Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS133752.roa
File:                     AS133752.roa (raw, json)
Hash identifier:          1FzqqxOWcrOhIrmkeBMuGNY8AFvZi7Qo+YVzono5d/E=
Subject key identifier:   D0:B5:18:BC:63:22:A1:0A:29:C3:49:FD:64:2B:A3:23:E5:03:1B:C9
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       7BB5B0ECDCD7736A0F18CD61E0DAC10CC48CBC2C
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS133752.roa
Signing time:             Mon 04 Sep 2023 13:21:15 +0000
ROA not before:           Mon 04 Sep 2023 13:16:15 +0000
ROA not after:            Mon 02 Sep 2024 13:21:15 +0000
asID:                     133752
IP address blocks:        27.0.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:b5:b0:ec:dc:d7:73:6a:0f:18:cd:61:e0:da:c1:0c:c4:8c:bc:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Sep  4 13:16:15 2023 GMT
            Not After : Sep  2 13:21:15 2024 GMT
        Subject: CN=D0B518BC6322A10A29C349FD642BA323E5031BC9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:03:46:18:9e:97:a6:dc:05:7a:f7:97:a8:e4:
                    72:82:30:b3:56:8b:0f:9c:7e:f7:9a:34:87:a4:85:
                    8f:e3:e9:23:c5:d8:d8:1b:02:e8:3f:08:86:10:55:
                    20:68:de:e5:bf:b1:fe:ed:e2:d2:69:1f:50:3f:9e:
                    41:5e:c4:15:98:e4:41:88:2a:45:20:13:08:8f:d3:
                    c7:f9:80:84:ef:69:e5:8c:9c:5c:82:b4:9f:bb:98:
                    48:88:56:9f:83:64:31:b5:45:63:a1:04:6b:15:ba:
                    49:00:e8:66:0b:0f:88:c7:58:96:4d:48:0f:e5:10:
                    fa:08:cb:ad:ee:4c:30:c8:47:15:68:ed:30:f9:5c:
                    53:b5:7b:6a:12:e5:46:71:58:74:5a:04:34:cf:93:
                    2d:f1:75:b0:39:21:90:47:a1:4c:15:2e:c5:65:4f:
                    e7:7e:39:ae:25:84:ea:76:27:52:48:9b:6c:75:e3:
                    92:61:e2:7d:5d:ba:60:af:b3:0d:84:95:22:d7:17:
                    a7:55:48:86:7f:ae:36:ba:c3:54:21:90:d1:41:5d:
                    b3:9e:76:e8:ae:9b:34:c7:04:25:4a:0c:7e:bd:eb:
                    3b:a8:f3:a0:87:32:10:4e:c9:4f:b0:b9:a1:18:fe:
                    26:60:ae:11:d7:37:fd:ba:5b:ca:fb:ae:ea:81:8f:
                    a5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:B5:18:BC:63:22:A1:0A:29:C3:49:FD:64:2B:A3:23:E5:03:1B:C9
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS133752.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.0.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:d1:6a:0c:d2:a3:55:ab:3e:a9:4e:97:cc:8f:3e:e3:5c:b9:
         70:71:4c:0e:86:fe:5f:14:58:19:3c:19:cb:22:e6:bf:80:8e:
         2a:ed:70:77:d3:c2:62:a1:ff:48:a0:52:6c:fb:06:3d:56:65:
         74:d4:ba:e3:41:2a:1d:2a:e2:c1:78:99:dc:7b:c2:b1:63:65:
         42:06:dc:70:1a:bb:6a:ec:37:34:0d:cf:f8:79:3f:8d:56:74:
         c4:aa:aa:87:c4:25:1d:b7:00:e8:77:ac:fe:11:7d:25:73:26:
         a9:7a:53:df:b4:33:2b:28:10:c8:43:f2:f9:d8:fa:89:f8:b2:
         ac:82:57:36:a4:3e:5a:d1:22:3f:7d:ec:87:04:aa:21:39:24:
         8e:48:19:b3:1c:33:f9:0a:8f:70:c9:04:60:c6:81:b9:e5:38:
         8c:29:dd:dd:15:63:99:af:d7:e9:5d:0e:10:1d:87:4e:6e:fd:
         4e:59:8e:8d:1c:36:c3:75:0b:cc:de:3b:35:6b:50:68:fc:cb:
         ee:e6:84:a1:9a:ca:75:aa:0d:85:15:6a:93:21:fc:57:73:0b:
         81:b3:c5:58:17:2a:83:8a:11:14:43:0b:18:1f:71:9f:07:7e:
         2c:96:15:51:cf:e8:b0:58:05:1b:96:d8:c6:de:3c:c2:8c:ec:
         6a:2d:ae:ac
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUe7Ww7NzXc2oPGM1h4NrBDMSMvCwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzA5MDQxMzE2MTVaFw0yNDA5MDIxMzIxMTVaMDMxMTAvBgNV
BAMTKEQwQjUxOEJDNjMyMkExMEEyOUMzNDlGRDY0MkJBMzIzRTUwMzFCQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTA0YYnpem3AV695eo5HKCMLNW
iw+cfveaNIekhY/j6SPF2NgbAug/CIYQVSBo3uW/sf7t4tJpH1A/nkFexBWY5EGI
KkUgEwiP08f5gITvaeWMnFyCtJ+7mEiIVp+DZDG1RWOhBGsVukkA6GYLD4jHWJZN
SA/lEPoIy63uTDDIRxVo7TD5XFO1e2oS5UZxWHRaBDTPky3xdbA5IZBHoUwVLsVl
T+d+Oa4lhOp2J1JIm2x145Jh4n1dumCvsw2ElSLXF6dVSIZ/rja6w1QhkNFBXbOe
duiumzTHBCVKDH696zuo86CHMhBOyU+wuaEY/iZgrhHXN/26W8r7ruqBj6WVAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQU0LUYvGMioQopw0n9ZCujI+UDG8kwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTMzNzUyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAGwDoMA0GCSqGSIb3DQEBCwUAA4IBAQAq0WoM0qNV
qz6pTpfMjz7jXLlwcUwOhv5fFFgZPBnLIua/gI4q7XB308Jiof9IoFJs+wY9VmV0
1LrjQSodKuLBeJnce8KxY2VCBtxwGrtq7Dc0Dc/4eT+NVnTEqqqHxCUdtwDod6z+
EX0lcyapelPftDMrKBDIQ/L52PqJ+LKsglc2pD5a0SI/feyHBKohOSSOSBmzHDP5
Co9wyQRgxoG55TiMKd3dFWOZr9fpXQ4QHYdObv1OWY6NHDbDdQvM3js1a1Bo/Mvu
5oShmsp1qg2FFWqTIfxXcwuBs8VYFyqDihEUQwsYH3GfB34slhVRz+iwWAUbltjG
3jzCjOxqLa6s
-----END CERTIFICATE-----