Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS198016.roa
File:                     AS198016.roa (raw, json)
Hash identifier:          gVMQDtxbDUlTdpOtKlH5PGOl8WhZWOzKEIi4UDbh1FI=
Subject key identifier:   2A:6C:1D:44:7F:58:95:16:0E:43:33:A3:03:37:A1:15:4C:92:4D:19
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       168EB240AAC1A9D1DF2E339024D0B8F1EA3A5F72
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS198016.roa
Signing time:             Sun 14 Jan 2024 21:16:15 +0000
ROA not before:           Sun 14 Jan 2024 21:11:15 +0000
ROA not after:            Sun 12 Jan 2025 21:16:15 +0000
asID:                     198016
IP address blocks:        81.31.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:8e:b2:40:aa:c1:a9:d1:df:2e:33:90:24:d0:b8:f1:ea:3a:5f:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan 14 21:11:15 2024 GMT
            Not After : Jan 12 21:16:15 2025 GMT
        Subject: CN=2A6C1D447F5895160E4333A30337A1154C924D19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:fb:08:a3:1c:28:c2:f4:8f:88:90:7f:7b:2a:
                    dc:63:b0:4b:9a:24:f3:94:68:34:64:ce:1f:93:f7:
                    44:09:77:64:1c:3b:b5:08:8e:d9:67:a1:99:b2:4a:
                    3c:07:00:98:72:5a:b3:15:65:67:8d:90:e5:bb:02:
                    63:1c:ea:1a:c9:11:18:2c:ca:d3:af:91:d1:d3:92:
                    68:c8:dd:a9:8d:24:d5:ad:cc:e6:46:92:36:d3:0c:
                    6e:a6:1e:0b:04:7d:37:04:0a:70:db:27:4f:7f:b4:
                    c5:d8:4a:1c:3c:7d:23:02:4e:50:00:96:a1:f1:0b:
                    4d:16:26:c3:f9:3a:f0:91:c2:bb:03:dc:d7:27:4d:
                    e7:b9:67:3a:d4:ff:5d:f2:f1:60:fc:aa:ef:25:1e:
                    e8:ff:9a:db:f7:a8:d9:e8:82:7b:8e:86:87:e5:b4:
                    5b:c5:a3:4f:a7:fb:62:5e:a1:0d:5c:8b:8b:ca:19:
                    b7:f8:4c:91:6b:96:3b:d7:70:89:74:49:c3:af:87:
                    ba:aa:95:71:8c:41:fa:9a:c8:21:7a:8a:18:5b:40:
                    2b:43:0c:4c:38:f7:5b:d1:10:31:10:e7:35:a0:92:
                    56:0b:dc:81:e5:b1:f4:96:8c:df:de:43:d8:e2:ff:
                    a5:5a:3f:2e:e7:96:7f:7f:b1:3b:95:59:3f:b5:7b:
                    e3:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:6C:1D:44:7F:58:95:16:0E:43:33:A3:03:37:A1:15:4C:92:4D:19
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS198016.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:c7:09:e6:d2:43:f2:b3:8d:40:48:85:24:49:07:dc:8d:eb:
         79:71:99:a0:8d:0d:0c:60:eb:da:27:38:ea:26:01:d8:d8:bf:
         40:47:84:ee:42:a7:50:71:de:f8:e8:95:1c:39:3a:fc:26:88:
         84:a8:90:ff:09:bc:2a:34:cc:9e:78:58:2f:de:35:b0:97:c7:
         19:4f:47:c3:36:a0:7b:a3:1f:a3:25:fc:c4:de:80:35:36:5c:
         7c:22:5e:78:49:b8:0b:3b:08:cf:86:3e:37:8b:ce:90:36:84:
         e7:29:ae:1c:38:b3:0c:ef:ae:c0:46:bf:1f:6e:14:0a:c7:9a:
         68:c5:85:57:17:ef:0c:1d:8d:49:95:d8:5c:93:d6:9a:c7:91:
         b2:5c:53:73:37:5a:93:3f:d4:90:94:f9:cb:79:29:18:0e:0a:
         84:01:04:c7:ff:f7:75:10:bb:2b:71:6b:69:83:3e:8a:e5:28:
         2c:53:83:ad:cb:ad:4e:7f:c0:35:86:59:03:1c:e8:5e:12:b2:
         ff:e9:4e:6c:2e:2d:34:9d:e1:42:86:1f:33:09:a7:8e:3b:06:
         a2:94:f5:fd:4d:02:75:0f:39:88:14:e7:58:a2:61:d3:4a:08:
         f6:69:75:99:2e:e1:34:7b:ca:6b:ed:5d:23:ec:d7:4c:2c:23:
         28:05:6c:a8
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUFo6yQKrBqdHfLjOQJNC48eo6X3IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMTQyMTExMTVaFw0yNTAxMTIyMTE2MTVaMDMxMTAvBgNV
BAMTKDJBNkMxRDQ0N0Y1ODk1MTYwRTQzMzNBMzAzMzdBMTE1NEM5MjREMTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4+wijHCjC9I+IkH97KtxjsEua
JPOUaDRkzh+T90QJd2QcO7UIjtlnoZmySjwHAJhyWrMVZWeNkOW7AmMc6hrJERgs
ytOvkdHTkmjI3amNJNWtzOZGkjbTDG6mHgsEfTcECnDbJ09/tMXYShw8fSMCTlAA
lqHxC00WJsP5OvCRwrsD3NcnTee5ZzrU/13y8WD8qu8lHuj/mtv3qNnognuOhofl
tFvFo0+n+2JeoQ1ci4vKGbf4TJFrljvXcIl0ScOvh7qqlXGMQfqayCF6ihhbQCtD
DEw491vREDEQ5zWgklYL3IHlsfSWjN/eQ9ji/6VaPy7nln9/sTuVWT+1e+MJAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUKmwdRH9YlRYOQzOjAzehFUySTRkwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTk4MDE2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAUR/WMA0GCSqGSIb3DQEBCwUAA4IBAQBXxwnm0kPy
s41ASIUkSQfcjet5cZmgjQ0MYOvaJzjqJgHY2L9AR4TuQqdQcd746JUcOTr8JoiE
qJD/CbwqNMyeeFgv3jWwl8cZT0fDNqB7ox+jJfzE3oA1Nlx8Il54SbgLOwjPhj43
i86QNoTnKa4cOLMM767ARr8fbhQKx5poxYVXF+8MHY1Jldhck9aax5GyXFNzN1qT
P9SQlPnLeSkYDgqEAQTH//d1ELsrcWtpgz6K5SgsU4Oty61Of8A1hlkDHOheErL/
6U5sLi00neFChh8zCaeOOwailPX9TQJ1DzmIFOdYomHTSgj2aXWZLuE0e8pr7V0j
7NdMLCMoBWyo
-----END CERTIFICATE-----