Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS214188.roa
File:                     AS214188.roa (raw, json)
Hash identifier:          IZYmac3KhH1YfdeFooU+QsB4lxlQCxFXF0vjKm0Vh2o=
Subject key identifier:   88:B7:18:40:B3:20:51:11:54:9A:F9:E9:E9:75:5A:F1:7E:58:F3:27
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       158CFC31DCC068FC0FC66DAD75543A944CE53DE8
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS214188.roa
Signing time:             Wed 18 Sep 2024 10:58:51 +0000
ROA not before:           Wed 18 Sep 2024 10:53:51 +0000
ROA not after:            Wed 17 Sep 2025 10:58:51 +0000
asID:                     214188
IP address blocks:        185.195.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 15:28:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:8c:fc:31:dc:c0:68:fc:0f:c6:6d:ad:75:54:3a:94:4c:e5:3d:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Sep 18 10:53:51 2024 GMT
            Not After : Sep 17 10:58:51 2025 GMT
        Subject: CN=88B71840B3205111549AF9E9E9755AF17E58F327
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:9c:f4:b5:1a:39:75:f8:21:67:b2:b5:46:06:
                    8a:fc:af:b4:52:4d:ff:ce:9d:9c:e4:25:24:53:fa:
                    53:4a:98:6a:8e:2f:25:ec:45:b0:5a:83:66:8b:9d:
                    f6:ae:12:b9:b6:9f:82:56:f0:59:cd:b1:e5:83:bc:
                    26:90:ae:d1:e2:00:e5:90:9b:91:90:d6:b0:2c:29:
                    89:b6:91:55:b5:bb:47:52:f6:76:ad:e7:2f:98:86:
                    00:9d:bb:51:76:40:9a:4c:f3:52:7f:31:c3:2c:cd:
                    44:61:3e:e0:48:f3:4a:e8:9c:40:8a:c4:5c:72:34:
                    a3:15:ec:e4:ae:6c:48:a4:42:df:66:18:96:44:1b:
                    bb:fc:f2:1b:f9:33:bf:91:62:43:79:9b:fe:0c:44:
                    47:6a:68:ca:9d:21:a0:25:67:71:38:cc:03:af:c5:
                    c2:2a:85:4b:4a:4c:cd:22:57:ec:77:5e:9d:f2:7b:
                    3e:47:6d:91:42:c1:1f:6f:b3:2a:27:04:91:d0:fd:
                    8a:6b:22:8f:64:40:0c:7d:79:d9:0a:4b:79:fa:79:
                    f1:72:e2:27:a5:e1:d8:97:b2:40:3f:73:7a:d4:7c:
                    78:aa:06:3d:94:f0:93:2d:14:5c:26:0e:8b:69:e8:
                    23:38:de:b6:c7:f7:17:81:af:2b:ef:96:2c:b9:40:
                    cc:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:B7:18:40:B3:20:51:11:54:9A:F9:E9:E9:75:5A:F1:7E:58:F3:27
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS214188.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:e6:bc:bb:09:99:81:93:11:2c:44:81:8e:2c:bd:94:1f:b3:
         3d:62:53:f4:fc:c2:06:d5:68:a1:05:63:c4:59:4e:55:51:25:
         94:7f:24:76:3f:6c:ee:a8:6a:fe:86:02:ab:7d:62:be:78:b4:
         3d:e9:71:0b:b1:b9:0a:6b:a3:f2:77:9c:58:dc:11:29:98:6f:
         d2:b5:cc:c7:b4:52:7f:5f:86:1a:79:22:09:21:9f:a9:3c:c3:
         5a:de:96:b5:0d:ea:4d:8c:95:6e:54:a8:1a:ca:cc:ec:7c:f7:
         06:40:b3:d5:fb:08:d3:25:c2:46:f8:ff:51:a1:6f:e4:bc:d3:
         a0:3f:b3:f3:eb:6b:4f:4c:63:8a:ce:5f:34:f0:60:51:45:50:
         a1:50:d8:74:74:d6:76:c6:1d:7c:ab:22:6e:97:23:65:5a:f4:
         35:52:f5:4e:3c:3e:15:16:72:48:69:be:5a:b3:fd:3c:fa:74:
         83:23:0d:39:a1:59:34:65:b9:75:c3:cb:33:3f:6b:51:29:39:
         95:20:18:af:7f:85:40:e7:77:58:ec:0f:09:29:bc:32:6e:19:
         bb:d5:7e:a7:0f:99:d4:f0:10:08:9a:0e:d5:9d:ed:95:d4:22:
         b2:58:53:04:e6:bc:27:4c:fe:5e:65:0e:45:9a:68:a4:f0:fc:
         95:96:4f:b1
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUFYz8MdzAaPwPxm2tdVQ6lEzlPegwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA5MTgxMDUzNTFaFw0yNTA5MTcxMDU4NTFaMDMxMTAvBgNV
BAMTKDg4QjcxODQwQjMyMDUxMTE1NDlBRjlFOUU5NzU1QUYxN0U1OEYzMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQnPS1Gjl1+CFnsrVGBor8r7RS
Tf/OnZzkJSRT+lNKmGqOLyXsRbBag2aLnfauErm2n4JW8FnNseWDvCaQrtHiAOWQ
m5GQ1rAsKYm2kVW1u0dS9nat5y+YhgCdu1F2QJpM81J/McMszURhPuBI80ronECK
xFxyNKMV7OSubEikQt9mGJZEG7v88hv5M7+RYkN5m/4MREdqaMqdIaAlZ3E4zAOv
xcIqhUtKTM0iV+x3Xp3yez5HbZFCwR9vsyonBJHQ/YprIo9kQAx9edkKS3n6efFy
4iel4diXskA/c3rUfHiqBj2U8JMtFFwmDotp6CM43rbH9xeBryvvliy5QMyvAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUiLcYQLMgURFUmvnp6XVa8X5Y8ycwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjE0MTg4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAucPuMA0GCSqGSIb3DQEBCwUAA4IBAQC95ry7CZmB
kxEsRIGOLL2UH7M9YlP0/MIG1WihBWPEWU5VUSWUfyR2P2zuqGr+hgKrfWK+eLQ9
6XELsbkKa6Pyd5xY3BEpmG/StczHtFJ/X4YaeSIJIZ+pPMNa3pa1DepNjJVuVKga
yszsfPcGQLPV+wjTJcJG+P9RoW/kvNOgP7Pz62tPTGOKzl808GBRRVChUNh0dNZ2
xh18qyJulyNlWvQ1UvVOPD4VFnJIab5as/08+nSDIw05oVk0Zbl1w8szP2tRKTmV
IBivf4VA53dY7A8JKbwybhm71X6nD5nU8BAImg7Vne2V1CKyWFME5rwnTP5eZQ5F
mmik8PyVlk+x
-----END CERTIFICATE-----