Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS215467.roa
File:                     AS215467.roa (raw, json)
Hash identifier:          tcRuyD6qpWX2VxXfDslocuwfkxgsOK6lwgT4bhez+lg=
Subject key identifier:   A9:66:71:67:91:20:E1:63:50:B9:A8:0D:62:77:56:5B:77:76:26:A7
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       1D1F958A7C2730F0448062D1390693D144787488
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS215467.roa
Signing time:             Sat 12 Oct 2024 12:01:21 +0000
ROA not before:           Sat 12 Oct 2024 11:56:21 +0000
ROA not after:            Sat 11 Oct 2025 12:01:21 +0000
asID:                     215467
IP address blocks:        185.195.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:1f:95:8a:7c:27:30:f0:44:80:62:d1:39:06:93:d1:44:78:74:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Oct 12 11:56:21 2024 GMT
            Not After : Oct 11 12:01:21 2025 GMT
        Subject: CN=A96671679120E16350B9A80D6277565B777626A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:1c:4d:06:f0:20:e6:54:30:b1:bc:d1:aa:05:
                    31:8c:99:88:9b:fa:d9:a3:bc:b6:a7:e5:4a:7a:e2:
                    64:c6:c8:e5:73:17:38:d2:21:81:9b:c1:3c:25:32:
                    79:77:b5:e9:40:16:08:bd:1c:bd:bc:a7:d2:0e:94:
                    3d:85:8d:84:8c:95:f7:95:97:3d:75:63:45:93:7a:
                    d8:dc:0d:3d:1d:7a:3a:d2:bb:b5:8a:bf:da:6e:37:
                    24:72:39:13:b2:93:60:b2:9b:85:8b:9e:d2:6f:5e:
                    5c:7d:e9:ca:13:d3:d8:70:ce:ca:6b:a9:a9:f3:7a:
                    f5:cd:01:6a:5d:fe:10:a9:8e:de:a5:c5:8f:b4:ec:
                    7f:bb:0b:dc:ab:6c:b0:17:b7:c6:56:a5:74:62:cc:
                    9c:f3:06:00:fe:d3:59:2d:4a:28:79:e7:d2:2f:45:
                    1e:4a:48:c6:f2:93:23:b7:6d:00:12:e7:0f:67:4e:
                    ba:99:57:22:ea:c4:b0:52:44:c7:9f:fe:5d:4e:7c:
                    6a:66:54:b2:17:ea:1d:97:75:f1:ce:f2:7a:ce:d9:
                    b1:4b:f5:5c:86:96:5f:3b:e2:6c:3a:d2:ac:61:1b:
                    4c:d6:14:3c:35:db:e5:8d:02:87:71:d0:41:1b:f4:
                    c7:85:b6:b0:53:85:91:d7:4a:81:58:84:38:5c:56:
                    5d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:66:71:67:91:20:E1:63:50:B9:A8:0D:62:77:56:5B:77:76:26:A7
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS215467.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:09:9b:0e:59:23:91:c5:5c:68:28:90:db:d1:94:4e:96:29:
         49:a9:da:f3:fc:c7:a3:5c:bb:c9:f2:c1:c5:1b:a5:e7:71:b2:
         75:43:6e:35:8a:94:2d:ef:c4:8f:22:c2:04:9d:28:0a:73:b3:
         9e:79:8c:0e:11:c8:f2:0f:12:fb:9f:3d:ea:6e:0e:f3:73:9b:
         c2:fd:2f:77:c2:aa:ff:c3:18:6f:91:33:75:71:7d:98:ae:f8:
         49:4e:c5:09:ca:88:38:55:32:9e:c6:94:da:b2:7c:cf:12:4f:
         a4:18:ae:bf:3f:2d:f8:b4:bc:ea:e8:17:c5:d7:17:35:65:90:
         ae:22:84:23:95:ab:1a:b7:61:6b:3a:16:e2:98:ed:1d:79:79:
         31:b3:00:05:ac:ee:5b:e4:a9:99:2b:5b:b7:59:5f:7e:77:66:
         85:3d:96:eb:06:a6:12:d5:9a:5e:cb:60:6a:66:73:ac:f0:81:
         fc:d7:a5:53:74:9e:46:3c:6b:22:1e:b3:4d:33:13:ec:f8:22:
         fb:d4:e2:0b:15:ea:9a:8e:8d:ea:cb:5a:09:32:a9:d9:91:01:
         72:0f:33:01:51:46:53:87:83:5e:e1:3c:e7:c2:01:cf:31:f2:
         39:4d:d8:79:18:46:9f:44:1b:93:b4:72:48:94:04:78:7c:64:
         48:5a:03:c9
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUHR+VinwnMPBEgGLROQaT0UR4dIgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDEwMTIxMTU2MjFaFw0yNTEwMTExMjAxMjFaMDMxMTAvBgNV
BAMTKEE5NjY3MTY3OTEyMEUxNjM1MEI5QTgwRDYyNzc1NjVCNzc3NjI2QTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcHE0G8CDmVDCxvNGqBTGMmYib
+tmjvLan5Up64mTGyOVzFzjSIYGbwTwlMnl3telAFgi9HL28p9IOlD2FjYSMlfeV
lz11Y0WTetjcDT0dejrSu7WKv9puNyRyOROyk2Cym4WLntJvXlx96coT09hwzspr
qanzevXNAWpd/hCpjt6lxY+07H+7C9yrbLAXt8ZWpXRizJzzBgD+01ktSih559Iv
RR5KSMbykyO3bQAS5w9nTrqZVyLqxLBSRMef/l1OfGpmVLIX6h2XdfHO8nrO2bFL
9VyGll874mw60qxhG0zWFDw12+WNAodx0EEb9MeFtrBThZHXSoFYhDhcVl07AgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUqWZxZ5Eg4WNQuagNYndWW3d2JqcwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjE1NDY3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAucPsMA0GCSqGSIb3DQEBCwUAA4IBAQCCCZsOWSOR
xVxoKJDb0ZROlilJqdrz/MejXLvJ8sHFG6XncbJ1Q241ipQt78SPIsIEnSgKc7Oe
eYwOEcjyDxL7nz3qbg7zc5vC/S93wqr/wxhvkTN1cX2YrvhJTsUJyog4VTKexpTa
snzPEk+kGK6/Py34tLzq6BfF1xc1ZZCuIoQjlasat2FrOhbimO0deXkxswAFrO5b
5KmZK1u3WV9+d2aFPZbrBqYS1Zpey2BqZnOs8IH816VTdJ5GPGsiHrNNMxPs+CL7
1OILFeqajo3qy1oJMqnZkQFyDzMBUUZTh4Ne4TznwgHPMfI5Tdh5GEafRBuTtHJI
lAR4fGRIWgPJ
-----END CERTIFICATE-----