Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS20326.roa
File:                     AS20326.roa (raw, json)
Hash identifier:          8mFnEGz4UE+umkB/dBZr/6GA82l56Z6vR6QclO2imIU=
Subject key identifier:   4E:A1:A3:84:54:33:02:4E:D9:70:95:95:EA:45:28:E8:96:8F:ED:A3
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       49118F226AED5FA22F5A51FB5BFA2D467873CC23
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS20326.roa
Signing time:             Mon 04 Sep 2023 13:21:15 +0000
ROA not before:           Mon 04 Sep 2023 13:16:15 +0000
ROA not after:            Mon 02 Sep 2024 13:21:15 +0000
asID:                     20326
IP address blocks:        103.214.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:11:8f:22:6a:ed:5f:a2:2f:5a:51:fb:5b:fa:2d:46:78:73:cc:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Sep  4 13:16:15 2023 GMT
            Not After : Sep  2 13:21:15 2024 GMT
        Subject: CN=4EA1A3845433024ED9709595EA4528E8968FEDA3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:59:f9:75:d6:92:30:80:69:76:18:05:3c:65:
                    ef:04:df:c3:c2:aa:1e:f4:b6:e4:ba:54:22:70:bf:
                    0c:bb:d2:ec:21:34:8b:2b:74:15:63:68:ee:2b:1c:
                    ba:23:38:90:91:f2:7e:b4:38:89:9e:17:18:cd:ed:
                    97:96:91:ee:a4:0b:47:81:95:50:6f:72:65:ce:9f:
                    1e:7c:89:7d:99:ee:c9:24:25:8c:e6:8a:c8:95:3b:
                    9c:4c:9d:c1:e8:83:99:29:40:b4:1f:58:db:a8:ac:
                    61:fe:16:4b:23:82:97:bb:d9:ac:3a:35:7c:1d:86:
                    82:99:4f:8a:24:8e:17:6b:2b:6b:04:0a:02:14:ff:
                    5c:95:e9:11:b7:64:49:89:a9:56:9d:e5:c5:cc:b8:
                    28:64:1f:87:c9:3b:00:8b:33:ee:aa:be:81:fd:91:
                    d3:3c:fe:4f:db:03:ae:88:d9:d9:1b:ee:e6:bb:20:
                    cd:99:76:7a:76:ee:3f:5c:c3:0c:54:af:00:52:8d:
                    81:9c:a2:00:2a:ca:ef:38:e7:e6:4b:60:6e:78:67:
                    01:55:8d:f9:b8:ea:ca:23:26:28:e2:2a:f6:79:8f:
                    2a:75:a8:6b:8f:c1:8e:0a:9b:d5:c2:57:c1:55:e3:
                    a9:02:21:d1:d9:b7:0c:fe:ea:b6:4c:60:66:eb:11:
                    e0:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:A1:A3:84:54:33:02:4E:D9:70:95:95:EA:45:28:E8:96:8F:ED:A3
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS20326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:43:8d:e9:57:00:c1:2b:b7:f9:d2:77:09:76:d1:26:69:a8:
         31:87:35:13:52:8b:17:77:d8:ab:b8:47:90:89:c0:76:1c:e0:
         70:c8:57:3e:85:20:11:3f:41:e9:fb:48:64:6a:c4:b4:ff:d2:
         5f:1f:38:86:b6:a2:c3:3e:f4:63:8f:1c:55:6f:fa:7f:47:12:
         13:17:29:ed:ec:a2:89:cc:42:a0:20:4e:21:79:01:72:c5:c1:
         35:27:42:83:73:bc:00:5c:c3:29:8c:f0:01:49:24:43:b9:b0:
         57:3d:a8:40:bd:81:7f:85:0e:c4:c3:b3:c5:0e:01:9d:a7:19:
         ca:82:23:87:96:87:3c:23:3e:37:6a:df:f4:30:29:b9:31:af:
         84:55:69:ed:78:65:20:ae:2c:c5:fc:32:72:b2:66:c7:f4:0d:
         9b:42:27:fa:b6:b5:e7:ef:42:bf:eb:10:49:61:05:b2:98:2a:
         0f:8c:1b:e8:33:3c:c6:bb:79:c3:fd:68:2c:c2:76:61:eb:83:
         d0:94:2f:87:4d:ba:24:eb:e4:0f:a2:f5:c1:02:cf:27:06:93:
         35:93:8e:ff:71:a5:0d:0d:d4:94:17:56:dc:6b:73:40:84:58:
         e8:04:4f:62:5b:f4:6d:4a:ce:76:18:01:c6:1d:85:a0:95:84:
         a6:5a:e1:6c
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUSRGPImrtX6IvWlH7W/otRnhzzCMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzA5MDQxMzE2MTVaFw0yNDA5MDIxMzIxMTVaMDMxMTAvBgNV
BAMTKDRFQTFBMzg0NTQzMzAyNEVEOTcwOTU5NUVBNDUyOEU4OTY4RkVEQTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4Wfl11pIwgGl2GAU8Ze8E38PC
qh70tuS6VCJwvwy70uwhNIsrdBVjaO4rHLojOJCR8n60OImeFxjN7ZeWke6kC0eB
lVBvcmXOnx58iX2Z7skkJYzmisiVO5xMncHog5kpQLQfWNuorGH+Fksjgpe72aw6
NXwdhoKZT4okjhdrK2sECgIU/1yV6RG3ZEmJqVad5cXMuChkH4fJOwCLM+6qvoH9
kdM8/k/bA66I2dkb7ua7IM2Zdnp27j9cwwxUrwBSjYGcogAqyu845+ZLYG54ZwFV
jfm46sojJijiKvZ5jyp1qGuPwY4Km9XCV8FV46kCIdHZtwz+6rZMYGbrEeBvAgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUTqGjhFQzAk7ZcJWV6kUo6JaP7aMwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAzMjYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBABn1kcwDQYJKoZIhvcNAQELBQADggEBAKZDjelXAMEr
t/nSdwl20SZpqDGHNRNSixd32Ku4R5CJwHYc4HDIVz6FIBE/Qen7SGRqxLT/0l8f
OIa2osM+9GOPHFVv+n9HEhMXKe3soonMQqAgTiF5AXLFwTUnQoNzvABcwymM8AFJ
JEO5sFc9qEC9gX+FDsTDs8UOAZ2nGcqCI4eWhzwjPjdq3/QwKbkxr4RVae14ZSCu
LMX8MnKyZsf0DZtCJ/q2tefvQr/rEElhBbKYKg+MG+gzPMa7ecP9aCzCdmHrg9CU
L4dNuiTr5A+i9cECzycGkzWTjv9xpQ0N1JQXVtxrc0CEWOgET2Jb9G1KznYYAcYd
haCVhKZa4Ww=
-----END CERTIFICATE-----