Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203098.roa
File:                     AS203098.roa (raw, json)
Hash identifier:          Bu2J67l0KAY98fOIeWts4/rRZdAFrKEtFHR2bNMSOpk=
Subject key identifier:   72:F1:7B:71:2D:32:CF:B7:2A:8E:24:BD:00:B1:A5:8F:1B:D4:3E:83
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       3800D03952AE4F12AA18A8C7C6BA536A85D78CD0
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203098.roa
Signing time:             Mon 05 Aug 2024 13:39:58 +0000
ROA not before:           Mon 05 Aug 2024 13:34:58 +0000
ROA not after:            Mon 04 Aug 2025 13:39:58 +0000
asID:                     203098
IP address blocks:        103.230.143.0/24 maxlen: 24
                          185.90.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:00:d0:39:52:ae:4f:12:aa:18:a8:c7:c6:ba:53:6a:85:d7:8c:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Aug  5 13:34:58 2024 GMT
            Not After : Aug  4 13:39:58 2025 GMT
        Subject: CN=72F17B712D32CFB72A8E24BD00B1A58F1BD43E83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:66:f6:3d:06:62:07:f3:af:3f:ac:c3:da:61:
                    d4:23:2c:0e:60:00:f0:83:b3:de:d9:fd:17:b9:fc:
                    b1:ce:46:aa:7f:bd:79:bc:98:b1:30:55:9d:5a:d8:
                    4d:b6:d1:c7:5a:a6:ae:b7:73:cf:f9:9c:a7:24:08:
                    c2:62:0a:40:44:c5:6b:77:da:63:60:a1:60:56:1c:
                    c4:44:de:37:9e:4b:b0:c7:12:4d:b5:83:ae:89:70:
                    4a:29:66:b5:aa:ab:05:fe:73:45:b5:24:38:c2:66:
                    5f:16:8c:e5:b0:9c:b4:96:6e:b2:ac:f0:f8:b3:90:
                    2c:8c:17:0c:09:37:d1:1d:e9:f4:d7:1d:33:67:65:
                    98:16:1f:c2:45:dd:d9:8b:98:b3:c0:20:be:94:8d:
                    41:d3:ea:b8:99:6e:41:f8:95:f7:0f:d1:47:af:69:
                    fc:ab:42:e3:b6:cd:4f:28:49:80:89:dc:3e:10:d4:
                    30:0c:59:72:a7:d2:9b:0b:81:83:39:93:82:9a:ca:
                    b5:5f:0f:cd:c4:07:9d:df:42:ef:bf:4c:26:db:e9:
                    a9:80:45:f4:01:3a:f3:cc:b8:c3:31:a5:31:6f:46:
                    f1:26:25:79:01:6a:d1:5b:fc:fc:25:1e:92:fd:fb:
                    55:f2:9c:b3:41:66:d3:32:0f:ea:5a:c5:b1:7f:b2:
                    a8:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:F1:7B:71:2D:32:CF:B7:2A:8E:24:BD:00:B1:A5:8F:1B:D4:3E:83
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203098.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.230.143.0/24
                  185.90.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:e2:66:62:c6:5a:88:d0:f3:7d:9f:e0:3f:07:a9:a1:ea:98:
         d8:fe:f2:5b:d7:c7:39:09:b2:6a:a9:21:91:a2:f8:32:79:98:
         34:df:7c:5e:5c:27:0f:89:b6:b7:7a:45:e7:56:5b:34:5b:ef:
         31:3d:68:b0:b5:9e:5b:a7:ca:f0:f0:9e:74:65:3e:7b:6d:91:
         fa:4e:be:31:e7:ed:0d:ce:d2:73:da:31:3e:3c:ba:c8:5a:85:
         9a:fd:1d:6b:8f:66:a8:e8:59:3e:ab:83:01:d1:c3:7b:72:70:
         6c:84:6f:4e:98:70:19:59:27:1b:2b:7a:ca:91:4a:3a:6f:ff:
         4f:18:f3:aa:1a:09:4f:22:dc:19:f2:3c:7f:5b:a0:97:85:ed:
         36:93:92:0f:0d:aa:42:f5:57:bb:03:09:61:f9:76:ab:bb:15:
         2f:b0:93:c6:ba:07:7d:38:43:73:5f:30:50:8d:fc:13:77:93:
         54:d0:cb:e8:e8:45:2c:8d:e4:76:4d:ee:d7:cc:7a:6c:48:24:
         d1:58:ff:5e:05:7f:ff:26:07:39:62:0d:c7:67:ae:68:89:86:
         3b:18:81:cf:01:0b:28:50:61:a3:e9:38:d7:7a:fb:99:78:9b:
         23:fb:5a:f0:78:71:37:eb:b4:4e:03:f4:bd:69:a0:e8:62:9f:
         b6:04:1f:7d
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUOADQOVKuTxKqGKjHxrpTaoXXjNAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA4MDUxMzM0NThaFw0yNTA4MDQxMzM5NThaMDMxMTAvBgNV
BAMTKDcyRjE3QjcxMkQzMkNGQjcyQThFMjRCRDAwQjFBNThGMUJENDNFODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6ZvY9BmIH868/rMPaYdQjLA5g
APCDs97Z/Re5/LHORqp/vXm8mLEwVZ1a2E220cdapq63c8/5nKckCMJiCkBExWt3
2mNgoWBWHMRE3jeeS7DHEk21g66JcEopZrWqqwX+c0W1JDjCZl8WjOWwnLSWbrKs
8PizkCyMFwwJN9Ed6fTXHTNnZZgWH8JF3dmLmLPAIL6UjUHT6riZbkH4lfcP0Uev
afyrQuO2zU8oSYCJ3D4Q1DAMWXKn0psLgYM5k4KayrVfD83EB53fQu+/TCbb6amA
RfQBOvPMuMMxpTFvRvEmJXkBatFb/PwlHpL9+1XynLNBZtMyD+paxbF/sqjbAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUcvF7cS0yz7cqjiS9ALGljxvUPoMwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAzMDk4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEH
AQH/BBYwFDASBAIAATAMAwQAZ+aPAwQAuVo/MA0GCSqGSIb3DQEBCwUAA4IBAQCI
4mZixlqI0PN9n+A/B6mh6pjY/vJb18c5CbJqqSGRovgyeZg033xeXCcPiba3ekXn
Vls0W+8xPWiwtZ5bp8rw8J50ZT57bZH6Tr4x5+0NztJz2jE+PLrIWoWa/R1rj2ao
6Fk+q4MB0cN7cnBshG9OmHAZWScbK3rKkUo6b/9PGPOqGglPItwZ8jx/W6CXhe02
k5IPDapC9Ve7Awlh+XaruxUvsJPGugd9OENzXzBQjfwTd5NU0Mvo6EUsjeR2Te7X
zHpsSCTRWP9eBX//Jgc5Yg3HZ65oiYY7GIHPAQsoUGGj6TjXevuZeJsj+1rweHE3
67ROA/S9aaDoYp+2BB99
-----END CERTIFICATE-----