Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS23033.roa
File:                     AS23033.roa (raw, json)
Hash identifier:          7hvdpQ8r/R8Mw55K8fAMUjoi7S6/6niWBaBo5LeWDjk=
Subject key identifier:   95:F8:03:CE:35:4C:A0:B9:CD:56:F5:75:82:DA:F9:B1:8F:B9:30:71
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       11B214247E640411E19CCB933B4E2AAD0F42BA54
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS23033.roa
Signing time:             Mon 30 Sep 2024 17:56:57 +0000
ROA not before:           Mon 30 Sep 2024 17:51:57 +0000
ROA not after:            Mon 29 Sep 2025 17:56:57 +0000
asID:                     23033
IP address blocks:        160.202.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 11:21:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:b2:14:24:7e:64:04:11:e1:9c:cb:93:3b:4e:2a:ad:0f:42:ba:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Sep 30 17:51:57 2024 GMT
            Not After : Sep 29 17:56:57 2025 GMT
        Subject: CN=95F803CE354CA0B9CD56F57582DAF9B18FB93071
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:cc:8d:fb:22:fd:f0:d5:85:11:90:68:d9:0d:
                    2a:db:0c:4a:dc:00:f2:73:f8:35:b4:cd:d3:c9:d7:
                    f4:68:15:e5:8e:1e:64:00:bc:b1:f3:da:3d:46:df:
                    ac:9a:ec:20:42:4d:e9:2b:01:21:08:82:7f:b1:9a:
                    66:a1:86:1e:c0:c8:bb:0c:59:ab:58:31:07:ca:0a:
                    a9:19:6e:fb:5f:8a:59:45:60:93:ab:b8:81:4c:be:
                    1a:0f:b4:22:3f:0d:df:4a:b7:13:fa:3d:0c:e6:63:
                    2e:ca:c1:ea:f9:ab:4d:07:4b:fa:c8:dc:cb:cb:f3:
                    e9:7c:54:ad:fd:32:09:50:c3:c0:0a:5d:45:81:97:
                    eb:5c:8e:df:28:e2:32:50:ad:de:82:7d:14:d8:03:
                    db:b7:6f:ba:f3:b1:4c:c5:17:ed:6c:64:b9:02:ba:
                    34:a2:1d:72:b3:aa:3a:4b:09:eb:07:15:a2:10:f7:
                    6c:9c:4a:4d:52:fa:bc:63:fb:91:9a:5b:9d:e2:59:
                    3c:a0:7b:11:e8:95:48:66:5b:5a:61:33:a9:a9:a9:
                    20:97:e9:0e:3a:6b:26:a3:f8:82:41:eb:14:87:a0:
                    c0:e7:77:3b:a7:cd:db:af:9a:0f:86:54:6c:0a:d5:
                    c6:ef:ef:f1:f8:96:06:08:ab:95:0f:05:5b:57:9b:
                    ea:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:F8:03:CE:35:4C:A0:B9:CD:56:F5:75:82:DA:F9:B1:8F:B9:30:71
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS23033.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.202.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:cf:29:1d:fa:68:3b:a4:a3:ab:26:53:54:24:0b:35:14:19:
         28:4e:1b:5d:ef:e1:4c:88:02:fc:4f:32:f3:1a:7e:6c:5d:3a:
         7b:6f:17:1f:75:c1:69:aa:a4:07:2a:9c:c1:77:63:58:98:35:
         1a:24:96:44:0a:c2:1d:6d:33:bb:ab:5c:88:d9:fd:eb:10:98:
         6a:e7:03:45:2a:15:42:29:ee:5e:13:01:55:7d:dd:50:9e:7f:
         72:7f:63:58:57:93:84:ea:9f:38:d3:37:b0:8d:6f:2b:d8:3e:
         85:e7:00:db:30:00:61:a3:7f:f9:8c:e3:d8:28:58:f0:c9:68:
         23:08:28:e9:dc:a5:91:1d:b2:80:d4:f7:79:91:39:27:a0:6c:
         cc:f2:b9:f0:f0:f0:71:55:71:3c:64:09:3e:fc:45:00:90:88:
         24:1a:e3:7e:d7:2b:a5:20:7f:ee:d9:14:39:c0:e7:da:79:22:
         88:cb:bf:6f:57:d1:f5:3a:29:0b:95:58:84:89:81:75:4d:56:
         5e:c5:ef:fd:40:e6:da:e0:9e:20:6b:0e:49:99:b3:76:d4:e7:
         af:78:2b:e1:29:68:6f:2a:60:b8:6b:d8:01:19:f7:5c:4c:c1:
         3f:f2:3a:e5:44:db:3a:9c:12:d6:56:23:9f:42:36:1a:35:fd:
         d3:dc:f3:f6
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUEbIUJH5kBBHhnMuTO04qrQ9CulQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA5MzAxNzUxNTdaFw0yNTA5MjkxNzU2NTdaMDMxMTAvBgNV
BAMTKDk1RjgwM0NFMzU0Q0EwQjlDRDU2RjU3NTgyREFGOUIxOEZCOTMwNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIzI37Iv3w1YURkGjZDSrbDErc
APJz+DW0zdPJ1/RoFeWOHmQAvLHz2j1G36ya7CBCTekrASEIgn+xmmahhh7AyLsM
WatYMQfKCqkZbvtfillFYJOruIFMvhoPtCI/Dd9KtxP6PQzmYy7Kwer5q00HS/rI
3MvL8+l8VK39MglQw8AKXUWBl+tcjt8o4jJQrd6CfRTYA9u3b7rzsUzFF+1sZLkC
ujSiHXKzqjpLCesHFaIQ92ycSk1S+rxj+5GaW53iWTygexHolUhmW1phM6mpqSCX
6Q46ayaj+IJB6xSHoMDndzunzduvmg+GVGwK1cbv7/H4lgYIq5UPBVtXm+qbAgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUlfgDzjVMoLnNVvV1gtr5sY+5MHEwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjMwMzMucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBACgyoQwDQYJKoZIhvcNAQELBQADggEBALzPKR36aDuk
o6smU1QkCzUUGShOG13v4UyIAvxPMvMafmxdOntvFx91wWmqpAcqnMF3Y1iYNRok
lkQKwh1tM7urXIjZ/esQmGrnA0UqFUIp7l4TAVV93VCef3J/Y1hXk4TqnzjTN7CN
byvYPoXnANswAGGjf/mM49goWPDJaCMIKOncpZEdsoDU93mROSegbMzyufDw8HFV
cTxkCT78RQCQiCQa437XK6Ugf+7ZFDnA59p5IojLv29X0fU6KQuVWISJgXVNVl7F
7/1A5trgniBrDkmZs3bU5694K+EpaG8qYLhr2AEZ91xMwT/yOuVE2zqcEtZWI59C
Nho1/dPc8/Y=
-----END CERTIFICATE-----