Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203218.roa
File:                     AS203218.roa (raw, json)
Hash identifier:          cdXNBQm5AJc5cjMsbWFPjQJkDLUHYOmS3pnwczeyRK4=
Subject key identifier:   BE:E9:81:52:23:92:21:2F:D3:32:A3:FA:9B:B6:DC:05:69:89:A7:7E
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       3680AE33DF1DE8EC2645B2C39491EBF99597D04E
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203218.roa
Signing time:             Tue 30 Jul 2024 21:19:20 +0000
ROA not before:           Tue 30 Jul 2024 21:14:20 +0000
ROA not after:            Tue 29 Jul 2025 21:19:20 +0000
asID:                     203218
IP address blocks:        144.48.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:80:ae:33:df:1d:e8:ec:26:45:b2:c3:94:91:eb:f9:95:97:d0:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jul 30 21:14:20 2024 GMT
            Not After : Jul 29 21:19:20 2025 GMT
        Subject: CN=BEE981522392212FD332A3FA9BB6DC056989A77E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:57:57:66:d4:e9:34:a8:1a:dd:bc:71:37:ae:
                    67:c8:a5:63:44:cf:0f:a9:f1:47:59:11:81:d8:ba:
                    1b:80:54:42:04:ef:a3:a4:b3:e8:5e:76:8b:23:d2:
                    4d:56:14:d1:2a:8a:e6:2e:08:da:0e:a0:bd:55:7b:
                    96:48:a3:cb:d3:a8:f6:2b:8b:1b:bc:d9:78:d0:50:
                    dd:c6:58:22:f8:b1:88:c4:b5:f3:96:0c:b9:cb:2d:
                    4b:43:2b:72:f6:19:9e:69:c2:46:b0:29:9d:f4:ba:
                    81:77:52:11:50:d0:b9:99:32:2b:47:0f:cd:3a:9c:
                    cf:be:40:4c:2c:89:a4:df:8a:68:5f:41:12:58:10:
                    78:c6:e7:c0:a0:fe:ea:94:0a:26:74:1f:97:2a:0e:
                    ed:9c:dc:16:7e:cf:28:06:14:b3:e7:f9:cf:7a:40:
                    6d:dd:36:87:78:13:df:47:1c:15:b6:23:91:eb:a3:
                    71:85:58:da:dc:c1:75:a5:00:a0:4d:b7:02:19:ed:
                    21:e3:76:1c:bc:73:c9:61:b9:f5:fc:04:c8:f6:ff:
                    03:bb:7f:1c:77:20:92:6e:6f:9d:f5:90:08:05:a4:
                    2a:e1:f9:b3:b5:68:fe:31:9b:0e:c6:24:8e:a3:7d:
                    3c:e6:8c:52:88:bd:f8:88:92:34:27:6b:3e:dd:f7:
                    e8:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:E9:81:52:23:92:21:2F:D3:32:A3:FA:9B:B6:DC:05:69:89:A7:7E
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203218.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.48.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:57:fb:5e:10:23:cb:dc:db:c7:09:12:55:e4:b2:98:0a:3b:
         a1:ef:e9:49:f9:d4:0f:2c:cf:73:55:41:b2:cc:6f:3a:de:da:
         bf:6c:f4:54:a5:bd:ef:ea:59:32:83:d6:de:39:4c:5f:01:01:
         86:31:01:ba:5b:1a:cb:5e:7c:5b:c5:ef:cc:04:d9:75:7b:c5:
         f6:6f:e4:13:0d:a1:22:86:21:87:ce:e8:48:ff:6e:2f:22:b8:
         51:1d:f1:e8:64:e9:86:7f:3e:2e:e6:0f:ab:c7:f7:8d:a5:f4:
         77:8d:d9:49:29:e1:1e:9a:10:dd:0b:7d:60:48:1e:85:ae:8a:
         f0:6b:a6:a5:70:71:0c:0a:fa:0b:99:59:ee:23:96:21:a7:a3:
         17:5d:f1:cc:3e:37:0d:49:53:bb:df:4c:90:af:9d:a9:b8:57:
         f3:ba:86:a4:14:42:11:82:a3:30:85:19:ca:9d:8c:a6:4f:4b:
         76:dc:e6:73:4c:38:f5:de:4b:8f:f5:aa:a5:6b:71:63:8c:f1:
         90:f9:2d:74:7b:7a:1b:b8:bd:0e:9e:09:f8:61:17:f8:0a:9f:
         b1:d5:16:e0:eb:82:fe:0c:c8:89:bc:fd:05:97:dd:92:9b:ad:
         60:8e:b7:2d:23:e8:6b:1b:63:c3:d8:cd:09:a8:fd:1a:d1:e5:
         a0:d8:19:f2
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUNoCuM98d6OwmRbLDlJHr+ZWX0E4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA3MzAyMTE0MjBaFw0yNTA3MjkyMTE5MjBaMDMxMTAvBgNV
BAMTKEJFRTk4MTUyMjM5MjIxMkZEMzMyQTNGQTlCQjZEQzA1Njk4OUE3N0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJV1dm1Ok0qBrdvHE3rmfIpWNE
zw+p8UdZEYHYuhuAVEIE76Oks+hedosj0k1WFNEqiuYuCNoOoL1Ve5ZIo8vTqPYr
ixu82XjQUN3GWCL4sYjEtfOWDLnLLUtDK3L2GZ5pwkawKZ30uoF3UhFQ0LmZMitH
D806nM++QEwsiaTfimhfQRJYEHjG58Cg/uqUCiZ0H5cqDu2c3BZ+zygGFLPn+c96
QG3dNod4E99HHBW2I5Hro3GFWNrcwXWlAKBNtwIZ7SHjdhy8c8lhufX8BMj2/wO7
fxx3IJJub531kAgFpCrh+bO1aP4xmw7GJI6jfTzmjFKIvfiIkjQnaz7d9+iLAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUvumBUiOSIS/TMqP6m7bcBWmJp34wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAzMjE4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAkDBRMA0GCSqGSIb3DQEBCwUAA4IBAQDKV/teECPL
3NvHCRJV5LKYCjuh7+lJ+dQPLM9zVUGyzG863tq/bPRUpb3v6lkyg9beOUxfAQGG
MQG6WxrLXnxbxe/MBNl1e8X2b+QTDaEihiGHzuhI/24vIrhRHfHoZOmGfz4u5g+r
x/eNpfR3jdlJKeEemhDdC31gSB6Frorwa6alcHEMCvoLmVnuI5Yhp6MXXfHMPjcN
SVO730yQr52puFfzuoakFEIRgqMwhRnKnYymT0t23OZzTDj13kuP9aqla3FjjPGQ
+S10e3obuL0Ongn4YRf4Cp+x1Rbg64L+DMiJvP0Fl92Sm61gjrctI+hrG2PD2M0J
qP0a0eWg2Bny
-----END CERTIFICATE-----