Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132352e302f32342d3234203d3e203534333339.roa
File:                     37382e32342e3132352e302f32342d3234203d3e203534333339.roa (raw, json)
Hash identifier:          8J7vWDZA6CwD0N0heCZfxarZkaHc987rZNDTEoRqJuw=
Subject key identifier:   7B:7C:3D:23:2C:C3:DC:FA:22:8F:06:CA:D1:74:81:F6:44:94:81:6C
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       6621A78A6A767D3CF90D33E7D45C2AE22EBC740E
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132352e302f32342d3234203d3e203534333339.roa
Signing time:             Wed 30 Jul 2025 15:54:13 +0000
ROA not before:           Wed 30 Jul 2025 15:49:13 +0000
ROA not after:            Wed 29 Jul 2026 15:54:13 +0000
asID:                     54339
IP address blocks:        78.24.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 09:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:21:a7:8a:6a:76:7d:3c:f9:0d:33:e7:d4:5c:2a:e2:2e:bc:74:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Jul 30 15:49:13 2025 GMT
            Not After : Jul 29 15:54:13 2026 GMT
        Subject: CN=7B7C3D232CC3DCFA228F06CAD17481F64494816C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d8:f8:45:73:2b:81:6a:ee:2f:5f:11:dc:b7:
                    76:08:ef:10:ac:96:48:cc:18:c0:df:7f:33:69:89:
                    0c:7b:0a:12:bf:c0:b8:e7:da:c8:2d:f8:55:e1:22:
                    9e:bd:03:28:7e:be:39:5a:5a:71:1b:e3:09:48:f6:
                    44:88:82:a7:9f:82:81:f9:01:09:3a:cf:85:20:76:
                    8c:10:f5:8e:b5:1b:f4:c6:e2:22:92:e5:e2:5a:0e:
                    d9:01:55:2b:e6:e5:51:b0:a1:2c:22:78:61:10:86:
                    c7:0c:a2:1d:05:7a:f6:55:55:d7:18:f2:f0:2f:d1:
                    a0:c7:13:9d:cc:1b:b2:27:46:09:46:7a:8b:19:5b:
                    87:8f:45:04:07:84:5c:eb:fb:4e:cd:af:9e:00:93:
                    65:1a:30:67:35:79:5f:6b:cc:b5:c3:04:5d:7b:58:
                    ec:74:36:9e:cc:55:e6:77:e0:a0:bd:91:bc:e7:0d:
                    44:94:84:48:29:93:c1:db:47:8e:f3:d4:8d:57:18:
                    ca:66:9f:f0:43:d3:3f:df:95:2b:41:df:de:d7:7c:
                    d9:cb:f2:41:48:8c:ec:6d:31:3a:15:a6:ab:1c:47:
                    5b:7c:a3:00:97:14:9b:08:3f:ee:72:4a:f5:e7:b9:
                    20:49:6f:e6:01:4e:f4:0e:b5:78:7c:94:21:f6:8e:
                    73:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:7C:3D:23:2C:C3:DC:FA:22:8F:06:CA:D1:74:81:F6:44:94:81:6C
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/37382e32342e3132352e302f32342d3234203d3e203534333339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:8f:39:ea:54:0f:4a:c1:b6:65:27:fc:18:8e:9d:a7:4f:ef:
         0d:2f:65:1f:16:b9:46:be:f4:37:61:af:ce:8d:35:15:36:60:
         55:53:13:a3:e7:31:fd:be:88:15:07:4a:40:b1:4f:33:1a:d9:
         67:72:af:4d:61:71:b1:d0:f1:44:75:c8:04:b8:b0:de:0b:d3:
         5f:3b:01:8a:7f:18:8d:39:6e:b9:82:e2:7a:2c:e9:51:3f:1f:
         5f:d5:c6:42:1c:60:91:e3:15:e1:2b:ac:25:1c:5d:33:65:3c:
         a3:d2:ec:18:96:4f:eb:82:f5:3a:4b:b3:df:89:4d:81:fa:06:
         dd:3d:72:94:46:09:2c:f5:20:71:9c:85:c6:ba:30:8c:7a:3f:
         c3:60:23:3d:77:ce:4f:74:95:22:0b:d5:ba:7a:93:b9:a5:ed:
         a0:06:85:59:a7:70:a4:ac:c6:fd:b3:cd:17:61:f5:9f:1a:cf:
         a7:0a:46:a8:95:08:dc:4c:6d:31:88:78:c1:63:ca:76:0f:75:
         10:c8:b7:cc:80:99:53:36:e1:96:a4:e5:51:82:92:43:f8:55:
         ff:d2:e2:6e:58:b0:38:8c:b2:71:22:14:3a:57:68:a9:b8:60:
         ed:39:91:07:f4:da:93:20:ad:4e:3b:ba:aa:c5:a4:cb:d5:65:
         b9:48:72:cc
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZiGnimp2fTz5DTPn1Fwq4i68dA4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNTA3MzAxNTQ5MTNaFw0yNjA3MjkxNTU0MTNaMDMxMTAvBgNV
BAMTKDdCN0MzRDIzMkNDM0RDRkEyMjhGMDZDQUQxNzQ4MUY2NDQ5NDgxNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC02PhFcyuBau4vXxHct3YI7xCs
lkjMGMDffzNpiQx7ChK/wLjn2sgt+FXhIp69Ayh+vjlaWnEb4wlI9kSIgqefgoH5
AQk6z4UgdowQ9Y61G/TG4iKS5eJaDtkBVSvm5VGwoSwieGEQhscMoh0FevZVVdcY
8vAv0aDHE53MG7InRglGeosZW4ePRQQHhFzr+07Nr54Ak2UaMGc1eV9rzLXDBF17
WOx0Np7MVeZ34KC9kbznDUSUhEgpk8HbR47z1I1XGMpmn/BD0z/flStB397XfNnL
8kFIjOxtMToVpqscR1t8owCXFJsIP+5ySvXnuSBJb+YBTvQOtXh8lCH2jnN1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUe3w9IyzD3PoijwbK0XSB9kSUgWwwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzczODJlMzIzNDJlMzEzMjM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNDMzMzMzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE4Y
fTANBgkqhkiG9w0BAQsFAAOCAQEAhY856lQPSsG2ZSf8GI6dp0/vDS9lHxa5Rr70
N2Gvzo01FTZgVVMTo+cx/b6IFQdKQLFPMxrZZ3KvTWFxsdDxRHXIBLiw3gvTXzsB
in8YjTluuYLieizpUT8fX9XGQhxgkeMV4SusJRxdM2U8o9LsGJZP64L1Okuz34lN
gfoG3T1ylEYJLPUgcZyFxrowjHo/w2AjPXfOT3SVIgvVunqTuaXtoAaFWadwpKzG
/bPNF2H1nxrPpwpGqJUI3ExtMYh4wWPKdg91EMi3zICZUzbhlqTlUYKSQ/hV/9Li
bliwOIyycSIUOldoqbhg7TmRB/TakyCtTju6qsWky9VluUhyzA==
-----END CERTIFICATE-----