Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/saglq45HPIxmFZvko17stDhokc4.roa
File:                     saglq45HPIxmFZvko17stDhokc4.roa (raw, json)
Hash identifier:          2OIvqCI+aBNtAhAX1YPLau5von+Z3nFtCaYYhTUz1Dk=
Subject key identifier:   B1:A8:25:AB:8E:47:3C:8C:66:15:9B:E4:A3:5E:EC:B4:38:68:91:CE
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019425FC7792FEA6450AF61F87AB468AB9A0
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/saglq45HPIxmFZvko17stDhokc4.roa
Signing time:             Thu 02 Jan 2025 07:48:10 +0000
ROA not before:           Thu 02 Jan 2025 07:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59598
IP address blocks:        31.25.88.0/23 maxlen: 24
                          185.215.247.0/24 maxlen: 24
                          185.217.108.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:77:92:fe:a6:45:0a:f6:1f:87:ab:46:8a:b9:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 07:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1a825ab8e473c8c66159be4a35eecb4386891ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c1:20:c6:b4:4c:ba:0d:b1:de:93:2d:28:4b:
                    39:ae:f5:9c:cf:46:64:62:6f:4b:36:7c:d1:3a:75:
                    1b:1c:19:35:19:a6:11:26:ff:94:b2:60:56:72:3d:
                    34:83:a1:93:9c:97:a4:4c:a9:1c:ca:43:a3:93:c1:
                    a3:d6:c1:37:c0:f5:7b:ed:9d:68:88:6e:82:23:cf:
                    12:2b:21:34:dd:ba:4a:26:38:d7:6c:a2:5e:fa:85:
                    96:a2:3b:36:cc:78:fa:5b:43:df:2c:a1:01:8a:1f:
                    8d:4e:28:27:66:f3:f2:c4:df:8a:b9:b0:32:73:7b:
                    26:d6:34:25:cf:79:89:55:13:76:94:a7:bd:4b:5b:
                    09:b1:56:31:07:94:43:48:6b:73:cf:d6:1d:3b:1e:
                    4e:08:f8:41:6c:88:89:a6:58:1c:30:30:15:81:8f:
                    5c:b3:20:e8:9d:c2:da:24:7c:ea:bc:fe:99:db:2c:
                    aa:1d:cc:ea:af:a1:70:d8:bb:ea:38:7c:c9:2d:60:
                    e8:9d:d5:6a:b3:47:b0:d0:4a:33:58:91:09:19:4e:
                    d8:1e:1b:1e:29:7c:c7:f3:13:b4:9b:36:4a:67:90:
                    12:b3:1e:aa:6c:e1:f1:fd:cf:cc:4c:6b:46:d1:cd:
                    e9:25:f5:43:a7:c5:95:3b:46:f4:c2:8b:9b:13:8f:
                    5b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A8:25:AB:8E:47:3C:8C:66:15:9B:E4:A3:5E:EC:B4:38:68:91:CE
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/saglq45HPIxmFZvko17stDhokc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.25.88.0/23
                  185.215.247.0/24
                  185.217.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:90:20:b9:36:2c:ae:59:82:9b:7e:85:94:6d:26:e5:78:30:
         a6:84:2b:c6:22:54:2d:3e:08:d9:02:0d:a1:a9:d0:17:70:45:
         c3:46:6c:1f:ff:e7:ef:34:4f:cf:d0:5d:6d:30:e3:63:31:3d:
         c9:67:92:84:16:28:29:54:1a:63:ad:b9:34:42:9e:a8:c1:d3:
         f6:50:3b:f5:bf:25:dc:5d:c5:d3:d0:8a:fc:cb:d4:72:9b:23:
         2a:63:e6:90:8d:c3:43:19:1d:81:b2:81:42:a3:8c:f6:d3:c7:
         20:39:a2:a4:88:10:2b:42:36:5b:c2:52:b5:ef:b3:cd:ba:93:
         02:9a:1e:88:bc:20:c7:5e:62:d0:b6:e4:c0:0f:4a:f6:53:8b:
         1c:bc:09:cb:fa:b5:f1:fb:40:53:3c:57:8f:06:d6:cf:a0:0b:
         c4:08:ae:ea:4a:2e:a6:45:1f:e8:9c:43:db:85:36:eb:be:b9:
         98:cc:f9:3b:25:0b:ba:e1:54:22:ee:7b:9b:e1:81:07:f1:03:
         2b:9f:60:53:ee:c7:df:ab:69:c9:ac:b5:16:dc:f6:c1:a3:f4:
         94:90:80:a9:59:04:4e:82:6e:c5:9f:41:e4:d8:30:66:ef:95:
         e5:4a:7e:c9:f4:11:28:bc:a9:56:37:59:56:2b:1f:fb:15:5c:
         f5:b7:0e:b6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQl/HeS/qZFCvYfh6tGirmgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTAyMDc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWE4MjVhYjhlNDczYzhjNjYxNTliZTRhMzVlZWNiNDM4Njg5MWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosEgxrRMug2x3pMtKEs5rvWcz0Zk
Ym9LNnzROnUbHBk1GaYRJv+UsmBWcj00g6GTnJekTKkcykOjk8Gj1sE3wPV77Z1o
iG6CI88SKyE03bpKJjjXbKJe+oWWojs2zHj6W0PfLKEBih+NTignZvPyxN+KubAy
c3sm1jQlz3mJVRN2lKe9S1sJsVYxB5RDSGtzz9YdOx5OCPhBbIiJplgcMDAVgY9c
syDoncLaJHzqvP6Z2yyqHczqr6Fw2LvqOHzJLWDondVqs0ew0EozWJEJGU7YHhse
KXzH8xO0mzZKZ5ASsx6qbOHx/c/MTGtG0c3pJfVDp8WVO0b0woubE49bLwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLGoJauORzyMZhWb5KNe7LQ4aJHOMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvc2FnbHE0NUhQSXhtRlp2a28xN3N0RGhva2M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBHxlYAwQA
udf3AwQCudlsMA0GCSqGSIb3DQEBCwUAA4IBAQBEkCC5NiyuWYKbfoWUbSbleDCm
hCvGIlQtPgjZAg2hqdAXcEXDRmwf/+fvNE/P0F1tMONjMT3JZ5KEFigpVBpjrbk0
Qp6owdP2UDv1vyXcXcXT0Ir8y9RymyMqY+aQjcNDGR2BsoFCo4z208cgOaKkiBAr
QjZbwlK177PNupMCmh6IvCDHXmLQtuTAD0r2U4scvAnL+rXx+0BTPFePBtbPoAvE
CK7qSi6mRR/onEPbhTbrvrmYzPk7JQu64VQi7nub4YEH8QMrn2BT7sffq2nJrLUW
3PbBo/SUkICpWQROgm7Fn0Hk2DBm75XlSn7J9BEovKlWN1lWKx/7FVz1tw62
-----END CERTIFICATE-----