Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS149020.roa
File:                     AS149020.roa (raw, json)
Hash identifier:          JS0pBGpUIzeHvTAOY7FHW37ijT0Cbtelrpw+EtfMSPs=
Subject key identifier:   B2:0E:C2:B6:71:40:6E:89:50:7C:74:3F:35:DE:3D:AA:BC:F0:EB:A9
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       3B4A6B6C6B65EA70FADC5B458AD4EF2453927A4D
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS149020.roa
Signing time:             Mon 11 Dec 2023 18:50:30 +0000
ROA not before:           Mon 11 Dec 2023 18:45:30 +0000
ROA not after:            Mon 09 Dec 2024 18:50:30 +0000
asID:                     149020
IP address blocks:        27.0.234.0/24 maxlen: 24
                          62.3.6.0/24 maxlen: 24
                          146.19.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:4a:6b:6c:6b:65:ea:70:fa:dc:5b:45:8a:d4:ef:24:53:92:7a:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec 11 18:45:30 2023 GMT
            Not After : Dec  9 18:50:30 2024 GMT
        Subject: CN=B20EC2B671406E89507C743F35DE3DAABCF0EBA9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:e4:e9:4f:26:b0:a9:55:af:a2:f7:07:54:b8:
                    f8:ee:c8:67:c7:23:ed:96:00:cd:e8:62:11:c7:87:
                    ff:13:a3:28:2c:df:76:57:6a:5a:a0:5a:d6:1b:ee:
                    43:d2:52:d8:e2:62:95:d6:04:6d:4f:43:27:60:01:
                    01:39:08:a7:ad:cf:d8:84:cf:47:07:70:7d:37:13:
                    3e:4e:a0:ae:c5:77:a8:7e:e4:c0:0c:62:52:c8:3e:
                    f0:6d:67:15:bd:a9:9f:cc:da:9c:dc:b0:37:bc:59:
                    0d:41:5c:bb:72:db:d6:ee:ad:02:dc:1f:a7:da:f5:
                    19:41:5b:92:5a:a9:20:d3:e1:48:ce:cc:8b:58:fc:
                    05:5b:f4:28:8d:ee:64:54:7d:84:aa:9a:59:4d:70:
                    c8:53:f0:73:ac:99:c9:22:5c:0c:23:b7:b6:66:3c:
                    ee:bf:c9:99:fa:b0:57:c2:91:7a:87:06:fe:a8:5f:
                    65:60:60:49:5c:0f:1d:8e:2d:09:11:23:70:ec:db:
                    e1:e2:27:05:72:91:5b:ec:94:71:9b:34:e5:24:3f:
                    fb:40:cc:69:0a:f0:ac:c7:ca:c4:bb:93:0b:57:74:
                    fd:b1:0b:d9:4d:25:9d:d2:f0:11:ad:25:6f:c1:d1:
                    cc:14:d8:f8:c1:c5:dd:bb:87:b4:92:a2:21:e2:da:
                    f8:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:0E:C2:B6:71:40:6E:89:50:7C:74:3F:35:DE:3D:AA:BC:F0:EB:A9
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS149020.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.0.234.0/24
                  62.3.6.0/24
                  146.19.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:b9:2e:5a:02:24:43:a2:31:f3:7a:38:47:3f:8f:50:89:62:
         d1:8a:91:a6:eb:d5:4d:82:b5:d5:f4:52:21:8e:1a:ab:4f:11:
         a3:66:7f:8c:cd:a4:a2:e5:72:d3:30:de:58:d2:88:5e:ee:d9:
         ff:2b:c9:8c:9e:7d:cc:41:a4:a2:d3:4e:01:56:27:ff:14:86:
         3f:84:a4:01:d1:78:83:b9:50:b7:66:e5:5d:a9:4d:b3:a0:4e:
         f6:7d:fd:9b:02:24:52:25:0c:91:a9:15:28:6e:ba:97:08:6f:
         36:6e:ef:f8:c5:65:cd:e0:83:71:50:13:56:a1:0f:0e:68:c1:
         d7:a7:43:d4:be:06:a5:07:49:a1:f0:b6:12:4d:9d:8e:8c:8e:
         9a:84:b4:9a:be:57:a1:e7:c3:a5:c5:df:2b:60:cb:a2:8a:08:
         c0:f2:db:b6:5b:22:f3:62:5e:f6:c5:a3:0d:3d:58:5c:bf:5e:
         2c:ec:98:db:2c:37:8f:38:66:29:94:49:e8:66:df:3b:25:10:
         26:f2:c0:db:c6:3a:33:b8:d3:67:22:b8:6c:42:94:2e:a1:f2:
         e0:0a:9c:f6:18:bf:18:b0:0c:5a:84:c7:34:31:8b:f1:45:b4:
         70:a1:af:0d:9a:4d:42:85:f2:7e:2f:1b:3a:35:53:49:6b:72:
         a1:20:53:e2
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUO0prbGtl6nD63FtFitTvJFOSek0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMTExODQ1MzBaFw0yNDEyMDkxODUwMzBaMDMxMTAvBgNV
BAMTKEIyMEVDMkI2NzE0MDZFODk1MDdDNzQzRjM1REUzREFBQkNGMEVCQTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl5OlPJrCpVa+i9wdUuPjuyGfH
I+2WAM3oYhHHh/8Toygs33ZXalqgWtYb7kPSUtjiYpXWBG1PQydgAQE5CKetz9iE
z0cHcH03Ez5OoK7Fd6h+5MAMYlLIPvBtZxW9qZ/M2pzcsDe8WQ1BXLty29burQLc
H6fa9RlBW5JaqSDT4UjOzItY/AVb9CiN7mRUfYSqmllNcMhT8HOsmckiXAwjt7Zm
PO6/yZn6sFfCkXqHBv6oX2VgYElcDx2OLQkRI3Ds2+HiJwVykVvslHGbNOUkP/tA
zGkK8KzHysS7kwtXdP2xC9lNJZ3S8BGtJW/B0cwU2PjBxd27h7SSoiHi2vg9AgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUsg7CtnFAbolQfHQ/Nd49qrzw66kwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTQ5MDIwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAATASAwQAGwDqAwQAPgMGAwQAkhNkMA0GCSqGSIb3DQEBCwUA
A4IBAQCRuS5aAiRDojHzejhHP49QiWLRipGm69VNgrXV9FIhjhqrTxGjZn+MzaSi
5XLTMN5Y0ohe7tn/K8mMnn3MQaSi004BVif/FIY/hKQB0XiDuVC3ZuVdqU2zoE72
ff2bAiRSJQyRqRUobrqXCG82bu/4xWXN4INxUBNWoQ8OaMHXp0PUvgalB0mh8LYS
TZ2OjI6ahLSavleh58Olxd8rYMuiigjA8tu2WyLzYl72xaMNPVhcv14s7JjbLDeP
OGYplEnoZt87JRAm8sDbxjozuNNnIrhsQpQuofLgCpz2GL8YsAxahMc0MYvxRbRw
oa8Nmk1ChfJ+Lxs6NVNJa3KhIFPi
-----END CERTIFICATE-----