Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS400304.roa
File:                     AS400304.roa (raw, json)
Hash identifier:          mswRxDKk2IgMje3JsqF0DHApV/w8ZRqmTH8UYdEVY4A=
Subject key identifier:   91:0A:F1:22:51:65:43:E7:5C:00:75:75:20:95:EF:4B:5B:90:73:25
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       20F0D7951EC6620A98412CA2D74A70700E345798
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS400304.roa
Signing time:             Thu 28 Dec 2023 20:07:32 +0000
ROA not before:           Thu 28 Dec 2023 20:02:32 +0000
ROA not after:            Thu 26 Dec 2024 20:07:32 +0000
asID:                     400304
IP address blocks:        104.167.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:f0:d7:95:1e:c6:62:0a:98:41:2c:a2:d7:4a:70:70:0e:34:57:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec 28 20:02:32 2023 GMT
            Not After : Dec 26 20:07:32 2024 GMT
        Subject: CN=910AF122516543E75C0075752095EF4B5B907325
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:eb:4c:e7:4b:c0:d4:1a:ee:ef:a5:35:f6:90:
                    2a:50:05:fe:a5:dc:85:91:df:6c:4f:ea:9c:0b:e9:
                    b1:5c:18:fe:ea:0f:d5:4e:e1:67:36:0e:30:9e:ed:
                    bc:bc:f8:62:ac:71:87:12:dd:3c:45:e1:36:fc:b5:
                    e8:18:94:02:04:78:37:9e:d9:03:35:dd:02:6e:46:
                    c5:05:44:44:a1:80:4c:a1:5f:00:c2:14:9d:e2:78:
                    c4:de:90:5f:62:05:72:fd:58:4d:e9:c6:29:0c:70:
                    c5:dd:33:bf:98:7f:d0:79:13:c5:ce:e1:f9:15:88:
                    fd:06:ee:29:8e:10:ce:df:8b:94:f5:50:07:ba:72:
                    1f:ae:e1:30:3b:af:c5:5f:5d:b6:c9:a6:a6:c1:57:
                    fb:3b:ef:f6:af:2a:fd:77:9a:55:ea:a8:a4:05:ae:
                    43:2e:7e:81:cf:5c:16:da:2b:b7:c8:4f:05:1c:7e:
                    32:f7:31:70:e2:3c:68:5e:f8:ce:b2:22:c5:a0:7c:
                    80:a4:2c:7d:ae:04:b4:0c:e9:2f:8d:8b:4f:ea:50:
                    34:65:b7:05:9a:c5:9e:a4:3d:2b:12:82:c0:4a:b9:
                    41:1c:ee:50:cb:dc:80:66:7b:63:1a:db:2c:9f:17:
                    6d:42:26:9a:d1:6b:71:5d:82:07:63:12:15:45:50:
                    c4:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:0A:F1:22:51:65:43:E7:5C:00:75:75:20:95:EF:4B:5B:90:73:25
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS400304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.167.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:fc:1d:3a:e4:84:1a:aa:90:53:76:a0:6e:45:64:e0:3e:2d:
         02:2d:e9:ed:98:e4:8f:59:22:67:d5:73:5c:bf:af:9f:31:76:
         3d:be:c6:d0:8c:38:eb:36:82:c2:80:8b:16:d7:a2:1e:27:66:
         4c:70:ce:e9:43:6d:42:9e:2b:54:b0:12:58:67:cb:f0:9b:17:
         6f:80:dc:1d:f1:c4:85:70:92:f0:a2:30:12:4a:ec:4c:b7:bb:
         d7:d2:7b:b7:07:56:94:9d:69:28:44:0b:15:85:2f:aa:a7:a7:
         70:76:6c:c8:1b:16:e5:1e:ab:3f:7f:f9:fa:fc:88:40:ce:80:
         f6:5f:9e:85:52:b8:e3:96:9e:79:3a:b2:4b:78:8d:12:52:be:
         9d:1f:46:40:7b:9e:89:a9:f2:43:a6:00:c2:b8:f8:12:0b:bb:
         bd:e2:2a:17:f8:50:e9:ec:7f:2e:70:62:04:6f:1d:a7:a5:6e:
         ee:c6:1b:b4:a2:2c:33:d6:0d:7f:59:15:ab:2a:67:cf:77:d2:
         9a:f7:fc:7f:aa:76:14:a2:eb:c7:4c:6f:54:96:4a:2e:44:24:
         31:07:ee:a5:6c:d7:72:72:66:a9:36:fe:fa:86:6f:3b:13:43:
         a2:7c:33:74:88:45:c3:b8:9a:a4:95:07:95:7f:60:4c:af:20:
         57:a7:c1:8d
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUIPDXlR7GYgqYQSyi10pwcA40V5gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMjgyMDAyMzJaFw0yNDEyMjYyMDA3MzJaMDMxMTAvBgNV
BAMTKDkxMEFGMTIyNTE2NTQzRTc1QzAwNzU3NTIwOTVFRjRCNUI5MDczMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW60znS8DUGu7vpTX2kCpQBf6l
3IWR32xP6pwL6bFcGP7qD9VO4Wc2DjCe7by8+GKscYcS3TxF4Tb8tegYlAIEeDee
2QM13QJuRsUFREShgEyhXwDCFJ3ieMTekF9iBXL9WE3pxikMcMXdM7+Yf9B5E8XO
4fkViP0G7imOEM7fi5T1UAe6ch+u4TA7r8VfXbbJpqbBV/s77/avKv13mlXqqKQF
rkMufoHPXBbaK7fITwUcfjL3MXDiPGhe+M6yIsWgfICkLH2uBLQM6S+Ni0/qUDRl
twWaxZ6kPSsSgsBKuUEc7lDL3IBme2Ma2yyfF21CJprRa3FdggdjEhVFUMRhAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUkQrxIlFlQ+dcAHV1IJXvS1uQcyUwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
NDAwMzA0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAaKcRMA0GCSqGSIb3DQEBCwUAA4IBAQAp/B065IQa
qpBTdqBuRWTgPi0CLentmOSPWSJn1XNcv6+fMXY9vsbQjDjrNoLCgIsW16IeJ2ZM
cM7pQ21CnitUsBJYZ8vwmxdvgNwd8cSFcJLwojASSuxMt7vX0nu3B1aUnWkoRAsV
hS+qp6dwdmzIGxblHqs/f/n6/IhAzoD2X56FUrjjlp55OrJLeI0SUr6dH0ZAe56J
qfJDpgDCuPgSC7u94ioX+FDp7H8ucGIEbx2npW7uxhu0oiwz1g1/WRWrKmfPd9Ka
9/x/qnYUouvHTG9UlkouRCQxB+6lbNdycmapNv76hm87E0OifDN0iEXDuJqklQeV
f2BMryBXp8GN
-----END CERTIFICATE-----