Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS149020.roa
File:                     AS149020.roa (raw, json)
Hash identifier:          N/N2ShLdyBP/pBJ/+q7kqJux9yNTX9hKhaK/pJ9P9g8=
Subject key identifier:   F2:DC:02:67:82:80:33:57:C4:B3:3C:B7:ED:F2:25:2F:88:BB:AC:AB
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       5A26788B9E5DEE8F0D7A20430D2529E173DA5471
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS149020.roa
Signing time:             Thu 12 Dec 2024 19:30:19 +0000
ROA not before:           Thu 12 Dec 2024 19:25:19 +0000
ROA not after:            Thu 11 Dec 2025 19:30:19 +0000
asID:                     149020
IP address blocks:        27.0.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 15:28:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:26:78:8b:9e:5d:ee:8f:0d:7a:20:43:0d:25:29:e1:73:da:54:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec 12 19:25:19 2024 GMT
            Not After : Dec 11 19:30:19 2025 GMT
        Subject: CN=F2DC026782803357C4B33CB7EDF2252F88BBACAB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f4:47:20:9f:1b:b6:51:3a:9c:88:9e:61:bb:
                    3b:c5:9d:dd:5c:43:b1:d9:ec:f3:d1:a2:26:e1:d7:
                    ab:f1:ed:85:c9:a7:6b:6b:2f:10:62:0c:16:f5:b1:
                    df:21:f5:cd:3d:59:21:4c:71:19:18:b3:6b:19:04:
                    b7:bf:31:4a:65:d4:f1:4a:a2:5a:37:1b:12:ae:26:
                    6b:4a:dd:7e:28:7e:42:d8:83:65:54:d3:50:fd:d6:
                    3a:be:a0:ad:60:7f:54:f9:0f:b0:9a:25:ce:19:df:
                    b3:97:9f:a8:94:de:2b:50:16:db:0c:3f:77:b5:50:
                    16:28:3c:3a:52:79:d3:da:75:af:61:0b:d7:f5:bb:
                    0e:5d:19:0e:d8:88:ee:2b:7f:02:dd:34:35:2a:88:
                    7c:15:c5:96:9d:c4:72:c7:17:ba:81:08:37:2c:e6:
                    58:bc:63:3e:84:74:c4:ae:b1:04:91:c6:c9:c0:a1:
                    10:2c:3a:05:1a:08:5e:dc:0e:06:e0:32:b5:9f:59:
                    0a:60:84:23:72:de:56:9d:83:3a:d3:c0:88:93:ec:
                    d1:35:0d:66:59:32:61:01:c7:53:85:9e:f5:ba:8b:
                    89:ae:cf:cf:5a:ea:70:8f:a7:ea:89:bc:09:97:53:
                    66:1d:a0:fc:7d:e8:dc:d0:37:de:ec:6b:d7:de:06:
                    8a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:DC:02:67:82:80:33:57:C4:B3:3C:B7:ED:F2:25:2F:88:BB:AC:AB
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS149020.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.0.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:e2:d5:3b:a7:ae:db:ed:dc:39:ca:c8:aa:b1:80:26:4f:8c:
         88:20:4b:c6:c6:9c:dc:94:31:11:3b:23:c0:0a:28:65:00:df:
         64:e7:23:ad:2f:a2:ef:68:57:17:bc:05:8e:68:e5:97:a6:da:
         2f:2b:44:c0:e2:0d:8b:0b:59:1e:58:47:88:44:9c:c5:d4:8f:
         7b:79:e5:85:4b:57:27:d9:9c:06:79:ef:c6:aa:56:b5:25:6d:
         73:78:ad:e3:17:e3:b6:63:a5:9f:ee:15:fb:6e:6b:80:79:c6:
         a6:ea:bd:b0:23:b5:3f:0a:57:91:a5:4d:b4:1b:c3:f2:81:3e:
         3d:90:d7:0e:d4:69:9f:e1:33:6a:94:ac:a5:7d:8f:f8:17:7e:
         6e:83:75:24:15:a6:aa:26:74:ca:49:64:23:1a:12:4e:f2:86:
         de:38:c7:5d:c7:85:d0:8f:67:f9:c4:e0:3a:1d:e3:e5:cf:9e:
         f4:b2:99:8a:6c:9e:8a:f5:e6:c4:3d:f1:9f:bf:98:7d:25:64:
         6d:f6:bd:d8:96:50:57:e8:1a:8b:35:5f:1e:c2:87:f9:b5:89:
         86:8e:e2:5a:3d:05:a1:cb:d2:37:ea:b6:98:b1:a9:90:ba:ef:
         8a:49:d9:c7:01:d8:30:5b:f3:69:0f:ae:1b:c8:4e:04:12:73:
         c8:ca:08:82
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUWiZ4i55d7o8NeiBDDSUp4XPaVHEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDEyMTIxOTI1MTlaFw0yNTEyMTExOTMwMTlaMDMxMTAvBgNV
BAMTKEYyREMwMjY3ODI4MDMzNTdDNEIzM0NCN0VERjIyNTJGODhCQkFDQUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo9Ecgnxu2UTqciJ5huzvFnd1c
Q7HZ7PPRoibh16vx7YXJp2trLxBiDBb1sd8h9c09WSFMcRkYs2sZBLe/MUpl1PFK
olo3GxKuJmtK3X4ofkLYg2VU01D91jq+oK1gf1T5D7CaJc4Z37OXn6iU3itQFtsM
P3e1UBYoPDpSedPada9hC9f1uw5dGQ7YiO4rfwLdNDUqiHwVxZadxHLHF7qBCDcs
5li8Yz6EdMSusQSRxsnAoRAsOgUaCF7cDgbgMrWfWQpghCNy3ladgzrTwIiT7NE1
DWZZMmEBx1OFnvW6i4muz89a6nCPp+qJvAmXU2YdoPx96NzQN97sa9feBop3AgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQU8twCZ4KAM1fEszy37fIlL4i7rKswHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTQ5MDIwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAGwDqMA0GCSqGSIb3DQEBCwUAA4IBAQDG4tU7p67b
7dw5ysiqsYAmT4yIIEvGxpzclDEROyPACihlAN9k5yOtL6LvaFcXvAWOaOWXptov
K0TA4g2LC1keWEeIRJzF1I97eeWFS1cn2ZwGee/Gqla1JW1zeK3jF+O2Y6Wf7hX7
bmuAecam6r2wI7U/CleRpU20G8PygT49kNcO1Gmf4TNqlKylfY/4F35ug3UkFaaq
JnTKSWQjGhJO8obeOMddx4XQj2f5xOA6HePlz570spmKbJ6K9ebEPfGfv5h9JWRt
9r3YllBX6BqLNV8ewof5tYmGjuJaPQWhy9I36raYsamQuu+KSdnHAdgwW/NpD64b
yE4EEnPIygiC
-----END CERTIFICATE-----