Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS138995.roa
File:                     AS138995.roa (raw, json)
Hash identifier:          rUwkkI7LT7wYzf+Shgm7ZB+wYdvwXdRrgd4d7iEjfIw=
Subject key identifier:   6D:0F:49:44:FA:A3:AA:A2:DF:CF:30:DF:15:5F:58:F9:74:43:A1:97
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       0A0C34F213C3D086627F38BCEA5AD21065C0573C
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS138995.roa
Signing time:             Tue 03 Jan 2023 02:07:04 +0000
ROA not before:           Tue 03 Jan 2023 02:02:04 +0000
ROA not after:            Tue 02 Jan 2024 02:07:04 +0000
asID:                     138995
IP address blocks:        185.121.170.0/24 maxlen: 24
                          185.121.178.0/24 maxlen: 24
                          185.121.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 07:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:0c:34:f2:13:c3:d0:86:62:7f:38:bc:ea:5a:d2:10:65:c0:57:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan  3 02:02:04 2023 GMT
            Not After : Jan  2 02:07:04 2024 GMT
        Subject: CN=6D0F4944FAA3AAA2DFCF30DF155F58F97443A197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:65:00:e8:81:3f:61:be:49:07:80:e7:fd:59:
                    a8:3c:78:3e:ea:c2:78:ea:6a:70:fc:db:89:20:d1:
                    35:12:6d:fc:72:8f:3e:66:d6:02:7c:11:cc:27:b1:
                    e3:57:12:84:6c:51:f6:d0:91:37:4e:a6:ca:a8:7b:
                    25:49:43:83:8e:1e:82:08:0e:12:ae:df:ee:46:20:
                    4b:2d:f8:1d:9c:a9:fe:96:04:24:4c:24:a0:9b:95:
                    a1:58:d6:45:a4:a8:3f:b7:3d:b4:e0:0c:85:bc:2b:
                    05:8c:7c:1f:fc:99:ba:e7:95:58:61:83:72:3e:e9:
                    55:cb:28:a9:b2:ba:73:f8:7e:5b:24:bf:3c:a1:fd:
                    5e:f5:82:1b:75:78:f0:5d:f9:0c:b4:9d:03:23:94:
                    10:c3:60:83:2a:1e:7d:ff:45:01:cc:1b:ab:11:94:
                    68:d2:4b:76:6f:84:fe:68:0e:25:c7:f5:8d:5e:02:
                    23:e0:79:f5:46:ee:77:50:0d:10:3f:45:e0:9a:ba:
                    8a:e1:03:5d:d2:8d:5b:99:59:bc:a0:74:5f:db:ed:
                    53:a5:c9:ee:c6:48:53:6c:1d:c9:d9:da:73:16:a1:
                    28:43:c8:b7:55:0e:c6:23:da:ed:9f:7d:e0:c8:ca:
                    86:ac:44:26:8d:2c:0c:74:06:67:24:fd:2b:6b:cb:
                    81:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                6D:0F:49:44:FA:A3:AA:A2:DF:CF:30:DF:15:5F:58:F9:74:43:A1:97
            X509v3 Authority Key Identifier: 
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS138995.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.170.0/24
                  185.121.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:d2:21:4a:87:26:2b:87:d8:59:64:c9:c2:08:3b:8c:72:1f:
         e0:09:c7:3d:e9:8a:36:52:32:61:5a:19:df:3e:9c:8f:77:7c:
         2d:88:d5:e4:72:de:7b:bd:ef:84:85:c9:72:3b:ee:24:c4:c5:
         20:03:5f:5d:d4:50:84:f2:c3:64:18:22:34:60:7d:51:4d:9f:
         2d:34:c7:55:b4:d0:df:5c:84:60:fd:68:40:2e:17:93:14:c0:
         07:e4:ee:c0:b9:c9:3a:92:fa:16:41:cd:3c:e6:20:7d:17:0e:
         c3:60:0a:51:5a:fb:c0:4a:4c:4e:11:30:e8:20:32:59:df:a4:
         77:ba:b1:e4:27:a5:b9:4c:97:10:a4:a2:ce:44:ce:25:93:83:
         29:c5:59:3e:21:18:75:f1:f1:7c:b0:5c:d8:b9:1e:8e:06:0f:
         47:b5:95:65:c5:06:af:9b:c4:ec:2b:2f:89:da:cb:7a:78:5b:
         6e:97:49:7d:c8:a9:17:b5:0c:bb:4f:df:f6:28:44:9b:f1:0e:
         e3:f0:3a:6c:2a:e7:21:e2:5e:25:1f:1c:bd:89:1f:e9:66:5b:
         d6:01:06:ef:a6:df:87:13:a0:7a:db:cb:8d:ac:fb:c8:64:1b:
         8d:8a:ba:57:0f:a4:30:f0:dc:6b:9e:2b:02:d6:f3:52:ff:1c:
         ac:15:79:c2
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUCgw08hPD0IZifzi86lrSEGXAVzwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzAxMDMwMjAyMDRaFw0yNDAxMDIwMjA3MDRaMDMxMTAvBgNV
BAMTKDZEMEY0OTQ0RkFBM0FBQTJERkNGMzBERjE1NUY1OEY5NzQ0M0ExOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFZQDogT9hvkkHgOf9Wag8eD7q
wnjqanD824kg0TUSbfxyjz5m1gJ8EcwnseNXEoRsUfbQkTdOpsqoeyVJQ4OOHoII
DhKu3+5GIEst+B2cqf6WBCRMJKCblaFY1kWkqD+3PbTgDIW8KwWMfB/8mbrnlVhh
g3I+6VXLKKmyunP4flskvzyh/V71ght1ePBd+Qy0nQMjlBDDYIMqHn3/RQHMG6sR
lGjSS3ZvhP5oDiXH9Y1eAiPgefVG7ndQDRA/ReCauorhA13SjVuZWbygdF/b7VOl
ye7GSFNsHcnZ2nMWoShDyLdVDsYj2u2ffeDIyoasRCaNLAx0Bmck/Stry4FNAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUbQ9JRPqjqqLfzzDfFV9Y+XRDoZcwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTM4OTk1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEH
AQH/BBYwFDASBAIAATAMAwQAuXmqAwQBuXmyMA0GCSqGSIb3DQEBCwUAA4IBAQCT
0iFKhyYrh9hZZMnCCDuMch/gCcc96Yo2UjJhWhnfPpyPd3wtiNXkct57ve+Ehcly
O+4kxMUgA19d1FCE8sNkGCI0YH1RTZ8tNMdVtNDfXIRg/WhALheTFMAH5O7Auck6
kvoWQc085iB9Fw7DYApRWvvASkxOETDoIDJZ36R3urHkJ6W5TJcQpKLORM4lk4Mp
xVk+IRh18fF8sFzYuR6OBg9HtZVlxQavm8TsKy+J2st6eFtul0l9yKkXtQy7T9/2
KESb8Q7j8DpsKuch4l4lHxy9iR/pZlvWAQbvpt+HE6B628uNrPvIZBuNirpXD6Qw
8NxrnisC1vNS/xysFXnC
-----END CERTIFICATE-----