Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132342e302f32342d3234203d3e203534333339.roa
File:                     37382e32342e3132342e302f32342d3234203d3e203534333339.roa (raw, json)
Hash identifier:          Jmas5KP8U8YtPnq0n93kzfbv6wwue5du0IC/hUNUQy4=
Subject key identifier:   09:DC:16:18:99:AF:45:59:08:16:23:B1:71:AA:68:35:50:86:C0:44
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       49673FC504A6A5F182F8AA9643CF313F6886C5C5
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132342e302f32342d3234203d3e203534333339.roa
Signing time:             Wed 30 Jul 2025 15:54:13 +0000
ROA not before:           Wed 30 Jul 2025 15:49:13 +0000
ROA not after:            Wed 29 Jul 2026 15:54:13 +0000
asID:                     54339
IP address blocks:        78.24.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 09:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:67:3f:c5:04:a6:a5:f1:82:f8:aa:96:43:cf:31:3f:68:86:c5:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Jul 30 15:49:13 2025 GMT
            Not After : Jul 29 15:54:13 2026 GMT
        Subject: CN=09DC161899AF4559081623B171AA68355086C044
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b0:c2:b3:8d:17:69:11:d2:d9:51:83:a2:5b:
                    ca:20:66:9b:5d:94:c2:8f:1e:96:5b:16:62:23:b2:
                    04:9f:d1:99:37:1b:b4:ed:c4:b3:ff:46:c2:f8:d2:
                    34:ca:5e:b4:d4:a3:84:b1:e4:3d:15:71:18:5e:f8:
                    bc:73:9d:ba:b7:a7:f8:57:8f:52:c3:0b:0c:23:30:
                    d2:ce:ac:25:f5:dc:b0:5e:46:a7:9b:d0:b4:51:61:
                    65:fc:66:94:1d:95:27:b4:77:24:cb:9e:d3:73:d5:
                    3b:14:bf:d5:6b:e8:3b:f0:f9:68:08:62:9a:0f:1c:
                    d7:12:47:b7:2a:7f:e0:b7:f3:8a:01:70:1c:80:a8:
                    e2:19:0d:4a:40:34:66:a2:f1:5b:8c:f8:41:46:39:
                    ab:73:3d:ca:f7:10:11:65:5f:af:09:36:98:9d:f2:
                    f6:40:8d:ce:5b:f7:4a:4d:2e:eb:a0:eb:e0:86:87:
                    24:4b:ae:77:ad:cf:76:bc:9b:38:24:5b:38:1f:1f:
                    9b:f4:05:06:e3:55:4a:55:77:d0:c7:97:98:bc:25:
                    fd:30:26:8d:a2:9a:14:bc:a8:14:30:cd:6d:4b:6f:
                    df:f4:1a:48:96:3e:cb:0e:9f:b6:ea:56:30:1e:7a:
                    ef:ae:ba:48:04:c4:6e:02:16:ad:08:12:41:3f:c4:
                    a0:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:DC:16:18:99:AF:45:59:08:16:23:B1:71:AA:68:35:50:86:C0:44
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132342e302f32342d3234203d3e203534333339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:8d:ff:0a:06:e9:15:55:40:0c:a4:db:1e:c5:13:19:32:09:
         12:d1:bf:b0:53:91:a2:c6:5d:2c:a2:38:75:56:d4:74:c9:81:
         0a:45:bb:26:9b:ab:dd:fa:45:28:68:85:17:97:be:fe:01:6e:
         c4:8b:37:ee:e5:be:7d:22:d1:79:c0:43:e7:dd:79:3f:63:62:
         78:79:65:05:dd:81:44:fe:a0:3c:fe:7f:24:47:4f:d7:b3:b9:
         24:71:d3:81:16:bb:a3:5c:90:6b:38:ed:7b:8c:19:9c:34:0d:
         d2:8f:b4:f7:44:15:6c:95:84:97:d6:0d:8b:83:35:fc:e1:4a:
         0f:16:7b:af:be:f2:3d:4b:46:20:c5:cc:89:28:09:78:b4:45:
         82:ea:97:b0:79:9e:31:20:11:50:c9:59:2d:13:d3:e3:7f:b1:
         31:70:b0:6d:83:50:da:a0:8c:98:72:91:a8:ee:e0:fc:f6:f7:
         b2:d4:42:28:92:b1:d5:28:51:0b:bb:29:56:46:2f:23:79:98:
         b1:9a:9d:1d:4e:b1:7d:09:93:4c:8b:89:8e:ca:74:3c:6c:f3:
         e6:03:41:36:37:c9:80:6a:b2:bf:4b:92:98:f1:59:e8:c0:f9:
         36:e4:6a:b8:11:e4:1a:ff:8b:72:ed:40:4f:e7:3d:56:cf:f0:
         78:ee:e3:35
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSWc/xQSmpfGC+KqWQ88xP2iGxcUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNTA3MzAxNTQ5MTNaFw0yNjA3MjkxNTU0MTNaMDMxMTAvBgNV
BAMTKDA5REMxNjE4OTlBRjQ1NTkwODE2MjNCMTcxQUE2ODM1NTA4NkMwNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTsMKzjRdpEdLZUYOiW8ogZptd
lMKPHpZbFmIjsgSf0Zk3G7TtxLP/RsL40jTKXrTUo4Sx5D0VcRhe+Lxznbq3p/hX
j1LDCwwjMNLOrCX13LBeRqeb0LRRYWX8ZpQdlSe0dyTLntNz1TsUv9Vr6Dvw+WgI
YpoPHNcSR7cqf+C384oBcByAqOIZDUpANGai8VuM+EFGOatzPcr3EBFlX68JNpid
8vZAjc5b90pNLuug6+CGhyRLrnetz3a8mzgkWzgfH5v0BQbjVUpVd9DHl5i8Jf0w
Jo2imhS8qBQwzW1Lb9/0GkiWPssOn7bqVjAeeu+uukgExG4CFq0IEkE/xKBTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUCdwWGJmvRVkIFiOxcapoNVCGwEQwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzczODJlMzIzNDJlMzEzMjM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNDMzMzMzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE4Y
fDANBgkqhkiG9w0BAQsFAAOCAQEARY3/CgbpFVVADKTbHsUTGTIJEtG/sFORosZd
LKI4dVbUdMmBCkW7Jpur3fpFKGiFF5e+/gFuxIs37uW+fSLRecBD5915P2NieHll
Bd2BRP6gPP5/JEdP17O5JHHTgRa7o1yQazjte4wZnDQN0o+090QVbJWEl9YNi4M1
/OFKDxZ7r77yPUtGIMXMiSgJeLRFguqXsHmeMSARUMlZLRPT43+xMXCwbYNQ2qCM
mHKRqO7g/Pb3stRCKJKx1ShRC7spVkYvI3mYsZqdHU6xfQmTTIuJjsp0PGzz5gNB
NjfJgGqyv0uSmPFZ6MD5NuRquBHkGv+Lcu1AT+c9Vs/weO7jNQ==
-----END CERTIFICATE-----