Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/d4835b-7323-4671-ad59-7fb05920e228/1/As_2g2yroeYldeSEBOBcptHFZjw.roa
File:                     As_2g2yroeYldeSEBOBcptHFZjw.roa (raw, json)
Hash identifier:          2A+ZAisZSqDWuxJUH2YsftgFU0YaUFKEL3In2EBPDcU=
Subject key identifier:   02:CF:F6:83:6C:AB:A1:E6:25:75:E4:84:04:E0:5C:A6:D1:C5:66:3C
Certificate issuer:       /CN=7482b017717ca83a05e4cbc3f266f12a5359d5e5
Certificate serial:       019423D8087E928BEEC6B2FFA159EE1752C1
Authority key identifier: 74:82:B0:17:71:7C:A8:3A:05:E4:CB:C3:F2:66:F1:2A:53:59:D5:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dIKwF3F8qDoF5MvD8mbxKlNZ1eU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/d4835b-7323-4671-ad59-7fb05920e228/1/As_2g2yroeYldeSEBOBcptHFZjw.roa
Signing time:             Wed 01 Jan 2025 21:49:08 +0000
ROA not before:           Wed 01 Jan 2025 21:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2200
IP address blocks:        134.246.0.0/16 maxlen: 16
                          192.44.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/d4835b-7323-4671-ad59-7fb05920e228/1/dIKwF3F8qDoF5MvD8mbxKlNZ1eU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/d4835b-7323-4671-ad59-7fb05920e228/1/dIKwF3F8qDoF5MvD8mbxKlNZ1eU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dIKwF3F8qDoF5MvD8mbxKlNZ1eU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d8:08:7e:92:8b:ee:c6:b2:ff:a1:59:ee:17:52:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7482b017717ca83a05e4cbc3f266f12a5359d5e5
        Validity
            Not Before: Jan  1 21:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02cff6836caba1e62575e48404e05ca6d1c5663c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:42:d7:03:3f:4e:be:4b:f4:25:65:a3:6f:e3:
                    ec:e2:93:10:97:54:f8:8e:14:9c:3c:18:13:66:d3:
                    e6:39:3a:6d:77:5f:6d:83:f8:11:54:28:65:ad:4a:
                    31:1c:1c:ea:c7:29:1b:6f:15:9b:ae:c2:e7:de:23:
                    da:5c:db:bd:52:cd:9e:61:19:75:54:ad:83:36:9d:
                    26:5a:0b:ee:c9:4d:23:76:89:c1:95:ba:47:85:71:
                    98:be:5e:a3:63:44:5d:16:40:19:24:75:14:1b:9c:
                    e0:92:fb:10:cf:e3:a4:86:62:62:52:a8:d4:4b:7f:
                    8b:b0:65:96:2a:59:26:c9:4b:9e:7c:8b:37:25:01:
                    36:e5:78:38:4a:bc:11:37:57:72:08:31:61:ce:de:
                    5a:c0:e8:5a:2d:44:16:81:73:d1:3d:8f:7d:be:00:
                    d5:b9:07:a6:db:8f:3d:ba:47:b7:b5:d3:27:e7:64:
                    4b:4a:ea:bc:65:9d:80:e8:e1:99:2b:93:18:da:97:
                    60:5d:2c:52:7a:1e:9b:57:af:53:e8:26:3d:7c:59:
                    a6:56:a1:d9:4f:fe:27:4a:7a:32:69:62:35:c9:c7:
                    14:85:e9:1f:be:70:ac:f4:4b:57:a6:0e:d9:e5:5d:
                    94:2d:34:76:9c:81:ae:22:13:ba:a9:2f:10:4d:9e:
                    8d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:CF:F6:83:6C:AB:A1:E6:25:75:E4:84:04:E0:5C:A6:D1:C5:66:3C
            X509v3 Authority Key Identifier:
                keyid:74:82:B0:17:71:7C:A8:3A:05:E4:CB:C3:F2:66:F1:2A:53:59:D5:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dIKwF3F8qDoF5MvD8mbxKlNZ1eU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/d4835b-7323-4671-ad59-7fb05920e228/1/As_2g2yroeYldeSEBOBcptHFZjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/d4835b-7323-4671-ad59-7fb05920e228/1/dIKwF3F8qDoF5MvD8mbxKlNZ1eU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.246.0.0/16
                  192.44.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:f6:79:81:7e:76:1b:d6:d1:ca:72:8a:1d:90:7f:c7:73:82:
         ef:28:00:d3:6c:78:d3:37:86:21:97:a3:2f:bb:09:33:ff:94:
         27:40:ec:6e:e5:c3:cc:9f:67:35:4a:24:cd:24:60:af:32:c4:
         50:55:a6:e0:21:0d:ea:2a:71:4e:96:00:b3:fb:89:c8:74:d8:
         bb:1a:3a:76:4b:95:b8:7d:3f:5b:19:80:d0:33:c8:4d:78:ca:
         71:1f:ee:ea:e8:48:54:4b:60:6c:92:20:9e:f1:74:59:6d:a9:
         37:d5:d8:8f:6e:8f:f8:a9:92:ed:4e:e5:69:86:97:eb:8a:25:
         54:90:41:b5:a1:9c:82:32:57:da:fd:6f:28:ca:2f:f5:25:a4:
         38:d7:60:c7:00:ff:56:91:24:de:6e:2f:30:fb:11:bd:1a:51:
         92:17:b9:fe:69:48:95:a1:ac:ca:6a:36:c5:35:d8:41:f5:d9:
         3f:5f:6c:b9:31:2f:a2:94:eb:fb:c7:a8:e2:5f:e6:b6:9b:4d:
         1c:e5:ef:f8:a7:d1:cb:99:ec:c8:7d:d2:c4:f1:07:b1:8e:03:
         ac:20:14:bd:01:ac:9c:65:b5:53:42:e7:47:69:32:18:ac:49:
         0c:69:03:b9:91:ac:b5:eb:72:7c:0d:69:cc:a4:58:aa:52:6f:
         8c:83:f3:90
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZQj2Ah+kovuxrL/oVnuF1LBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ODJiMDE3NzE3Y2E4M2EwNWU0Y2JjM2YyNjZmMTJhNTM1
OWQ1ZTUwHhcNMjUwMTAxMjE0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmNmZjY4MzZjYWJhMWU2MjU3NWU0ODQwNGUwNWNhNmQxYzU2NjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzELXAz9Ovkv0JWWjb+Ps4pMQl1T4
jhScPBgTZtPmOTptd19tg/gRVChlrUoxHBzqxykbbxWbrsLn3iPaXNu9Us2eYRl1
VK2DNp0mWgvuyU0jdonBlbpHhXGYvl6jY0RdFkAZJHUUG5zgkvsQz+OkhmJiUqjU
S3+LsGWWKlkmyUuefIs3JQE25Xg4SrwRN1dyCDFhzt5awOhaLUQWgXPRPY99vgDV
uQem2489uke3tdMn52RLSuq8ZZ2A6OGZK5MY2pdgXSxSeh6bV69T6CY9fFmmVqHZ
T/4nSnoyaWI1yccUhekfvnCs9EtXpg7Z5V2ULTR2nIGuIhO6qS8QTZ6NzwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFALP9oNsq6HmJXXkhATgXKbRxWY8MB8GA1UdIwQY
MBaAFHSCsBdxfKg6BeTLw/Jm8SpTWdXlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZElLd0YzRjhxRG9GNU12RDhtYnhLbE5aMWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9kNDgzNWItNzMyMy00NjcxLWFkNTkt
N2ZiMDU5MjBlMjI4LzEvQXNfMmcyeXJvZVlsZGVTRUJPQmNwdEhGWmp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9kNDgzNWItNzMyMy00NjcxLWFkNTktN2ZiMDU5MjBlMjI4
LzEvZElLd0YzRjhxRG9GNU12RDhtYnhLbE5aMWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAhvYDBADA
LEIwDQYJKoZIhvcNAQELBQADggEBAH32eYF+dhvW0cpyih2Qf8dzgu8oANNseNM3
hiGXoy+7CTP/lCdA7G7lw8yfZzVKJM0kYK8yxFBVpuAhDeoqcU6WALP7ich02Lsa
OnZLlbh9P1sZgNAzyE14ynEf7uroSFRLYGySIJ7xdFltqTfV2I9uj/ipku1O5WmG
l+uKJVSQQbWhnIIyV9r9byjKL/UlpDjXYMcA/1aRJN5uLzD7Eb0aUZIXuf5pSJWh
rMpqNsU12EH12T9fbLkxL6KU6/vHqOJf5rabTRzl7/in0cuZ7Mh90sTxB7GOA6wg
FL0BrJxltVNC50dpMhisSQxpA7mRrLXrcnwNacykWKpSb4yD85A=
-----END CERTIFICATE-----