Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/saa_0VvgXSNx1kkjSqyVEbVnkCY.roa
File:                     saa_0VvgXSNx1kkjSqyVEbVnkCY.roa (raw, json)
Hash identifier:          v+RU7IsAtr1sKZAICZ44u+iiQ3vM7YjRtrxROuRMlCQ=
Subject key identifier:   B1:A6:BF:D1:5B:E0:5D:23:71:D6:49:23:4A:AC:95:11:B5:67:90:26
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       019465762EEA6D870422D7A5DFDC9632216B
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/saa_0VvgXSNx1kkjSqyVEbVnkCY.roa
Signing time:             Tue 14 Jan 2025 15:37:11 +0000
ROA not before:           Tue 14 Jan 2025 15:37:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     918
IP address blocks:        192.211.0.0/24 maxlen: 24
                          2a0a:3507::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:65:76:2e:ea:6d:87:04:22:d7:a5:df:dc:96:32:21:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Jan 14 15:37:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1a6bfd15be05d2371d649234aac9511b5679026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a2:db:ba:71:fe:ac:5a:de:97:59:4a:14:7d:
                    6f:f5:37:4e:b0:d4:d4:d2:04:80:06:68:68:c6:05:
                    93:dd:57:28:47:dc:6d:cc:de:bc:41:2d:9a:5f:b3:
                    5a:8f:ad:29:c2:22:c0:8f:74:6f:d7:61:cd:67:70:
                    e4:36:3e:9a:c2:88:e5:37:21:94:47:a0:16:19:d7:
                    ac:08:a7:73:1e:f5:92:d2:c7:9c:0b:d7:8d:2d:56:
                    8d:5d:12:bc:3e:d5:17:2b:74:81:b5:af:61:6e:ca:
                    63:bd:f7:d8:73:c3:6f:70:cc:8b:cc:b6:fd:c0:35:
                    57:ab:52:31:12:6e:76:6a:2c:6c:83:70:6a:44:cc:
                    47:51:45:a7:88:4d:75:f7:bf:18:aa:11:27:99:b9:
                    b5:eb:49:41:3b:2c:07:a4:bc:43:84:f2:fc:cc:25:
                    e2:de:1c:9e:c9:cb:c5:98:98:5d:8b:b1:8b:e6:ea:
                    cf:de:95:13:3f:09:28:07:03:68:a4:f2:36:f9:ee:
                    e0:ad:0e:3e:01:33:31:f7:a5:82:e9:39:e3:47:91:
                    03:14:cd:fa:b2:e6:65:2e:0e:28:7c:3e:dc:f6:94:
                    7a:a0:93:02:16:b7:09:2e:87:d9:bc:be:f3:96:01:
                    31:0f:46:c5:44:5b:ab:32:c4:61:45:25:9e:34:b4:
                    a1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A6:BF:D1:5B:E0:5D:23:71:D6:49:23:4A:AC:95:11:B5:67:90:26
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/saa_0VvgXSNx1kkjSqyVEbVnkCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.211.0.0/24
                IPv6:
                  2a0a:3507::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:e2:b6:46:32:01:b1:12:5f:10:c5:5e:81:50:3d:96:5b:09:
         eb:2a:00:ef:94:ca:da:bc:90:1a:79:fc:11:53:73:f2:7c:8b:
         a3:d1:74:09:5d:f5:22:18:da:01:06:af:53:52:56:42:9f:ca:
         c4:09:ab:a0:67:7a:71:09:48:83:37:dd:b1:a2:73:5b:bc:e1:
         af:1e:e2:3a:d1:e6:02:9b:c0:eb:40:f3:ad:f3:68:ef:f7:41:
         a8:85:c2:5d:fd:b5:04:cd:c0:bf:18:58:bf:3b:42:3a:e7:9d:
         f1:0f:23:39:4f:fe:8e:c9:b7:4f:62:f6:60:06:51:99:ad:ba:
         4d:96:66:88:20:34:80:ea:6e:cd:3b:e1:19:3e:a8:2e:04:8d:
         c4:fd:dc:ae:eb:f8:c9:f3:4c:98:b6:29:5b:b5:2d:40:07:a9:
         f6:61:0c:b3:cc:18:f6:b5:4a:1a:5b:78:9b:77:09:05:f0:fd:
         85:ef:5a:46:19:8f:a7:d2:08:56:0d:f5:eb:c1:80:14:b1:bb:
         ce:d0:48:53:32:d3:bd:76:4e:80:8f:f7:3b:ac:b3:89:37:16:
         e5:4b:bc:d4:4d:02:2d:ff:d3:41:8e:4e:8a:0a:dd:bf:5e:43:
         44:d0:aa:36:24:62:a2:96:98:ac:eb:be:bd:2d:5f:cd:95:e0:
         ec:5c:e3:3d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZRldi7qbYcEItel39yWMiFrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjUwMTE0MTUzNzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWE2YmZkMTViZTA1ZDIzNzFkNjQ5MjM0YWFjOTUxMWI1Njc5MDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqLbunH+rFrel1lKFH1v9TdOsNTU
0gSABmhoxgWT3VcoR9xtzN68QS2aX7Naj60pwiLAj3Rv12HNZ3DkNj6awojlNyGU
R6AWGdesCKdzHvWS0secC9eNLVaNXRK8PtUXK3SBta9hbspjvffYc8NvcMyLzLb9
wDVXq1IxEm52aixsg3BqRMxHUUWniE11978YqhEnmbm160lBOywHpLxDhPL8zCXi
3hyeycvFmJhdi7GL5urP3pUTPwkoBwNopPI2+e7grQ4+ATMx96WC6TnjR5EDFM36
suZlLg4ofD7c9pR6oJMCFrcJLofZvL7zlgExD0bFRFurMsRhRSWeNLShFQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLGmv9Fb4F0jcdZJI0qslRG1Z5AmMB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEvc2FhXzBWdmdYU054MWtralNxeVZFYlZua0NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwNMAMA8E
AgACMAkDBwAqCjUHAAAwDQYJKoZIhvcNAQELBQADggEBACTitkYyAbESXxDFXoFQ
PZZbCesqAO+Uytq8kBp5/BFTc/J8i6PRdAld9SIY2gEGr1NSVkKfysQJq6BnenEJ
SIM33bGic1u84a8e4jrR5gKbwOtA863zaO/3QaiFwl39tQTNwL8YWL87QjrnnfEP
IzlP/o7Jt09i9mAGUZmtuk2WZoggNIDqbs074Rk+qC4EjcT93K7r+MnzTJi2KVu1
LUAHqfZhDLPMGPa1ShpbeJt3CQXw/YXvWkYZj6fSCFYN9evBgBSxu87QSFMy0712
ToCP9zuss4k3FuVLvNRNAi3/00GOTooK3b9eQ0TQqjYkYqKWmKzrvr0tX82V4Oxc
4z0=
-----END CERTIFICATE-----