Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS215367.roa
File:                     AS215367.roa (raw, json)
Hash identifier:          8h4j14O5qNGr8NWIWyR9dy12Adu8hrQf6lY3AVj3v8Y=
Subject key identifier:   8B:43:3E:DB:30:BE:99:65:50:5A:F3:7B:BB:69:83:F0:A9:2A:DF:2A
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       263A8F002C613890D670335845A94460A0EB32CB
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS215367.roa
Signing time:             Fri 29 Nov 2024 03:52:47 +0000
ROA not before:           Fri 29 Nov 2024 03:47:47 +0000
ROA not after:            Fri 28 Nov 2025 03:52:47 +0000
asID:                     215367
IP address blocks:        160.202.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 13:37:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:3a:8f:00:2c:61:38:90:d6:70:33:58:45:a9:44:60:a0:eb:32:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov 29 03:47:47 2024 GMT
            Not After : Nov 28 03:52:47 2025 GMT
        Subject: CN=8B433EDB30BE9965505AF37BBB6983F0A92ADF2A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:0b:df:4f:e1:49:25:bd:fa:ec:21:68:45:2e:
                    4f:04:a7:8b:2a:42:f1:e2:5b:ac:9b:b9:28:4b:9f:
                    54:84:04:1d:b7:7b:f3:d6:12:2d:f7:d4:a9:16:8c:
                    c8:ad:fd:40:66:2e:b9:1b:f0:65:0e:fb:f1:88:63:
                    68:64:98:df:0f:bd:ab:5b:62:ef:be:8e:a6:d9:ec:
                    f0:fe:12:fc:99:42:2a:15:30:c7:22:f5:56:83:ab:
                    16:cb:1a:4e:28:fd:84:44:f1:54:7e:a2:53:0b:78:
                    d9:e6:e9:2e:41:4d:ec:ec:13:fd:65:a9:32:da:ea:
                    c4:54:6d:78:69:1b:fc:08:7f:fb:6f:cb:ea:ae:e9:
                    e3:35:1a:96:1d:92:1e:f5:8b:bd:33:f4:5f:6a:26:
                    d6:6a:bd:f0:b7:de:67:07:11:d0:d7:cc:fc:d1:73:
                    34:6f:90:2c:49:d8:5c:35:c8:3e:25:10:fc:2d:7c:
                    dc:3c:e6:47:91:70:7d:c0:d0:20:23:84:c6:ef:45:
                    c1:fc:67:c1:7b:44:ea:09:f7:89:92:97:7b:78:99:
                    e9:42:80:43:a9:1f:8f:ed:0c:cd:1a:eb:30:63:49:
                    4f:65:59:4f:04:63:3f:e2:bd:d3:9c:08:3b:a5:bd:
                    6b:4a:28:35:82:ae:72:f3:6c:b2:e3:5f:96:fc:c0:
                    78:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:43:3E:DB:30:BE:99:65:50:5A:F3:7B:BB:69:83:F0:A9:2A:DF:2A
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS215367.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.202.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:ad:dd:2d:21:ee:46:d7:47:f1:10:7c:d3:1f:ce:6b:39:0b:
         34:6a:55:19:05:d7:3e:41:0a:4c:b1:ae:ff:b2:b4:b3:11:db:
         59:90:55:e9:53:8e:d4:6b:1b:47:1e:2f:9c:4e:52:d1:b3:1e:
         cb:3e:5f:84:37:0b:a9:a1:e5:a7:62:3e:e7:ee:fd:a3:51:e1:
         55:75:9c:af:52:00:c8:d5:25:bc:8c:4c:f7:78:a8:a8:12:39:
         b3:77:0c:f2:6b:c9:f0:20:2d:b3:a2:10:66:22:ec:64:ca:c1:
         83:6f:d3:d3:0e:ac:c2:09:ba:47:0b:8a:ab:1d:f5:d3:c8:3f:
         4c:91:2e:a0:0f:06:7d:fc:72:a7:d6:54:77:96:e6:dc:29:db:
         e7:93:00:4e:e1:f1:15:a2:14:2d:30:84:c8:f2:4a:c8:9e:8d:
         cf:7c:e6:1b:08:c0:fc:8e:d7:8f:4b:c4:7c:ec:7c:0c:32:d9:
         d9:63:7b:af:0d:a1:d8:ac:da:05:50:c7:62:40:ca:59:3c:c2:
         8f:11:ae:dc:5e:a6:21:8a:00:dc:52:24:56:48:32:77:8d:5c:
         8e:60:6f:58:d6:e9:16:00:89:73:33:2d:b5:16:49:22:16:eb:
         6b:82:4b:5b:65:49:65:83:e3:4c:3e:58:0b:24:c4:72:73:16:
         93:f5:22:f9
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUJjqPACxhOJDWcDNYRalEYKDrMsswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMjkwMzQ3NDdaFw0yNTExMjgwMzUyNDdaMDMxMTAvBgNV
BAMTKDhCNDMzRURCMzBCRTk5NjU1MDVBRjM3QkJCNjk4M0YwQTkyQURGMkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUC99P4UklvfrsIWhFLk8Ep4sq
QvHiW6ybuShLn1SEBB23e/PWEi331KkWjMit/UBmLrkb8GUO+/GIY2hkmN8Pvatb
Yu++jqbZ7PD+EvyZQioVMMci9VaDqxbLGk4o/YRE8VR+olMLeNnm6S5BTezsE/1l
qTLa6sRUbXhpG/wIf/tvy+qu6eM1GpYdkh71i70z9F9qJtZqvfC33mcHEdDXzPzR
czRvkCxJ2Fw1yD4lEPwtfNw85keRcH3A0CAjhMbvRcH8Z8F7ROoJ94mSl3t4melC
gEOpH4/tDM0a6zBjSU9lWU8EYz/ivdOcCDulvWtKKDWCrnLzbLLjX5b8wHhnAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUi0M+2zC+mWVQWvN7u2mD8Kkq3yowHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjE1MzY3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAoMqHMA0GCSqGSIb3DQEBCwUAA4IBAQB/rd0tIe5G
10fxEHzTH85rOQs0alUZBdc+QQpMsa7/srSzEdtZkFXpU47UaxtHHi+cTlLRsx7L
Pl+ENwupoeWnYj7n7v2jUeFVdZyvUgDI1SW8jEz3eKioEjmzdwzya8nwIC2zohBm
IuxkysGDb9PTDqzCCbpHC4qrHfXTyD9MkS6gDwZ9/HKn1lR3lubcKdvnkwBO4fEV
ohQtMITI8krIno3PfOYbCMD8jtePS8R87HwMMtnZY3uvDaHYrNoFUMdiQMpZPMKP
Ea7cXqYhigDcUiRWSDJ3jVyOYG9Y1ukWAIlzMy21FkkiFutrgktbZUllg+NMPlgL
JMRycxaT9SL5
-----END CERTIFICATE-----