Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213122.roa
File:                     AS213122.roa (raw, json)
Hash identifier:          3LZ60MqVZSkShBQve8bFtTYRUqbe/8s1P7HsXUyjHE4=
Subject key identifier:   60:15:99:DE:AB:B7:2C:CC:9D:08:B5:8C:E7:8E:EB:C2:E0:8D:1E:CA
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       6317A42906C75EC4B89B6F89779F8D006903951B
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213122.roa
Signing time:             Tue 05 Nov 2024 03:40:06 +0000
ROA not before:           Tue 05 Nov 2024 03:35:06 +0000
ROA not after:            Tue 04 Nov 2025 03:40:06 +0000
asID:                     213122
IP address blocks:        185.147.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:17:a4:29:06:c7:5e:c4:b8:9b:6f:89:77:9f:8d:00:69:03:95:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:06 2024 GMT
            Not After : Nov  4 03:40:06 2025 GMT
        Subject: CN=601599DEABB72CCC9D08B58CE78EEBC2E08D1ECA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:31:44:77:c6:6a:ad:56:e4:61:36:d3:16:c7:
                    5c:22:80:84:b3:e4:22:4d:cf:0c:0b:21:63:7d:ce:
                    41:33:16:a9:ac:94:5f:13:1b:4f:e7:3c:24:9a:d9:
                    dc:5e:64:cd:b7:25:ae:f2:04:06:ef:27:bc:18:4d:
                    78:22:f3:a2:3c:2a:3b:92:c3:3d:6a:e6:ba:e8:09:
                    8b:1f:1b:75:36:fc:43:81:19:d3:61:33:a8:e0:69:
                    ff:e2:55:70:a5:0d:e8:50:22:43:ed:1b:1b:d6:84:
                    b4:82:24:f0:fc:6f:8f:e3:99:b3:ac:f4:59:f3:5a:
                    cc:2a:28:ac:7c:8a:c8:6c:66:cf:b1:a2:55:22:7d:
                    9a:e0:6a:b4:30:3f:19:1a:dc:92:f0:e7:4a:32:59:
                    fc:09:86:3c:5e:ca:b9:a9:7c:cb:cd:c0:0a:1a:8c:
                    8b:3d:03:ee:44:dd:44:c9:df:f0:d7:87:db:7b:e2:
                    5d:08:17:ad:54:a2:cf:80:3f:06:0d:ea:36:7f:fe:
                    41:6b:61:44:a2:6f:a6:0b:eb:25:76:ad:c3:b4:90:
                    a4:dc:ca:42:45:fe:59:5e:7d:31:91:04:00:e1:1a:
                    19:43:99:fc:2d:00:aa:4b:0f:3f:d4:9a:99:45:b2:
                    f4:53:74:3f:ef:a9:85:97:3d:61:17:53:49:8d:61:
                    4f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:15:99:DE:AB:B7:2C:CC:9D:08:B5:8C:E7:8E:EB:C2:E0:8D:1E:CA
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213122.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:8f:37:0c:da:15:48:83:79:08:82:84:e9:d6:c6:80:fa:b3:
         10:54:c0:4e:e3:01:20:90:20:3f:3a:ff:ce:f7:33:95:9c:a2:
         e2:95:48:3a:d8:2d:87:85:af:93:f0:93:aa:d9:e8:36:6e:74:
         69:d9:31:61:ed:60:c7:36:6c:a0:32:91:29:af:d5:89:0f:a2:
         1c:1d:6d:c6:bc:bf:17:3c:c4:98:da:3c:82:84:8e:8f:f0:2f:
         5a:16:5c:85:ea:e8:e5:cc:88:6f:4b:10:ca:a0:0c:5f:45:10:
         89:9e:d7:fd:54:34:44:79:53:c6:8e:0d:5e:d5:6c:df:a3:64:
         f3:3c:6a:0e:51:16:60:18:6f:22:0f:18:e8:30:2b:4c:a4:3b:
         c6:65:da:98:9f:fb:7d:7a:06:9b:e9:0f:f3:3f:58:bb:e2:10:
         9d:a7:57:68:21:fd:8a:93:4d:02:e8:fe:b2:b7:87:37:99:56:
         21:4a:20:1d:c8:15:82:47:25:2b:e6:71:93:04:6f:0e:71:6c:
         ea:bf:a3:35:d6:44:10:f0:6f:04:cd:15:68:49:5a:63:b4:78:
         48:49:c2:02:97:35:68:2c:cd:6d:85:91:34:d6:25:cf:77:d5:
         4c:99:1d:ac:05:25:13:1c:5f:87:67:8e:08:b0:07:2d:b2:02:
         f7:5a:ea:0d
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUYxekKQbHXsS4m2+Jd5+NAGkDlRswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDZaFw0yNTExMDQwMzQwMDZaMDMxMTAvBgNV
BAMTKDYwMTU5OURFQUJCNzJDQ0M5RDA4QjU4Q0U3OEVFQkMyRTA4RDFFQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKMUR3xmqtVuRhNtMWx1wigISz
5CJNzwwLIWN9zkEzFqmslF8TG0/nPCSa2dxeZM23Ja7yBAbvJ7wYTXgi86I8KjuS
wz1q5rroCYsfG3U2/EOBGdNhM6jgaf/iVXClDehQIkPtGxvWhLSCJPD8b4/jmbOs
9FnzWswqKKx8ishsZs+xolUifZrgarQwPxka3JLw50oyWfwJhjxeyrmpfMvNwAoa
jIs9A+5E3UTJ3/DXh9t74l0IF61Uos+APwYN6jZ//kFrYUSib6YL6yV2rcO0kKTc
ykJF/llefTGRBADhGhlDmfwtAKpLDz/UmplFsvRTdD/vqYWXPWEXU0mNYU9zAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUYBWZ3qu3LMydCLWM547rwuCNHsowHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEzMTIyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAuZMiMA0GCSqGSIb3DQEBCwUAA4IBAQArjzcM2hVI
g3kIgoTp1saA+rMQVMBO4wEgkCA/Ov/O9zOVnKLilUg62C2Hha+T8JOq2eg2bnRp
2TFh7WDHNmygMpEpr9WJD6IcHW3GvL8XPMSY2jyChI6P8C9aFlyF6ujlzIhvSxDK
oAxfRRCJntf9VDREeVPGjg1e1Wzfo2TzPGoOURZgGG8iDxjoMCtMpDvGZdqYn/t9
egab6Q/zP1i74hCdp1doIf2Kk00C6P6yt4c3mVYhSiAdyBWCRyUr5nGTBG8OcWzq
v6M11kQQ8G8EzRVoSVpjtHhIScIClzVoLM1thZE01iXPd9VMmR2sBSUTHF+HZ44I
sActsgL3WuoN
-----END CERTIFICATE-----