Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS198125.roa
File:                     AS198125.roa (raw, json)
Hash identifier:          7sH/tK6DM1+Y01TtZ52/gug/f7S0WuGsv5SKReBo4EY=
Subject key identifier:   2E:C2:3A:46:48:62:8C:69:89:9B:B8:A9:B6:A7:C0:C3:88:59:51:8E
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       6568ABD6AC72B962B81D34E76B3612102A1C1017
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS198125.roa
Signing time:             Fri 10 May 2024 20:22:21 +0000
ROA not before:           Fri 10 May 2024 20:17:21 +0000
ROA not after:            Fri 09 May 2025 20:22:21 +0000
asID:                     198125
IP address blocks:        27.0.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:68:ab:d6:ac:72:b9:62:b8:1d:34:e7:6b:36:12:10:2a:1c:10:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: May 10 20:17:21 2024 GMT
            Not After : May  9 20:22:21 2025 GMT
        Subject: CN=2EC23A4648628C69899BB8A9B6A7C0C38859518E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:29:0f:03:e9:8e:cc:1a:fa:a5:54:d9:a9:4c:
                    ba:7a:f1:72:34:7b:78:c0:c9:05:e2:25:fe:97:cc:
                    67:0f:aa:b0:04:1e:51:e2:ae:35:b6:c6:23:1b:b3:
                    fc:f1:19:2f:1a:46:f7:67:30:d4:78:39:a2:ad:06:
                    df:12:a5:85:e9:4e:fd:74:74:6b:36:ba:63:6b:b4:
                    77:0a:16:1c:61:4e:19:99:b3:5c:a8:05:76:0c:3d:
                    43:1f:6c:ce:cc:06:f0:ca:c2:fa:8a:09:a7:80:68:
                    68:f5:7b:0b:0d:66:ac:e5:af:bf:d6:aa:36:bd:fd:
                    98:d1:63:c7:38:7d:42:21:23:de:fb:cc:ef:79:f0:
                    9c:08:81:30:70:51:1c:08:2e:ab:37:5a:9c:79:f8:
                    8f:0f:fb:66:12:66:4b:3e:ce:2f:fd:a2:ec:9b:5b:
                    c2:03:dc:a9:3f:51:47:d5:b8:51:29:f7:09:18:eb:
                    ab:94:1d:ee:33:40:2b:51:b1:3b:bc:8b:50:b3:fb:
                    4b:12:6a:c0:47:25:3d:55:f3:4c:4e:65:bb:8c:66:
                    68:fb:86:29:41:de:7c:ef:f5:97:ef:72:03:b7:bf:
                    8b:c2:5e:f1:61:84:62:e6:82:2e:9d:24:90:6c:0f:
                    be:75:2d:43:97:1d:e3:dc:ff:ae:11:52:b7:14:a7:
                    29:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:C2:3A:46:48:62:8C:69:89:9B:B8:A9:B6:A7:C0:C3:88:59:51:8E
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS198125.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.0.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:5b:c2:f0:83:fd:f8:c3:c2:ff:a3:17:00:19:67:b0:4b:50:
         25:68:d7:f3:93:cf:0c:d1:63:c7:f4:37:dd:9f:24:4a:ca:f9:
         0f:d0:71:30:73:8e:e6:19:2e:6d:07:53:23:30:47:fd:a2:32:
         e2:0d:a4:be:47:b0:e3:f2:f3:c8:63:e3:db:5b:b5:40:05:20:
         8d:ec:a2:97:b2:55:a9:78:08:b6:42:df:60:9e:27:53:40:97:
         cc:3f:fe:a2:6e:7c:b5:15:12:30:40:f9:6d:e8:93:90:c3:94:
         e5:ed:8e:82:7e:cc:87:84:62:2e:cd:e7:85:8e:8e:9d:a0:3e:
         6e:25:4d:e1:22:71:4f:b0:20:f5:3f:cd:74:c7:5d:f9:20:70:
         77:c5:d3:13:f9:63:ba:46:bf:1a:02:30:12:99:8e:4f:45:59:
         61:4b:2d:d3:6e:95:14:33:b7:75:f4:1e:13:0a:e2:cb:de:1a:
         19:1e:90:7c:64:8b:77:ec:72:0f:26:ec:bb:82:7e:26:9d:ab:
         cf:ff:a0:1a:e5:29:18:3e:6f:81:cb:84:ed:6a:0c:44:47:ca:
         e0:d9:f6:2b:58:53:5d:e0:d1:77:80:d6:bb:9a:9e:a5:b5:7e:
         de:b2:f5:c2:b0:90:8f:85:ba:99:5d:61:57:16:a5:f0:ba:13:
         85:ed:c8:b3
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUZWir1qxyuWK4HTTnazYSECocEBcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA1MTAyMDE3MjFaFw0yNTA1MDkyMDIyMjFaMDMxMTAvBgNV
BAMTKDJFQzIzQTQ2NDg2MjhDNjk4OTlCQjhBOUI2QTdDMEMzODg1OTUxOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0KQ8D6Y7MGvqlVNmpTLp68XI0
e3jAyQXiJf6XzGcPqrAEHlHirjW2xiMbs/zxGS8aRvdnMNR4OaKtBt8SpYXpTv10
dGs2umNrtHcKFhxhThmZs1yoBXYMPUMfbM7MBvDKwvqKCaeAaGj1ewsNZqzlr7/W
qja9/ZjRY8c4fUIhI977zO958JwIgTBwURwILqs3Wpx5+I8P+2YSZks+zi/9ouyb
W8ID3Kk/UUfVuFEp9wkY66uUHe4zQCtRsTu8i1Cz+0sSasBHJT1V80xOZbuMZmj7
hilB3nzv9ZfvcgO3v4vCXvFhhGLmgi6dJJBsD751LUOXHePc/64RUrcUpym1AgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQULsI6RkhijGmJm7iptqfAw4hZUY4wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTk4MTI1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAGwDpMA0GCSqGSIb3DQEBCwUAA4IBAQC4W8Lwg/34
w8L/oxcAGWewS1AlaNfzk88M0WPH9DfdnyRKyvkP0HEwc47mGS5tB1MjMEf9ojLi
DaS+R7Dj8vPIY+PbW7VABSCN7KKXslWpeAi2Qt9gnidTQJfMP/6ibny1FRIwQPlt
6JOQw5Tl7Y6CfsyHhGIuzeeFjo6doD5uJU3hInFPsCD1P810x135IHB3xdMT+WO6
Rr8aAjASmY5PRVlhSy3TbpUUM7d19B4TCuLL3hoZHpB8ZIt37HIPJuy7gn4mnavP
/6Aa5SkYPm+By4TtagxER8rg2fYrWFNd4NF3gNa7mp6ltX7esvXCsJCPhbqZXWFX
FqXwuhOF7ciz
-----END CERTIFICATE-----