Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS137409.roa
File:                     AS137409.roa (raw, json)
Hash identifier:          ruLuiCqx/aPw1leAfstLLBOSPXHE0bcEmQqOFDsNZ18=
Subject key identifier:   D0:70:4A:CB:32:60:DE:E1:41:1A:79:1E:6C:8B:EA:53:E1:5B:BA:D2
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       4D1878E1080929B16CA71222BC67B4B6A02BAD5F
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS137409.roa
Signing time:             Wed 19 Feb 2025 21:40:16 +0000
ROA not before:           Wed 19 Feb 2025 21:35:16 +0000
ROA not after:            Wed 18 Feb 2026 21:40:16 +0000
asID:                     137409
IP address blocks:        103.214.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:24:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:18:78:e1:08:09:29:b1:6c:a7:12:22:bc:67:b4:b6:a0:2b:ad:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Feb 19 21:35:16 2025 GMT
            Not After : Feb 18 21:40:16 2026 GMT
        Subject: CN=D0704ACB3260DEE1411A791E6C8BEA53E15BBAD2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:4b:28:70:f3:b9:9f:ab:ad:ab:d0:05:39:65:
                    72:24:c0:8d:b6:93:a0:7c:fc:fc:e1:b0:06:cd:87:
                    e7:1c:3d:b7:3c:8e:ef:05:04:fe:ec:28:35:d0:02:
                    65:55:dd:a4:ee:c4:e2:c6:86:a1:15:9a:40:73:95:
                    67:34:ed:84:e4:cd:e8:1b:c8:f4:1c:03:bf:d8:31:
                    d1:ac:3b:50:bb:26:76:8f:f2:78:f3:cb:64:c5:e4:
                    b5:87:16:9f:1f:8d:4d:dc:e6:72:5f:2e:f3:99:59:
                    c2:9a:a3:de:62:d0:54:1c:9f:31:01:a3:21:26:c2:
                    bd:07:27:41:f4:2d:be:35:36:45:00:c7:2f:3c:c2:
                    60:35:2e:e4:d5:58:0c:48:07:70:09:db:aa:af:f7:
                    64:51:ec:8f:79:95:8e:9a:a6:97:da:4e:7c:de:da:
                    97:7c:05:48:97:47:64:a9:31:de:89:3f:0b:a2:c3:
                    d1:40:46:59:68:bd:3d:9f:11:ac:25:03:b8:55:87:
                    6a:b6:ad:29:18:36:94:e3:86:5c:7e:62:88:b9:7e:
                    a6:45:8d:ff:ba:9f:2e:dd:74:f1:1e:b2:bf:f4:37:
                    f7:cc:70:7a:94:51:ee:53:45:43:93:25:a6:be:77:
                    83:d1:cf:03:99:0f:f2:4d:0c:61:c2:7e:6e:c3:a6:
                    38:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:70:4A:CB:32:60:DE:E1:41:1A:79:1E:6C:8B:EA:53:E1:5B:BA:D2
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS137409.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:f4:5b:02:85:33:d7:c9:01:d8:2d:c0:19:16:ca:93:f5:e5:
         52:fd:a7:77:8a:5f:f6:dd:81:e2:31:b4:be:4f:e2:6c:8a:2b:
         34:6a:d4:4a:d9:0a:a9:6e:f7:c9:ec:2d:ec:d5:7e:b2:25:f8:
         dc:e0:70:49:9b:24:af:59:70:d9:8b:09:01:eb:da:37:33:d9:
         15:19:8a:80:11:58:f5:51:ef:1c:de:19:41:6f:d3:e1:69:d9:
         56:a7:94:18:dc:31:45:ba:ea:42:ea:7a:82:21:e9:60:2a:c6:
         08:03:04:6a:ff:c2:a0:6f:03:91:e9:6c:fb:9d:5d:50:48:c8:
         5f:9d:1d:8e:c2:6a:38:07:31:72:02:66:21:18:41:cd:6a:fa:
         a6:41:4a:d7:6a:cb:bb:2e:d0:d8:ab:25:c9:08:05:85:29:37:
         a7:d7:34:39:b2:83:7f:30:0f:ca:56:b4:16:79:88:29:d8:c5:
         5d:c6:53:ca:f8:2c:84:94:04:e3:1c:53:36:01:10:92:98:9e:
         34:e8:f9:b8:07:d7:9e:01:fd:c2:e0:74:5d:00:68:4a:17:df:
         c8:31:e4:2d:b4:c6:58:4f:49:3f:74:b8:94:c0:d8:0e:78:bf:
         ff:5f:bf:de:71:54:68:de:ed:51:87:0b:df:10:cf:77:b1:61:
         1d:5a:46:e0
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUTRh44QgJKbFspxIivGe0tqArrV8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNTAyMTkyMTM1MTZaFw0yNjAyMTgyMTQwMTZaMDMxMTAvBgNV
BAMTKEQwNzA0QUNCMzI2MERFRTE0MTFBNzkxRTZDOEJFQTUzRTE1QkJBRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTSyhw87mfq62r0AU5ZXIkwI22
k6B8/PzhsAbNh+ccPbc8ju8FBP7sKDXQAmVV3aTuxOLGhqEVmkBzlWc07YTkzegb
yPQcA7/YMdGsO1C7JnaP8njzy2TF5LWHFp8fjU3c5nJfLvOZWcKao95i0FQcnzEB
oyEmwr0HJ0H0Lb41NkUAxy88wmA1LuTVWAxIB3AJ26qv92RR7I95lY6appfaTnze
2pd8BUiXR2SpMd6JPwuiw9FARllovT2fEawlA7hVh2q2rSkYNpTjhlx+Yoi5fqZF
jf+6ny7ddPEesr/0N/fMcHqUUe5TRUOTJaa+d4PRzwOZD/JNDGHCfm7DpjjZAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQU0HBKyzJg3uFBGnkebIvqU+FbutIwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTM3NDA5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAZ9ZEMA0GCSqGSIb3DQEBCwUAA4IBAQCL9FsChTPX
yQHYLcAZFsqT9eVS/ad3il/23YHiMbS+T+Jsiis0atRK2QqpbvfJ7C3s1X6yJfjc
4HBJmySvWXDZiwkB69o3M9kVGYqAEVj1Ue8c3hlBb9PhadlWp5QY3DFFuupC6nqC
IelgKsYIAwRq/8KgbwOR6Wz7nV1QSMhfnR2Owmo4BzFyAmYhGEHNavqmQUrXasu7
LtDYqyXJCAWFKTen1zQ5soN/MA/KVrQWeYgp2MVdxlPK+CyElATjHFM2ARCSmJ40
6Pm4B9eeAf3C4HRdAGhKF9/IMeQttMZYT0k/dLiUwNgOeL//X7/ecVRo3u1Rhwvf
EM93sWEdWkbg
-----END CERTIFICATE-----