Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS138995.roa
File:                     AS138995.roa (raw, json)
Hash identifier:          ObMXZIKIjTUfIsQa+l7tBB3hsFZuFkOVKi45cJNJTME=
Subject key identifier:   16:18:15:CF:62:05:12:87:34:A5:A0:66:86:D6:19:78:7E:13:00:49
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       1F66F4E7EEF7C9A4573C63BDF21CB7973FD7227D
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS138995.roa
Signing time:             Wed 10 Jan 2024 11:10:54 +0000
ROA not before:           Wed 10 Jan 2024 11:05:54 +0000
ROA not after:            Wed 08 Jan 2025 11:10:54 +0000
asID:                     138995
IP address blocks:        27.0.235.0/24 maxlen: 24
                          81.31.208.0/24 maxlen: 24
                          103.214.70.0/24 maxlen: 24
                          144.48.83.0/24 maxlen: 24
                          185.121.169.0/24 maxlen: 24
                          185.121.170.0/24 maxlen: 24
                          185.121.178.0/24 maxlen: 24
                          185.121.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 23:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:66:f4:e7:ee:f7:c9:a4:57:3c:63:bd:f2:1c:b7:97:3f:d7:22:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan 10 11:05:54 2024 GMT
            Not After : Jan  8 11:10:54 2025 GMT
        Subject: CN=161815CF6205128734A5A06686D619787E130049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b8:84:f0:26:8c:cf:9f:43:f3:e0:b1:44:c2:
                    46:41:a3:d5:e2:77:7a:0a:61:fd:45:43:c0:fb:ed:
                    74:d3:55:31:94:2e:96:31:9d:8d:e1:cc:20:34:61:
                    20:04:b3:10:58:52:c7:3a:e7:59:a3:69:1b:0a:2a:
                    fa:d1:f4:d0:aa:ac:de:6d:8d:94:44:80:b6:3d:f3:
                    db:ea:bb:2f:85:4a:c0:11:7d:42:a8:ea:8e:96:31:
                    92:c8:c5:aa:66:a1:c8:3d:e9:2b:7a:f2:2d:01:f3:
                    d9:f8:38:e6:91:77:d1:74:2e:5a:fb:b9:b6:e0:a3:
                    23:41:34:07:e7:1c:ac:db:01:9c:cd:5f:2f:db:ad:
                    16:ba:24:33:97:9a:87:35:c6:cb:94:7d:48:34:d7:
                    78:73:53:45:68:92:a9:cd:9c:0c:ce:e7:b5:e4:9d:
                    af:96:a6:2b:1a:2f:b0:f3:40:8b:9f:e6:2b:7c:58:
                    44:8d:50:7d:95:57:cd:f7:58:5b:0b:ad:1c:80:f0:
                    b6:d5:2e:b7:36:53:55:2b:a0:48:8d:58:84:46:30:
                    65:be:b6:7b:7d:db:5f:43:57:03:15:a1:3f:4c:2a:
                    36:41:c4:f3:5b:de:35:b1:ad:91:33:39:f4:08:f6:
                    74:04:9e:6c:5c:92:42:b0:86:06:67:17:91:d3:19:
                    16:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:18:15:CF:62:05:12:87:34:A5:A0:66:86:D6:19:78:7E:13:00:49
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS138995.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.0.235.0/24
                  81.31.208.0/24
                  103.214.70.0/24
                  144.48.83.0/24
                  185.121.169.0-185.121.170.255
                  185.121.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:70:4e:3e:8b:81:dd:fb:a1:ed:9a:4b:5f:c0:52:5e:a9:f7:
         93:10:a1:63:fb:93:08:a5:d2:da:18:7c:10:ae:7e:59:9b:b2:
         97:df:4b:9f:b5:21:85:aa:f5:b5:b2:ef:f8:91:e3:99:49:b5:
         af:5b:2b:10:4b:b3:04:1e:4a:9d:b3:fe:72:05:ad:b3:e9:eb:
         7c:60:ae:11:dc:f1:a8:70:bb:3e:cf:31:c9:b3:a7:50:0a:f5:
         cc:8d:d1:98:bb:3e:ed:83:de:c0:64:06:42:ee:52:4d:7f:b4:
         97:c1:49:f6:88:68:16:7a:46:3c:67:8a:9f:3c:6c:e0:45:7a:
         90:9c:61:91:8f:69:7b:3b:05:f5:5f:c6:e1:01:ea:dd:7c:bf:
         38:6d:3f:64:97:b5:b2:ec:06:14:9b:22:26:4e:50:61:9f:47:
         fc:b8:59:a9:c8:61:b1:bc:d7:6c:eb:e1:6e:ee:1f:5d:13:38:
         f7:fe:5a:ad:90:c8:90:19:53:4e:0a:fd:44:9a:9d:bb:86:15:
         61:7f:ce:be:c8:d9:1f:54:90:73:85:0f:54:d3:c3:d1:b7:7b:
         29:d1:fc:78:8b:b5:ae:a1:e8:94:7c:32:d2:c5:df:14:28:22:
         e8:c8:60:26:85:4a:2f:40:40:80:31:d3:e6:17:93:8a:b8:81:
         03:24:d5:59
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUH2b05+73yaRXPGO98hy3lz/XIn0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMTAxMTA1NTRaFw0yNTAxMDgxMTEwNTRaMDMxMTAvBgNV
BAMTKDE2MTgxNUNGNjIwNTEyODczNEE1QTA2Njg2RDYxOTc4N0UxMzAwNDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVuITwJozPn0Pz4LFEwkZBo9Xi
d3oKYf1FQ8D77XTTVTGULpYxnY3hzCA0YSAEsxBYUsc651mjaRsKKvrR9NCqrN5t
jZREgLY989vquy+FSsARfUKo6o6WMZLIxapmocg96St68i0B89n4OOaRd9F0Llr7
ubbgoyNBNAfnHKzbAZzNXy/brRa6JDOXmoc1xsuUfUg013hzU0VokqnNnAzO57Xk
na+WpisaL7DzQIuf5it8WESNUH2VV833WFsLrRyA8LbVLrc2U1UroEiNWIRGMGW+
tnt9219DVwMVoT9MKjZBxPNb3jWxrZEzOfQI9nQEnmxckkKwhgZnF5HTGRZpAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUFhgVz2IFEoc0paBmhtYZeH4TAEkwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTM4OTk1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEH
AQH/BDYwNDAyBAIAATAsAwQAGwDrAwQAUR/QAwQAZ9ZGAwQAkDBTMAwDBAC5eakD
BAC5eaoDBAG5ebIwDQYJKoZIhvcNAQELBQADggEBAF5wTj6Lgd37oe2aS1/AUl6p
95MQoWP7kwil0toYfBCuflmbspffS5+1IYWq9bWy7/iR45lJta9bKxBLswQeSp2z
/nIFrbPp63xgrhHc8ahwuz7PMcmzp1AK9cyN0Zi7Pu2D3sBkBkLuUk1/tJfBSfaI
aBZ6Rjxnip88bOBFepCcYZGPaXs7BfVfxuEB6t18vzhtP2SXtbLsBhSbIiZOUGGf
R/y4WanIYbG812zr4W7uH10TOPf+Wq2QyJAZU04K/USanbuGFWF/zr7I2R9UkHOF
D1TTw9G3eynR/HiLta6h6JR8MtLF3xQoIujIYCaFSi9AQIAx0+YXk4q4gQMk1Vk=
-----END CERTIFICATE-----
Generated at Fri Mar 29 07:07:09 2024 by rpki-client on console-ams.rpki-client.org