Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS137409.roa
File:                     AS137409.roa (raw, json)
Hash identifier:          USfWPRaxbOIrDTrh7Lo3XAk+rdIse51CAsvN3q7txV8=
Subject key identifier:   9F:57:37:BB:10:BC:48:63:33:9F:43:4D:D2:29:37:2B:5C:8A:AB:54
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       778248AE9A28A2345118C519764D1FCF8D60FA0D
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS137409.roa
Signing time:             Wed 20 Mar 2024 21:23:55 +0000
ROA not before:           Wed 20 Mar 2024 21:18:55 +0000
ROA not after:            Wed 19 Mar 2025 21:23:55 +0000
asID:                     137409
IP address blocks:        103.214.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:82:48:ae:9a:28:a2:34:51:18:c5:19:76:4d:1f:cf:8d:60:fa:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Mar 20 21:18:55 2024 GMT
            Not After : Mar 19 21:23:55 2025 GMT
        Subject: CN=9F5737BB10BC4863339F434DD229372B5C8AAB54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d1:72:5a:73:e5:3e:81:87:89:56:d6:62:49:
                    c4:77:00:75:25:ed:14:c3:72:d0:bb:d5:af:0d:ea:
                    39:64:81:56:ac:eb:aa:67:76:3d:de:61:bf:be:bc:
                    44:c0:cf:5f:99:b5:b9:9e:f8:a1:91:87:09:ef:41:
                    d4:d3:56:f5:bb:1e:b8:e3:9e:0d:99:ae:3b:8b:e4:
                    d0:36:5e:d5:87:ba:5e:de:0a:93:fa:8b:a0:39:22:
                    80:44:62:5c:d2:8d:33:35:3e:99:bb:11:5c:18:be:
                    7e:23:da:b3:8f:fd:6a:cd:c1:e1:86:c2:21:26:fc:
                    51:40:99:a5:72:87:2b:f1:53:da:7a:a6:57:a6:37:
                    a5:1b:3a:89:7d:97:35:3d:73:40:d3:de:08:54:fa:
                    67:c9:c9:99:d5:3d:ef:4f:20:86:ce:dd:b5:9f:16:
                    10:21:ad:d7:b8:83:d4:c6:07:61:3f:bc:3e:82:ba:
                    47:5d:58:77:8b:f2:dc:a4:d5:51:59:a7:c7:e8:06:
                    55:e3:98:61:c5:89:16:9a:f3:d1:54:18:99:dd:27:
                    41:13:89:48:2d:91:cc:bf:01:55:ac:44:97:a1:97:
                    0e:4d:12:98:c1:62:58:93:d3:f6:72:29:ee:d8:07:
                    7d:c3:86:76:91:7e:90:7b:58:67:6e:d7:07:b5:e3:
                    34:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:57:37:BB:10:BC:48:63:33:9F:43:4D:D2:29:37:2B:5C:8A:AB:54
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS137409.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:77:02:8c:7f:ca:b4:d8:8b:fe:6c:38:58:0a:e5:b7:10:18:
         1d:bc:49:5c:84:e0:55:53:6b:d4:f7:1d:c5:0c:69:4d:86:c2:
         ab:aa:5b:98:bc:16:85:77:08:d7:7e:16:93:68:58:db:a8:b5:
         9e:9f:6e:f4:44:f4:d4:2f:85:78:94:ed:99:09:55:4d:26:e1:
         55:9c:bc:6c:c5:27:aa:60:14:79:2f:fd:06:6e:54:bb:c8:50:
         17:8d:de:d8:cd:f3:f9:1b:fd:ca:65:21:e2:28:da:53:bb:17:
         1a:47:b6:10:13:56:d5:7e:22:c3:88:ae:7f:f6:85:ac:35:ff:
         9d:2e:e6:8e:d1:43:34:04:09:bb:40:6d:6c:43:e4:3b:a3:c6:
         03:23:78:c4:dd:49:9a:6e:d4:e1:27:52:24:d7:3e:36:26:3b:
         b7:6b:9c:51:6c:26:ad:dc:dc:2f:98:4b:c8:95:09:b2:8f:90:
         fc:db:b3:36:64:8f:86:f2:b0:88:1f:e2:94:74:86:0b:a7:0c:
         65:99:75:74:66:75:27:95:71:2c:ae:8c:93:16:f8:30:9a:b6:
         16:80:4e:34:71:55:eb:0e:9d:89:88:09:e1:21:09:17:72:14:
         83:d4:5b:51:8a:dd:97:b2:bc:95:4d:22:ac:c5:ff:a6:a8:89:
         d3:10:1b:6e
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUd4JIrpooojRRGMUZdk0fz41g+g0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAzMjAyMTE4NTVaFw0yNTAzMTkyMTIzNTVaMDMxMTAvBgNV
BAMTKDlGNTczN0JCMTBCQzQ4NjMzMzlGNDM0REQyMjkzNzJCNUM4QUFCNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS0XJac+U+gYeJVtZiScR3AHUl
7RTDctC71a8N6jlkgVas66pndj3eYb++vETAz1+Ztbme+KGRhwnvQdTTVvW7Hrjj
ng2ZrjuL5NA2XtWHul7eCpP6i6A5IoBEYlzSjTM1Ppm7EVwYvn4j2rOP/WrNweGG
wiEm/FFAmaVyhyvxU9p6plemN6UbOol9lzU9c0DT3ghU+mfJyZnVPe9PIIbO3bWf
FhAhrde4g9TGB2E/vD6CukddWHeL8tyk1VFZp8foBlXjmGHFiRaa89FUGJndJ0ET
iUgtkcy/AVWsRJehlw5NEpjBYliT0/ZyKe7YB33DhnaRfpB7WGdu1we14zRTAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUn1c3uxC8SGMzn0NN0ik3K1yKq1QwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTM3NDA5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAZ9ZEMA0GCSqGSIb3DQEBCwUAA4IBAQBOdwKMf8q0
2Iv+bDhYCuW3EBgdvElchOBVU2vU9x3FDGlNhsKrqluYvBaFdwjXfhaTaFjbqLWe
n270RPTUL4V4lO2ZCVVNJuFVnLxsxSeqYBR5L/0GblS7yFAXjd7YzfP5G/3KZSHi
KNpTuxcaR7YQE1bVfiLDiK5/9oWsNf+dLuaO0UM0BAm7QG1sQ+Q7o8YDI3jE3Uma
btThJ1Ik1z42Jju3a5xRbCat3NwvmEvIlQmyj5D827M2ZI+G8rCIH+KUdIYLpwxl
mXV0ZnUnlXEsroyTFvgwmrYWgE40cVXrDp2JiAnhIQkXchSD1FtRit2XsryVTSKs
xf+mqInTEBtu
-----END CERTIFICATE-----