Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/50e780-eca7-458e-b6aa-9dbc35672329/1/3PSx9dotZYAyDtqMkmvWnodExOo.roa
File:                     3PSx9dotZYAyDtqMkmvWnodExOo.roa (raw, json)
Hash identifier:          vk6bcm3rilt5w+/C+Ma6CzJC2WgKxVja0T1kBgt8Mfo=
Subject key identifier:   DC:F4:B1:F5:DA:2D:65:80:32:0E:DA:8C:92:6B:D6:9E:87:44:C4:EA
Certificate issuer:       /CN=ca329ced8efb41f3b4a2078d94bbb0a3aab4fb02
Certificate serial:       01951EBAF0E49956BE851EBD831F49A0B589
Authority key identifier: CA:32:9C:ED:8E:FB:41:F3:B4:A2:07:8D:94:BB:B0:A3:AA:B4:FB:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yjKc7Y77QfO0ogeNlLuwo6q0-wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/50e780-eca7-458e-b6aa-9dbc35672329/1/3PSx9dotZYAyDtqMkmvWnodExOo.roa
Signing time:             Wed 19 Feb 2025 15:02:02 +0000
ROA not before:           Wed 19 Feb 2025 15:02:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3215
IP address blocks:        185.233.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/50e780-eca7-458e-b6aa-9dbc35672329/1/yjKc7Y77QfO0ogeNlLuwo6q0-wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/50e780-eca7-458e-b6aa-9dbc35672329/1/yjKc7Y77QfO0ogeNlLuwo6q0-wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yjKc7Y77QfO0ogeNlLuwo6q0-wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1e:ba:f0:e4:99:56:be:85:1e:bd:83:1f:49:a0:b5:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca329ced8efb41f3b4a2078d94bbb0a3aab4fb02
        Validity
            Not Before: Feb 19 15:02:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcf4b1f5da2d6580320eda8c926bd69e8744c4ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0f:8a:0b:55:28:ce:4e:3a:c2:e0:b7:04:ea:
                    16:2d:21:39:b4:d1:63:f2:a7:0b:1f:67:b4:0d:63:
                    7f:57:ef:14:e9:93:4b:21:f8:3a:75:3c:91:35:81:
                    da:6c:ea:c7:43:47:40:f7:e1:ea:8b:59:f8:f1:1f:
                    69:22:c3:dd:20:53:36:21:95:46:5a:8e:db:70:15:
                    0d:a2:ed:2a:00:b1:08:a2:79:a7:fd:04:48:81:83:
                    ff:20:1c:35:4e:36:cd:de:aa:7e:c8:db:f9:9e:47:
                    4e:30:b3:3c:a6:3a:77:e9:83:25:66:21:a1:bb:4e:
                    a0:3d:9c:55:04:b9:5f:97:4e:d3:d4:23:8a:21:49:
                    c9:88:43:65:e1:2a:20:48:e3:76:6b:d9:6e:43:43:
                    e8:46:38:db:c9:6a:2b:da:1c:06:b9:7a:44:a0:12:
                    4e:c8:ca:f5:f0:67:4b:39:61:cd:c6:3e:c6:2f:b4:
                    30:44:b7:31:9e:ae:76:95:ee:fc:ca:dc:1b:c3:d0:
                    2f:7b:f2:2a:21:66:9a:f6:56:5c:6e:67:22:74:4d:
                    17:73:ce:20:ef:58:71:08:51:99:46:7a:f9:f9:36:
                    0e:b8:c4:1e:33:d6:6b:e4:fd:76:c5:08:5c:fb:01:
                    9b:ca:e2:6e:42:00:c8:b8:0f:34:b8:a0:fd:70:76:
                    b0:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:F4:B1:F5:DA:2D:65:80:32:0E:DA:8C:92:6B:D6:9E:87:44:C4:EA
            X509v3 Authority Key Identifier:
                keyid:CA:32:9C:ED:8E:FB:41:F3:B4:A2:07:8D:94:BB:B0:A3:AA:B4:FB:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjKc7Y77QfO0ogeNlLuwo6q0-wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/50e780-eca7-458e-b6aa-9dbc35672329/1/3PSx9dotZYAyDtqMkmvWnodExOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/50e780-eca7-458e-b6aa-9dbc35672329/1/yjKc7Y77QfO0ogeNlLuwo6q0-wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:e5:a7:3a:1f:67:67:d4:e0:09:0f:35:f4:bf:0b:34:7a:a1:
         72:c5:79:05:c4:77:c3:e7:81:c1:ab:91:58:e6:35:23:ef:35:
         d0:09:3a:68:e1:57:25:f0:11:df:fa:e8:6c:61:67:2c:19:cc:
         4c:72:d1:05:50:70:e4:f3:ee:26:fe:48:f8:8c:40:78:a3:2d:
         4f:9e:a2:d5:64:77:0e:64:3a:1f:eb:90:5a:71:76:97:d5:c4:
         2f:23:ba:8b:c4:a6:11:bc:57:64:46:4f:ac:7b:a6:ba:d4:66:
         c3:fb:cb:af:5d:a4:bf:bc:15:4e:d9:a8:03:a9:6a:93:da:7b:
         2b:18:d8:32:8d:5c:db:d4:7e:93:a3:d4:f5:ba:b9:91:d6:5e:
         f3:89:a3:fb:23:ed:fe:4f:a9:37:90:81:86:29:2e:b8:db:e7:
         58:7a:47:5e:d3:10:7d:66:e1:0b:49:2a:2e:66:36:ff:ed:7d:
         5e:51:ef:6f:37:db:60:85:cb:27:9b:00:17:47:9a:70:66:5a:
         d1:15:f7:c3:6e:9e:87:e6:f0:a9:66:96:7d:03:20:be:57:6e:
         1f:0c:55:f8:10:02:39:2e:80:4d:85:14:53:a1:ad:d6:39:5d:
         51:f2:55:10:c0:39:ed:35:81:e0:5a:e0:ed:a0:38:79:97:d3:
         61:a1:54:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUeuvDkmVa+hR69gx9JoLWJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMzI5Y2VkOGVmYjQxZjNiNGEyMDc4ZDk0YmJiMGEzYWFi
NGZiMDIwHhcNMjUwMjE5MTUwMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2Y0YjFmNWRhMmQ2NTgwMzIwZWRhOGM5MjZiZDY5ZTg3NDRjNGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArA+KC1Uozk46wuC3BOoWLSE5tNFj
8qcLH2e0DWN/V+8U6ZNLIfg6dTyRNYHabOrHQ0dA9+Hqi1n48R9pIsPdIFM2IZVG
Wo7bcBUNou0qALEIonmn/QRIgYP/IBw1TjbN3qp+yNv5nkdOMLM8pjp36YMlZiGh
u06gPZxVBLlfl07T1COKIUnJiENl4SogSON2a9luQ0PoRjjbyWor2hwGuXpEoBJO
yMr18GdLOWHNxj7GL7QwRLcxnq52le78ytwbw9Ave/IqIWaa9lZcbmcidE0Xc84g
71hxCFGZRnr5+TYOuMQeM9Zr5P12xQhc+wGbyuJuQgDIuA80uKD9cHawQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNz0sfXaLWWAMg7ajJJr1p6HRMTqMB8GA1UdIwQY
MBaAFMoynO2O+0HztKIHjZS7sKOqtPsCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWpLYzdZNzdRZk8wb2dlTmxMdXdvNnEwLXdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My81MGU3ODAtZWNhNy00NThlLWI2YWEt
OWRiYzM1NjcyMzI5LzEvM1BTeDlkb3RaWUF5RHRxTWttdldub2RFeE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My81MGU3ODAtZWNhNy00NThlLWI2YWEtOWRiYzM1NjcyMzI5
LzEveWpLYzdZNzdRZk8wb2dlTmxMdXdvNnEwLXdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuemCMA0G
CSqGSIb3DQEBCwUAA4IBAQCT5ac6H2dn1OAJDzX0vws0eqFyxXkFxHfD54HBq5FY
5jUj7zXQCTpo4Vcl8BHf+uhsYWcsGcxMctEFUHDk8+4m/kj4jEB4oy1PnqLVZHcO
ZDof65BacXaX1cQvI7qLxKYRvFdkRk+se6a61GbD+8uvXaS/vBVO2agDqWqT2nsr
GNgyjVzb1H6To9T1urmR1l7ziaP7I+3+T6k3kIGGKS642+dYekde0xB9ZuELSSou
Zjb/7X1eUe9vN9tghcsnmwAXR5pwZlrRFffDbp6H5vCpZpZ9AyC+V24fDFX4EAI5
LoBNhRRToa3WOV1R8lUQwDntNYHgWuDtoDh5l9NhoVQ3
-----END CERTIFICATE-----