Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS133752.roa
File:                     AS133752.roa (raw, json)
Hash identifier:          D4vf9ZvHifvO5IlQIjMlec80cR8WCbqU7aP5IsZijfA=
Subject key identifier:   DC:F6:20:C0:B5:4B:3E:9D:B9:36:64:70:F2:A3:79:B8:53:CF:E9:AC
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       62AF5D45D1DEFAEA2576113E5AF62E71E6035789
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS133752.roa
Signing time:             Mon 05 Aug 2024 13:39:58 +0000
ROA not before:           Mon 05 Aug 2024 13:34:58 +0000
ROA not after:            Mon 04 Aug 2025 13:39:58 +0000
asID:                     133752
IP address blocks:        27.0.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:af:5d:45:d1:de:fa:ea:25:76:11:3e:5a:f6:2e:71:e6:03:57:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Aug  5 13:34:58 2024 GMT
            Not After : Aug  4 13:39:58 2025 GMT
        Subject: CN=DCF620C0B54B3E9DB9366470F2A379B853CFE9AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:08:7f:3f:b1:c9:3f:37:c3:eb:fd:7b:21:4a:
                    1c:7b:10:d5:0a:04:d3:b7:d7:0c:09:5a:e9:8d:ad:
                    7a:4b:5b:70:5c:0d:94:07:1c:79:5b:22:7b:45:05:
                    1f:fa:f1:14:fa:56:a9:02:a4:46:2b:f1:6a:2a:40:
                    04:83:73:55:41:0b:63:45:5d:f9:a2:ea:3b:cc:83:
                    22:38:f6:94:21:01:c1:b6:69:dc:63:af:e8:bd:36:
                    a5:cf:f1:6d:91:4b:45:84:3a:d4:9c:9b:fa:e2:f1:
                    fc:49:78:94:8a:53:56:05:b3:7c:13:9c:6e:ed:c5:
                    05:9d:36:b2:84:93:53:1c:65:f8:7e:d0:3b:86:c7:
                    7e:a9:c1:5e:d9:3b:6a:a8:ac:8b:1e:a5:85:da:42:
                    d2:1a:9a:1a:b0:5c:c6:ba:e0:23:94:93:f3:9e:0a:
                    18:30:5e:67:f6:eb:c7:81:79:db:f7:79:7a:80:1f:
                    89:a2:ef:b6:16:70:4a:d7:46:ed:83:b2:1d:68:a5:
                    fb:bc:fd:79:87:2d:73:78:93:36:2a:97:f9:a3:53:
                    50:96:9d:86:53:b7:e1:25:09:45:51:29:fa:74:2e:
                    b6:69:47:19:34:0f:26:a5:7f:bd:ca:ea:28:4d:25:
                    22:21:a0:8a:0e:fc:3e:d5:48:1d:8a:b0:fc:89:5c:
                    f8:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:F6:20:C0:B5:4B:3E:9D:B9:36:64:70:F2:A3:79:B8:53:CF:E9:AC
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS133752.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.0.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:95:d9:1c:f7:0a:a9:ee:95:0b:62:64:12:1f:45:26:9d:fa:
         c8:48:ce:88:e4:5f:14:6f:a0:21:45:5b:05:32:6f:4c:07:71:
         3e:07:8f:3d:2f:13:6c:5f:6e:08:3b:0c:64:f1:40:70:cf:ef:
         f7:e4:c1:73:f9:50:a6:01:aa:03:be:3d:c0:32:e0:8f:9c:78:
         f6:ed:81:b0:bf:05:92:ab:77:8a:98:37:b9:5f:e7:91:45:54:
         36:b8:4e:3e:b3:5d:f6:b4:5e:d5:ce:77:ad:05:ab:51:a1:ad:
         45:f2:a1:a4:0f:10:fd:ef:12:25:fa:94:b1:e4:16:f4:9b:91:
         d0:4b:2a:31:c9:bd:dc:80:03:96:73:92:d0:4f:75:bf:d0:84:
         0e:8d:c4:48:15:98:0f:3c:4e:30:9c:8e:37:d6:42:4e:87:ff:
         f9:67:e3:fe:7d:8d:88:59:6d:2b:ad:35:36:d2:ab:08:c9:61:
         24:a5:e1:b2:ce:fb:df:d1:43:a1:84:70:78:12:8c:76:e7:b9:
         90:2d:f5:80:c0:19:cf:00:e4:11:bf:3a:1d:a2:c4:18:1a:0f:
         00:df:b2:3a:72:8d:3d:c5:ac:81:3d:32:04:82:4f:9d:60:ee:
         3e:bf:a4:cd:32:0b:6d:f3:30:d7:68:3b:0d:21:b8:bc:1d:0d:
         da:27:08:25
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUYq9dRdHe+uoldhE+WvYuceYDV4kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA4MDUxMzM0NThaFw0yNTA4MDQxMzM5NThaMDMxMTAvBgNV
BAMTKERDRjYyMEMwQjU0QjNFOURCOTM2NjQ3MEYyQTM3OUI4NTNDRkU5QUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiCH8/sck/N8Pr/XshShx7ENUK
BNO31wwJWumNrXpLW3BcDZQHHHlbIntFBR/68RT6VqkCpEYr8WoqQASDc1VBC2NF
Xfmi6jvMgyI49pQhAcG2adxjr+i9NqXP8W2RS0WEOtScm/ri8fxJeJSKU1YFs3wT
nG7txQWdNrKEk1McZfh+0DuGx36pwV7ZO2qorIsepYXaQtIamhqwXMa64COUk/Oe
ChgwXmf268eBedv3eXqAH4mi77YWcErXRu2Dsh1opfu8/XmHLXN4kzYql/mjU1CW
nYZTt+ElCUVRKfp0LrZpRxk0Dyalf73K6ihNJSIhoIoO/D7VSB2KsPyJXPgJAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQU3PYgwLVLPp25NmRw8qN5uFPP6awwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTMzNzUyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAGwDoMA0GCSqGSIb3DQEBCwUAA4IBAQAlldkc9wqp
7pULYmQSH0UmnfrISM6I5F8Ub6AhRVsFMm9MB3E+B489LxNsX24IOwxk8UBwz+/3
5MFz+VCmAaoDvj3AMuCPnHj27YGwvwWSq3eKmDe5X+eRRVQ2uE4+s132tF7Vznet
BatRoa1F8qGkDxD97xIl+pSx5Bb0m5HQSyoxyb3cgAOWc5LQT3W/0IQOjcRIFZgP
PE4wnI431kJOh//5Z+P+fY2IWW0rrTU20qsIyWEkpeGyzvvf0UOhhHB4Eox257mQ
LfWAwBnPAOQRvzodosQYGg8A37I6co09xayBPTIEgk+dYO4+v6TNMgtt8zDXaDsN
Ibi8HQ3aJwgl
-----END CERTIFICATE-----