Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS0.roa
File:                     AS0.roa (raw, json)
Hash identifier:          F0SSm6DfwqbtDPP82tkxRDsNn0fWAZCbT69OvQ5wyCw=
Subject key identifier:   21:BB:4F:8B:D4:A9:71:8D:45:C6:FB:6C:2F:00:8A:64:A4:BC:75:22
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       1E746917C7168F0AA1A8DBAD2D11A6A2B3EC3D92
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS0.roa
Signing time:             Wed 20 Nov 2024 17:48:02 +0000
ROA not before:           Wed 20 Nov 2024 17:43:02 +0000
ROA not after:            Wed 19 Nov 2025 17:48:02 +0000
asID:                     0
IP address blocks:        195.184.246.0/24 maxlen: 24
                          2a06:9f43::/32 maxlen: 48
                          2a06:9f46::/32 maxlen: 48
                          2a0d:d903::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:74:69:17:c7:16:8f:0a:a1:a8:db:ad:2d:11:a6:a2:b3:ec:3d:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov 20 17:43:02 2024 GMT
            Not After : Nov 19 17:48:02 2025 GMT
        Subject: CN=21BB4F8BD4A9718D45C6FB6C2F008A64A4BC7522
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:fc:cc:9e:fa:1f:7b:f5:54:70:9c:b0:26:6c:
                    de:8f:8c:e2:23:23:0d:9f:16:73:e4:82:34:4e:96:
                    27:5d:54:61:55:9b:36:55:ff:8d:1f:da:69:55:92:
                    2e:48:89:49:84:8a:66:b0:ed:18:62:db:f4:b4:51:
                    d7:0d:55:61:4d:41:1d:64:1b:a4:46:89:af:99:13:
                    0e:ba:e2:d1:84:c7:34:30:11:05:57:52:6a:91:5f:
                    f2:a4:60:9a:dd:54:90:54:cd:ac:ad:25:af:6c:d8:
                    61:6e:ea:0e:76:b3:53:b3:9c:8b:3e:80:79:e8:d8:
                    09:7e:a6:fb:1e:7a:9a:a1:3d:3a:15:45:72:ac:2d:
                    64:db:f4:07:2c:f6:45:b0:17:4b:3a:ee:25:c9:97:
                    d5:95:68:55:62:88:3f:09:ab:12:bc:7f:a6:b5:80:
                    d0:2d:a1:65:76:c9:17:ae:16:15:fa:e5:12:8b:c0:
                    87:8b:d4:0e:a8:0b:12:79:fe:cd:ce:6d:a8:02:06:
                    19:7b:af:2b:64:8b:6f:af:4d:ad:35:00:23:09:45:
                    bb:44:4f:00:c7:b7:2b:63:a6:47:46:4f:16:3d:d1:
                    d4:df:18:1b:35:7f:3d:3a:61:78:f7:81:1d:5a:73:
                    3c:26:71:27:4e:72:a8:b3:e6:2e:e5:c1:87:c7:87:
                    d7:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:BB:4F:8B:D4:A9:71:8D:45:C6:FB:6C:2F:00:8A:64:A4:BC:75:22
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS0.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.246.0/24
                IPv6:
                  2a06:9f43::/32
                  2a06:9f46::/32
                  2a0d:d903::/32

    Signature Algorithm: sha256WithRSAEncryption
         91:cc:af:50:d5:b2:8e:ee:32:18:ab:68:19:70:f1:61:d1:52:
         d8:bd:77:a8:d6:20:a6:68:e5:f1:2c:e7:1b:6c:ab:9e:00:d0:
         65:0a:8c:84:eb:02:8c:4a:88:b1:eb:3c:09:69:0b:88:ec:9c:
         8d:99:19:76:49:61:ec:ba:d4:79:29:cd:8b:8c:6c:be:03:1f:
         f4:87:80:7d:57:ee:be:16:4f:c2:f1:4d:04:82:27:21:41:01:
         8b:a0:bf:85:90:b4:f7:85:3c:eb:59:53:17:7b:60:62:41:45:
         9f:b0:d5:f5:09:25:e7:00:7c:9d:22:a8:04:83:7d:e2:5d:a9:
         7e:4e:3e:2d:e0:56:36:bb:b1:db:22:3e:c4:ec:90:74:83:06:
         05:65:1a:f0:15:cd:ca:7f:e2:c8:90:fd:e8:31:6d:14:f6:16:
         cb:a5:9a:9b:6a:fe:bd:fb:6e:79:b3:19:bb:e7:c0:18:2f:6c:
         d9:6a:9c:c7:a9:d5:17:2f:1c:d7:8c:05:3d:c3:bf:4f:24:98:
         ec:c3:96:cd:9e:40:5b:bc:57:fd:a9:1a:fb:12:f3:6b:08:9e:
         83:92:50:0b:30:71:99:62:e2:0f:53:5c:ae:6b:1c:cb:a0:82:
         85:ac:b3:12:db:4e:ef:cb:58:7e:50:44:f1:cd:63:d5:db:91:
         39:31:d3:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUHnRpF8cWjwqhqNutLRGmorPsPZIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMjAxNzQzMDJaFw0yNTExMTkxNzQ4MDJaMDMxMTAvBgNV
BAMTKDIxQkI0RjhCRDRBOTcxOEQ0NUM2RkI2QzJGMDA4QTY0QTRCQzc1MjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV/Mye+h979VRwnLAmbN6PjOIj
Iw2fFnPkgjROliddVGFVmzZV/40f2mlVki5IiUmEimaw7Rhi2/S0UdcNVWFNQR1k
G6RGia+ZEw664tGExzQwEQVXUmqRX/KkYJrdVJBUzaytJa9s2GFu6g52s1OznIs+
gHno2Al+pvseepqhPToVRXKsLWTb9Acs9kWwF0s67iXJl9WVaFViiD8JqxK8f6a1
gNAtoWV2yReuFhX65RKLwIeL1A6oCxJ5/s3ObagCBhl7rytki2+vTa01ACMJRbtE
TwDHtytjpkdGTxY90dTfGBs1fz06YXj3gR1aczwmcSdOcqiz5i7lwYfHh9eHAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUIbtPi9SpcY1FxvtsLwCKZKS8dSIwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBrBggrBgEF
BQcBCwRfMF0wWwYIKwYBBQUHMAuGT3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA8BggrBgEFBQcBBwEB/wQt
MCswDAQCAAEwBgMEAMO49jAbBAIAAjAVAwUAKgafQwMFACoGn0YDBQAqDdkDMA0G
CSqGSIb3DQEBCwUAA4IBAQCRzK9Q1bKO7jIYq2gZcPFh0VLYvXeo1iCmaOXxLOcb
bKueANBlCoyE6wKMSoix6zwJaQuI7JyNmRl2SWHsutR5Kc2LjGy+Ax/0h4B9V+6+
Fk/C8U0EgichQQGLoL+FkLT3hTzrWVMXe2BiQUWfsNX1CSXnAHydIqgEg33iXal+
Tj4t4FY2u7HbIj7E7JB0gwYFZRrwFc3Kf+LIkP3oMW0U9hbLpZqbav69+255sxm7
58AYL2zZapzHqdUXLxzXjAU9w79PJJjsw5bNnkBbvFf9qRr7EvNrCJ6DklALMHGZ
YuIPU1yuaxzLoIKFrLMS207vy1h+UETxzWPV25E5MdNK
-----END CERTIFICATE-----