68:f4:f4:09:d5:85:40:d6:3d:66:92:e8:e8:d8:6a:6e:23:89:
         90:b9:a6:e3:65:6b:6c:b8:39:a0:cf:9d:be:1e:77:a7:e0:8f:
         42:83:d3:d1:21:aa:c9:0f:2f:11:10:07:1a:5e:1c:f0:ff:26:
         a0:34:13:78:0b:1a:7d:cd:57:2c:ff:14:71:4c:2e:88:0e:4e:
         aa:5a:ef:4a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUCouOxNiy6WQ5cYUjdCr8iIbdAi0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNTA2MTYwMDQ5MDlaFw0yNjA2MTUwMDU0MDlaMDMxMTAvBgNV
BAMTKEUzQjExQkY4MEM4NjhEMURCNjdDMTgyREREMDVDQThCNTQ2MURCOTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA4e5FZ3Y/35B5mCq+MfH0FAdn
XETbeF0V6e7aoE/U1sak8923yrV9ZafrSz8m1eZtzH9hG0i5UtK7p3JNOMqNEm8H
6NORN9mYN/dpjCvOIpTOoYiYkZya8RjcJabac/TlnEBUhBzI88o3/pbTGNM2l9Zo
zy/AgFntbuNVzgAUZwERtry0nIpdaMgYkZNY42e+oub8mMEzKL0g5M2XyaouPPVa
YeIrzXQSr0G5YhctpWqpS0t5jKQCfH+3iSi9HX9wzjWJKafb1MuFZdtlaY21tgOq
3Bdz6ROrB/MDo4hRZsVSBbeWkRfjdlxB4HFS5wy1nfYVuBX8zMxlHf7OLwmHAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU47Eb+AyGjR22fBgt3QXKi1Rh25UwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzczODJlMzIzNDJlMzEzMjM0
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBThh8MA0G
CSqGSIb3DQEBCwUAA4IBAQCM1akkUmXcUWJF6Fh4CmsrGfXeGYlRwVEp6vYRDRtZ
GnEEuhgsE0syIBDTxD6YSDqH2hEuAKzVjGEFsNdJlF79VWuiWbwasDhtXFiKV+UO
tz3CA7Tj9LYx877nLfFo36XQV7rLMyICC/LXJG8np1Jl3/EwpqLjrYuthN7eAeYF
dVIxqvh03fj88oe6UNVZ/DD5PX8nJz3BJfOivrrGEIzeLuO4F8rDZ8CdVFgNL80i
OkY15hRo9PQJ1YVA1j1mkujo2GpuI4mQuabjZWtsuDmgz52+Hnen4I9Cg9PRIarJ
Dy8REAcaXhzw/yagNBN4Cxp9zVcs/xRxTC6IDk6qWu9K
-----END CERTIFICATE-----