Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213122.roa
File:                     AS213122.roa (raw, json)
Hash identifier:          Bn48ge9dAoO+3v/Rr3ojQzgnBvBM5UXtUXwY0ydeIYM=
Subject key identifier:   C5:E6:82:CE:4F:0F:B0:EA:B1:F4:A4:36:F9:55:34:4D:2D:6A:E4:DB
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       4DC5BCE0D5385013C6FB46E6199D365BCD1F16E5
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213122.roa
Signing time:             Tue 05 Dec 2023 02:44:14 +0000
ROA not before:           Tue 05 Dec 2023 02:39:14 +0000
ROA not after:            Tue 03 Dec 2024 02:44:14 +0000
asID:                     213122
IP address blocks:        185.147.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:c5:bc:e0:d5:38:50:13:c6:fb:46:e6:19:9d:36:5b:cd:1f:16:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:14 2023 GMT
            Not After : Dec  3 02:44:14 2024 GMT
        Subject: CN=C5E682CE4F0FB0EAB1F4A436F955344D2D6AE4DB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:0b:89:97:3d:23:81:bf:77:30:6d:95:cb:34:
                    f4:df:b7:c0:06:56:eb:75:fc:fc:78:d8:16:81:39:
                    fa:70:78:2a:65:b1:26:39:a7:27:64:73:f1:88:4a:
                    8d:e7:a0:8b:97:f6:38:91:2b:13:14:91:8e:72:e7:
                    fa:38:b8:29:ac:fd:54:86:b4:09:91:13:86:f0:ac:
                    9b:fc:e1:3b:d7:8a:17:d0:e2:ee:5f:87:a5:f1:82:
                    e7:a0:e8:5c:ab:3f:12:f8:25:73:61:d8:09:66:eb:
                    33:53:f6:e7:36:fa:50:80:31:8d:6b:ef:2e:14:9b:
                    60:7d:34:fd:6c:fd:af:2d:b5:a3:e1:8f:1e:56:c6:
                    b1:e8:80:19:43:96:c6:a7:61:83:b3:ce:20:c8:b4:
                    37:9e:da:e5:e7:af:dd:dd:69:c6:cc:1b:89:ae:db:
                    8e:96:e3:0d:9d:6b:94:45:03:39:e8:11:cc:ac:42:
                    91:68:77:0d:a6:db:78:2e:93:e0:0a:7e:1b:c1:3a:
                    4e:6c:f0:39:c9:1b:05:f1:12:05:60:01:e0:9d:11:
                    8d:8f:30:13:cb:14:5f:65:68:f5:98:8c:69:7c:49:
                    b8:06:91:3c:f8:a5:bf:28:97:6c:e3:3f:79:da:92:
                    40:92:dc:31:4e:e9:72:d7:6b:a5:38:68:4e:05:bf:
                    08:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:E6:82:CE:4F:0F:B0:EA:B1:F4:A4:36:F9:55:34:4D:2D:6A:E4:DB
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213122.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:94:8d:e6:7d:da:6d:6e:20:d0:b7:26:a1:40:72:1f:38:75:
         bc:a2:79:e6:f7:12:6c:a9:71:5d:ec:fe:48:81:c6:25:67:e0:
         4e:3a:23:6c:b6:94:14:5a:73:1b:16:9a:f6:b1:bf:0a:db:36:
         c6:ce:3c:08:e1:58:7b:22:40:ac:8a:4e:23:2f:f8:f9:9d:e8:
         4c:e7:60:f3:dc:04:60:7c:45:2c:9f:0f:88:1a:c6:ec:79:25:
         cb:59:b7:4e:13:20:59:79:f5:da:d7:30:86:b2:5f:17:95:2f:
         2e:95:42:95:08:43:d2:7a:b6:44:35:7f:d2:ca:bf:ff:d2:b3:
         52:45:f7:e0:92:e6:16:96:87:56:90:fb:29:0a:05:d1:5b:3e:
         92:75:5c:cf:e5:da:e9:c4:c3:f9:15:66:28:3f:0b:b9:1e:02:
         4e:09:8f:cc:25:a6:79:5d:8c:86:95:5a:d3:6f:92:95:13:40:
         0e:4e:bc:7f:06:39:33:27:83:7e:65:35:ae:74:f9:5a:6a:0e:
         80:fb:21:bc:bc:24:6f:81:46:44:82:71:d3:0f:8f:9e:b2:f4:
         8d:83:1f:0b:bd:04:8a:dc:4e:06:78:f8:d4:b2:a6:bb:a5:7a:
         c6:17:03:35:85:2b:58:1d:6a:56:7c:d1:66:7e:d2:5d:88:45:
         bc:45:5b:7e
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUTcW84NU4UBPG+0bmGZ02W80fFuUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTRaFw0yNDEyMDMwMjQ0MTRaMDMxMTAvBgNV
BAMTKEM1RTY4MkNFNEYwRkIwRUFCMUY0QTQzNkY5NTUzNDREMkQ2QUU0REIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZC4mXPSOBv3cwbZXLNPTft8AG
Vut1/Px42BaBOfpweCplsSY5pydkc/GISo3noIuX9jiRKxMUkY5y5/o4uCms/VSG
tAmRE4bwrJv84TvXihfQ4u5fh6Xxgueg6FyrPxL4JXNh2Alm6zNT9uc2+lCAMY1r
7y4Um2B9NP1s/a8ttaPhjx5WxrHogBlDlsanYYOzziDItDee2uXnr93dacbMG4mu
246W4w2da5RFAznoEcysQpFodw2m23guk+AKfhvBOk5s8DnJGwXxEgVgAeCdEY2P
MBPLFF9laPWYjGl8SbgGkTz4pb8ol2zjP3nakkCS3DFO6XLXa6U4aE4FvwgBAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUxeaCzk8PsOqx9KQ2+VU0TS1q5NswHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEzMTIyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAuZMiMA0GCSqGSIb3DQEBCwUAA4IBAQDGlI3mfdpt
biDQtyahQHIfOHW8onnm9xJsqXFd7P5IgcYlZ+BOOiNstpQUWnMbFpr2sb8K2zbG
zjwI4Vh7IkCsik4jL/j5nehM52Dz3ARgfEUsnw+IGsbseSXLWbdOEyBZefXa1zCG
sl8XlS8ulUKVCEPSerZENX/Syr//0rNSRffgkuYWlodWkPspCgXRWz6SdVzP5drp
xMP5FWYoPwu5HgJOCY/MJaZ5XYyGlVrTb5KVE0AOTrx/BjkzJ4N+ZTWudPlaag6A
+yG8vCRvgUZEgnHTD4+esvSNgx8LvQSK3E4GePjUsqa7pXrGFwM1hStYHWpWfNFm
ftJdiEW8RVt+
-----END CERTIFICATE-----