Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209709.roa
File:                     AS209709.roa (raw, json)
Hash identifier:          K6emQ2PReqc3eCsuFjx3/LdI4A9ymlUeNnXe7QdPd6w=
Subject key identifier:   20:B7:F7:58:1B:5E:95:15:64:7F:E3:9D:0D:1A:1E:1C:68:4C:3B:67
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       1DF2DE012ABABA26D8FA66349750B38CC91D3D61
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209709.roa
Signing time:             Mon 26 Aug 2024 15:39:59 +0000
ROA not before:           Mon 26 Aug 2024 15:34:59 +0000
ROA not after:            Mon 25 Aug 2025 15:39:59 +0000
asID:                     209709
IP address blocks:        185.236.212.0/24 maxlen: 24
                          185.236.213.0/24 maxlen: 24
                          185.236.214.0/24 maxlen: 24
                          185.236.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 11:21:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:f2:de:01:2a:ba:ba:26:d8:fa:66:34:97:50:b3:8c:c9:1d:3d:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Aug 26 15:34:59 2024 GMT
            Not After : Aug 25 15:39:59 2025 GMT
        Subject: CN=20B7F7581B5E9515647FE39D0D1A1E1C684C3B67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:50:45:0b:aa:24:b6:50:80:4a:65:3a:b6:53:
                    79:21:9b:98:ba:2a:9e:3e:69:5e:b2:0c:7f:a4:34:
                    a7:02:3f:4a:5f:82:6e:27:33:23:8d:7e:85:77:59:
                    8d:9b:f8:e4:48:46:7a:b8:af:a6:75:2d:47:3a:0d:
                    bd:94:cb:50:ca:d0:f9:83:3a:e6:64:11:17:e2:dc:
                    62:b7:82:d8:96:2a:5a:9b:2c:4b:4c:a0:d7:06:33:
                    2b:21:bd:b1:bf:00:65:66:51:9f:16:fa:dd:2f:31:
                    54:da:5f:5b:17:e1:ce:fb:03:97:da:a8:de:98:3e:
                    cf:0e:ac:58:3f:3c:28:32:ce:e1:4c:19:ec:34:39:
                    a2:a0:74:e7:1b:ea:e1:55:45:54:7f:a8:54:60:89:
                    6c:3e:4e:8d:35:73:bf:63:24:80:8d:91:b8:83:e3:
                    18:17:a1:92:a4:8c:76:5a:6a:ed:d3:cf:c4:b1:a0:
                    04:7d:21:02:4d:47:49:d4:24:46:18:62:d1:ce:25:
                    1e:52:0a:46:af:e1:06:24:c5:bc:82:a3:04:e7:d4:
                    4c:10:99:96:a0:a6:84:52:ee:cf:1c:c8:8e:3c:b7:
                    5d:39:74:31:7d:7c:1b:91:b4:7b:7a:b9:e8:90:9a:
                    d8:29:61:4e:ae:5b:11:e2:ca:2d:73:4a:35:75:49:
                    b6:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:B7:F7:58:1B:5E:95:15:64:7F:E3:9D:0D:1A:1E:1C:68:4C:3B:67
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209709.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:1e:72:c6:04:af:8c:02:b3:93:24:b7:fb:05:89:bd:ed:53:
         3e:8c:42:e8:41:3f:8d:dc:37:90:17:29:51:92:a2:ff:e5:c0:
         68:9f:d5:98:a9:84:eb:cf:06:d8:17:33:7d:f8:6b:30:03:67:
         f8:77:0b:fd:81:02:c9:38:e9:f0:e8:2f:11:fc:86:21:48:54:
         9b:ac:70:aa:9b:a3:57:cc:07:fd:2b:f5:83:27:a3:32:54:35:
         36:1b:6d:8c:82:3c:c4:61:99:83:ba:3b:8b:02:0e:7a:96:66:
         94:75:87:0f:63:49:88:7a:52:01:e2:7d:02:e2:8d:88:cb:4d:
         5a:f3:5b:8e:50:d7:34:f8:f8:9b:19:1a:07:19:a1:ea:7a:53:
         1f:46:ad:8f:5a:91:84:85:1e:c4:c1:b9:bd:96:74:e9:39:86:
         77:0d:ea:f4:59:53:17:66:6c:71:ff:87:84:f8:53:32:10:48:
         d4:c8:09:b1:87:c1:00:69:dc:f9:cd:b0:f4:9c:56:c8:e9:77:
         18:d7:0d:7d:f3:3b:14:76:18:2b:2d:ab:3b:f2:c6:d4:cf:29:
         30:4c:59:a6:16:1a:05:5e:ae:1f:c5:7d:73:29:e1:7d:39:a4:
         45:c5:38:e2:5e:68:ba:d8:d0:52:11:fe:8a:04:ff:ba:96:a0:
         6e:4f:58:47
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUHfLeASq6uibY+mY0l1CzjMkdPWEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA4MjYxNTM0NTlaFw0yNTA4MjUxNTM5NTlaMDMxMTAvBgNV
BAMTKDIwQjdGNzU4MUI1RTk1MTU2NDdGRTM5RDBEMUExRTFDNjg0QzNCNjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4UEULqiS2UIBKZTq2U3khm5i6
Kp4+aV6yDH+kNKcCP0pfgm4nMyONfoV3WY2b+ORIRnq4r6Z1LUc6Db2Uy1DK0PmD
OuZkERfi3GK3gtiWKlqbLEtMoNcGMyshvbG/AGVmUZ8W+t0vMVTaX1sX4c77A5fa
qN6YPs8OrFg/PCgyzuFMGew0OaKgdOcb6uFVRVR/qFRgiWw+To01c79jJICNkbiD
4xgXoZKkjHZaau3Tz8SxoAR9IQJNR0nUJEYYYtHOJR5SCkav4QYkxbyCowTn1EwQ
mZagpoRS7s8cyI48t105dDF9fBuRtHt6ueiQmtgpYU6uWxHiyi1zSjV1Sbb9AgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUILf3WBtelRVkf+OdDRoeHGhMO2cwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA5NzA5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQCuezUMA0GCSqGSIb3DQEBCwUAA4IBAQCQHnLGBK+M
ArOTJLf7BYm97VM+jELoQT+N3DeQFylRkqL/5cBon9WYqYTrzwbYFzN9+GswA2f4
dwv9gQLJOOnw6C8R/IYhSFSbrHCqm6NXzAf9K/WDJ6MyVDU2G22MgjzEYZmDujuL
Ag56lmaUdYcPY0mIelIB4n0C4o2Iy01a81uOUNc0+PibGRoHGaHqelMfRq2PWpGE
hR7Ewbm9lnTpOYZ3Der0WVMXZmxx/4eE+FMyEEjUyAmxh8EAadz5zbD0nFbI6XcY
1w198zsUdhgrLas78sbUzykwTFmmFhoFXq4fxX1zKeF9OaRFxTjiXmi62NBSEf6K
BP+6lqBuT1hH
-----END CERTIFICATE-----