Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203333.roa
File:                     AS203333.roa (raw, json)
Hash identifier:          +M3wvYhTFdLrX6weE2QyGUiJ/5F0H7MWD6P6iKRITnU=
Subject key identifier:   8B:D0:5A:BF:7E:35:34:62:8D:77:6B:AB:AD:13:D1:87:82:B7:9F:5A
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       70E48C829805F59CFD6394DF8425C3FEF5B0D098
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203333.roa
Signing time:             Thu 11 Jan 2024 15:49:21 +0000
ROA not before:           Thu 11 Jan 2024 15:44:21 +0000
ROA not after:            Thu 09 Jan 2025 15:49:21 +0000
asID:                     203333
IP address blocks:        81.31.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:e4:8c:82:98:05:f5:9c:fd:63:94:df:84:25:c3:fe:f5:b0:d0:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan 11 15:44:21 2024 GMT
            Not After : Jan  9 15:49:21 2025 GMT
        Subject: CN=8BD05ABF7E3534628D776BABAD13D18782B79F5A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4e:e9:75:39:46:bc:cd:6d:c1:d4:5f:34:29:
                    8c:9a:8c:d5:91:41:b3:fe:06:69:ba:ca:98:a4:54:
                    da:7d:42:a4:26:42:0e:19:63:83:d6:80:af:8b:cf:
                    9e:29:e6:bc:cd:bd:47:de:db:59:da:96:0d:f5:2e:
                    47:3c:0f:7e:8d:c6:45:4a:8c:2b:fd:0e:df:19:88:
                    00:39:d3:53:b4:72:9b:f2:9f:d0:57:b8:43:ef:a6:
                    be:45:39:72:8c:d2:a7:56:e7:2d:72:4c:29:8a:72:
                    ee:35:97:5f:2c:58:cc:ba:48:62:12:c5:a3:ee:23:
                    9a:08:97:65:6c:e5:fc:a2:16:7b:27:aa:41:bc:f9:
                    b5:dd:ed:3d:5a:fc:eb:a4:69:78:21:20:62:4a:c5:
                    e4:88:ae:2d:76:0c:aa:e0:65:b1:e1:a5:47:82:fb:
                    ae:eb:18:72:f8:53:81:e9:b1:1c:33:cf:58:de:ac:
                    57:b5:e1:41:b9:7f:58:70:41:c9:de:39:63:ef:ef:
                    84:8b:df:f3:1f:30:3f:95:86:3c:68:fd:fd:06:06:
                    20:1e:4f:bc:df:b2:a4:13:a6:88:b0:cb:f9:da:da:
                    4d:5c:12:72:ae:d9:38:47:ba:e3:cf:4e:cd:c1:f8:
                    fc:fb:37:fc:ee:1d:34:fe:03:56:80:20:5a:f6:b8:
                    ac:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:D0:5A:BF:7E:35:34:62:8D:77:6B:AB:AD:13:D1:87:82:B7:9F:5A
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:8e:e1:06:41:86:ca:18:99:6a:fd:9e:94:fc:f9:d3:f5:cf:
         62:4e:8b:1d:1e:5d:c1:03:e8:62:3c:50:a9:6e:70:a9:20:39:
         16:ca:81:51:89:24:04:af:12:b3:bc:bd:a3:7d:08:f0:74:60:
         1f:9d:28:8c:75:b4:8c:e0:e2:c5:63:00:88:ba:ef:67:74:51:
         e1:31:e2:83:7d:47:eb:4a:6c:a3:b6:31:d5:4c:22:df:62:a7:
         3b:0e:81:08:fb:0b:83:7c:d8:46:4b:2e:e8:70:2f:f4:7f:db:
         e5:7b:a8:f8:76:5a:a2:da:3c:0a:56:be:52:92:bb:92:16:92:
         e4:2c:2a:94:c3:1c:29:07:bb:08:3f:bc:ed:85:43:be:b6:86:
         02:7f:5a:c5:c5:74:53:72:25:92:1a:be:88:f9:f2:b9:1d:5b:
         9a:ac:f8:60:e0:82:5a:50:83:9b:fb:00:e9:8a:42:a4:02:a4:
         ab:ec:e9:4f:1f:20:db:e4:56:7b:21:df:ed:62:b7:54:bd:dd:
         e4:90:d8:6a:1d:ac:d2:6c:b1:b9:49:eb:e5:8c:f3:fe:f2:c8:
         ca:62:fd:aa:9b:51:05:c6:3f:bd:3c:63:f9:75:e6:cf:d0:7a:
         3a:6b:99:c4:89:12:39:06:f8:f7:36:78:ee:65:37:b6:0b:0f:
         8d:b1:b3:2e
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUcOSMgpgF9Zz9Y5TfhCXD/vWw0JgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMTExNTQ0MjFaFw0yNTAxMDkxNTQ5MjFaMDMxMTAvBgNV
BAMTKDhCRDA1QUJGN0UzNTM0NjI4RDc3NkJBQkFEMTNEMTg3ODJCNzlGNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqTul1OUa8zW3B1F80KYyajNWR
QbP+Bmm6ypikVNp9QqQmQg4ZY4PWgK+Lz54p5rzNvUfe21nalg31Lkc8D36NxkVK
jCv9Dt8ZiAA501O0cpvyn9BXuEPvpr5FOXKM0qdW5y1yTCmKcu41l18sWMy6SGIS
xaPuI5oIl2Vs5fyiFnsnqkG8+bXd7T1a/OukaXghIGJKxeSIri12DKrgZbHhpUeC
+67rGHL4U4HpsRwzz1jerFe14UG5f1hwQcneOWPv74SL3/MfMD+Vhjxo/f0GBiAe
T7zfsqQTpoiwy/na2k1cEnKu2ThHuuPPTs3B+Pz7N/zuHTT+A1aAIFr2uKxpAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUi9Bav341NGKNd2urrRPRh4K3n1owHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAzMzMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAUR/VMA0GCSqGSIb3DQEBCwUAA4IBAQBYjuEGQYbK
GJlq/Z6U/PnT9c9iTosdHl3BA+hiPFCpbnCpIDkWyoFRiSQErxKzvL2jfQjwdGAf
nSiMdbSM4OLFYwCIuu9ndFHhMeKDfUfrSmyjtjHVTCLfYqc7DoEI+wuDfNhGSy7o
cC/0f9vle6j4dlqi2jwKVr5SkruSFpLkLCqUwxwpB7sIP7zthUO+toYCf1rFxXRT
ciWSGr6I+fK5HVuarPhg4IJaUIOb+wDpikKkAqSr7OlPHyDb5FZ7Id/tYrdUvd3k
kNhqHazSbLG5SevljPP+8sjKYv2qm1EFxj+9PGP5debP0Ho6a5nEiRI5Bvj3Nnju
ZTe2Cw+NsbMu
-----END CERTIFICATE-----