Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/3SaDFOME149V2EB5_Oyl1u3LH9E.roa
File:                     3SaDFOME149V2EB5_Oyl1u3LH9E.roa (raw, json)
Hash identifier:          NA6bXSprmQlyWFnGLg023/LS09J3RR3QNUVCNFrcAmk=
Subject key identifier:   DD:26:83:14:E3:04:D7:8F:55:D8:40:79:FC:EC:A5:D6:ED:CB:1F:D1
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC79557A0146105DB155765AFABAA3166
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/3SaDFOME149V2EB5_Oyl1u3LH9E.roa
Signing time:             Tue 02 Jan 2024 00:31:42 +0000
ROA not before:           Tue 02 Jan 2024 00:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52159
IP address blocks:        188.241.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:57:a0:14:61:05:db:15:57:65:af:ab:aa:31:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd268314e304d78f55d84079fceca5d6edcb1fd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e2:bd:34:f7:a1:11:8f:16:0b:66:7c:83:8f:
                    d9:eb:bb:ee:f1:80:52:5b:f5:b8:c1:4b:37:e4:28:
                    24:9e:a0:51:f0:53:fc:4d:cf:4f:02:f0:2d:cd:3f:
                    59:ba:7a:c0:f2:f1:eb:89:dc:7d:d7:a3:06:78:e5:
                    a7:1d:51:5d:e2:d6:a6:3d:4a:f5:a6:b3:a1:d1:f3:
                    20:e3:f8:dc:19:21:19:28:28:d3:a7:fb:25:1a:60:
                    d6:2d:e2:10:75:15:0e:6e:a5:a1:1a:b1:cf:cb:00:
                    c1:f0:6e:c2:3d:59:75:7e:cf:72:d9:ac:3f:42:0f:
                    ec:3f:06:0c:51:d0:6c:90:c1:45:d8:39:8a:41:4c:
                    20:27:1f:a0:1d:af:06:83:b2:90:df:13:fc:54:80:
                    4b:3d:4b:f1:0e:f6:6c:a8:5e:84:ee:a4:aa:78:df:
                    58:09:03:5e:11:a4:65:bc:43:00:33:48:40:35:d3:
                    62:ab:8c:de:3f:5a:da:ce:35:bb:d8:84:c6:de:58:
                    b7:6a:14:84:db:1c:b6:42:65:cc:58:e8:21:55:cf:
                    f0:f9:f4:28:ae:ad:73:dc:9b:94:15:20:83:ae:23:
                    b3:1f:22:c0:c7:67:0a:f0:4f:8a:2e:95:4b:48:ac:
                    26:13:2f:0f:e7:8e:98:d4:75:3e:53:f4:63:e7:2a:
                    fc:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:26:83:14:E3:04:D7:8F:55:D8:40:79:FC:EC:A5:D6:ED:CB:1F:D1
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/3SaDFOME149V2EB5_Oyl1u3LH9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.241.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:54:a8:a9:25:8d:2b:4d:6f:e3:2b:2b:3d:0c:aa:2b:08:03:
         df:9b:01:86:da:4b:bf:6f:f8:94:cf:4f:92:bd:e3:08:81:9f:
         e6:55:9e:19:0a:3b:91:cf:78:6d:4c:c0:3d:18:d6:44:2f:b1:
         ec:97:51:3d:46:3c:67:ce:92:61:bd:b4:c9:3f:17:f1:9f:44:
         6d:1b:22:d2:cb:7c:05:15:13:64:67:9b:b5:7a:0e:1e:87:b2:
         44:ea:b2:90:d1:5d:46:dc:62:40:a7:f4:f2:b5:a6:ae:4b:6e:
         34:4d:0d:2c:dd:70:7b:2a:79:3d:d5:fe:01:58:1e:79:9b:33:
         d9:96:a0:76:cf:a4:17:5f:75:af:5c:0e:7b:2f:3a:2f:d6:9c:
         da:8e:3a:4d:fd:63:c4:89:ab:e1:36:81:ff:f7:cb:e4:0a:64:
         bf:a6:1e:48:04:30:1f:75:5a:74:17:d6:20:e1:b0:87:45:34:
         90:ed:32:97:68:9e:e9:77:04:4a:9c:62:b8:19:60:3e:24:7f:
         90:10:01:d0:7b:46:9a:71:6d:fb:fc:33:78:21:78:7f:e7:51:
         e8:2d:d4:68:59:03:96:d1:55:ba:66:40:b4:c8:32:8c:e6:32:
         a4:cd:eb:46:41:2c:d7:12:60:3c:49:7a:59:55:76:39:a4:cd:
         1c:3a:cc:dc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlVegFGEF2xVXZa+rqjFmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDI2ODMxNGUzMDRkNzhmNTVkODQwNzlmY2VjYTVkNmVkY2IxZmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuK9NPehEY8WC2Z8g4/Z67vu8YBS
W/W4wUs35CgknqBR8FP8Tc9PAvAtzT9ZunrA8vHridx916MGeOWnHVFd4tamPUr1
prOh0fMg4/jcGSEZKCjTp/slGmDWLeIQdRUObqWhGrHPywDB8G7CPVl1fs9y2aw/
Qg/sPwYMUdBskMFF2DmKQUwgJx+gHa8Gg7KQ3xP8VIBLPUvxDvZsqF6E7qSqeN9Y
CQNeEaRlvEMAM0hANdNiq4zeP1razjW72ITG3li3ahSE2xy2QmXMWOghVc/w+fQo
rq1z3JuUFSCDriOzHyLAx2cK8E+KLpVLSKwmEy8P546Y1HU+U/Rj5yr8ZQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFN0mgxTjBNePVdhAefzspdbtyx/RMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzNTYURGT01FMTQ5VjJFQjVfT3lsMXUzTEg5RS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC88RMw
DQYJKoZIhvcNAQELBQADggEBAJdUqKkljStNb+MrKz0MqisIA9+bAYbaS79v+JTP
T5K94wiBn+ZVnhkKO5HPeG1MwD0Y1kQvseyXUT1GPGfOkmG9tMk/F/GfRG0bItLL
fAUVE2Rnm7V6Dh6HskTqspDRXUbcYkCn9PK1pq5LbjRNDSzdcHsqeT3V/gFYHnmb
M9mWoHbPpBdfda9cDnsvOi/WnNqOOk39Y8SJq+E2gf/3y+QKZL+mHkgEMB91WnQX
1iDhsIdFNJDtMpdonul3BEqcYrgZYD4kf5AQAdB7Rppxbfv8M3gheH/nUegt1GhZ
A5bRVbpmQLTIMozmMqTN60ZBLNcSYDxJellVdjmkzRw6zNw=
-----END CERTIFICATE-----