Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS54309.roa
File:                     AS54309.roa (raw, json)
Hash identifier:          XWpRk9T2S5IYoF/JUoyQtEV10VPFTbBYT6E1YA15J7M=
Subject key identifier:   0E:52:BA:8E:20:0D:DC:C3:C4:28:02:74:63:5E:A7:3C:3B:B8:3F:AD
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       702B1477F08CFFB86AE47434610881E30D4596C5
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS54309.roa
Signing time:             Fri 03 May 2024 17:32:22 +0000
ROA not before:           Fri 03 May 2024 17:27:22 +0000
ROA not after:            Fri 02 May 2025 17:32:22 +0000
asID:                     54309
IP address blocks:        85.90.220.0/24 maxlen: 24
                          85.90.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:2b:14:77:f0:8c:ff:b8:6a:e4:74:34:61:08:81:e3:0d:45:96:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: May  3 17:27:22 2024 GMT
            Not After : May  2 17:32:22 2025 GMT
        Subject: CN=0E52BA8E200DDCC3C4280274635EA73C3BB83FAD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:31:ce:d7:a1:5f:4b:99:20:cb:a0:9f:d3:2d:
                    f3:00:cb:be:5b:35:82:4d:63:3f:d0:5f:ae:98:7d:
                    67:51:9d:e9:d5:2f:b0:fe:34:23:b2:f3:d5:5e:90:
                    bd:47:d5:ce:f5:26:6e:d7:34:1a:ad:46:1a:62:f1:
                    f1:d1:bd:50:6d:76:be:f1:67:ed:72:fb:35:95:54:
                    4e:c0:bc:72:29:8c:d2:13:ad:19:69:fd:3c:35:21:
                    51:ae:82:6a:37:61:06:7d:16:f6:de:36:74:36:26:
                    c1:aa:da:e6:d9:55:dd:de:fa:ca:c4:86:8b:e5:73:
                    40:46:da:9d:cd:b1:2b:e9:bf:2e:a4:bd:ba:f0:a0:
                    49:f4:c9:2e:fe:59:cd:7b:cb:b2:3e:99:dd:98:c4:
                    41:a4:9a:c2:8a:87:33:69:86:23:4e:c9:42:84:ec:
                    2e:b9:a6:e6:a8:0b:10:c0:e1:e9:4c:c8:cd:fc:9c:
                    91:bc:c2:93:05:a8:ed:90:13:8d:58:be:73:e7:d1:
                    fb:c3:39:33:9a:92:ed:dd:8d:cd:fd:fd:e6:43:20:
                    ff:ab:f5:0e:9d:9f:81:4e:0f:9e:86:eb:4c:00:d0:
                    07:17:a5:f2:ec:42:16:db:64:05:49:2f:e3:8e:a6:
                    b2:e9:61:48:6c:ae:e8:08:eb:6d:42:ff:dc:3f:54:
                    62:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:52:BA:8E:20:0D:DC:C3:C4:28:02:74:63:5E:A7:3C:3B:B8:3F:AD
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS54309.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.90.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:3d:9c:47:c5:0c:80:a3:b6:95:3b:86:ec:15:2a:19:c5:c6:
         a2:eb:e0:c5:3c:c9:04:d4:12:e2:a9:98:6b:0e:d3:a4:db:71:
         02:2a:30:30:30:e6:f0:3e:e2:c0:35:6b:8f:ce:80:04:9b:bc:
         4d:69:55:38:20:2d:e7:97:06:6a:24:8f:74:77:c1:a2:c2:7d:
         61:4a:d8:4d:f5:5e:57:7e:e6:33:8e:b7:57:3a:d0:62:65:78:
         5e:96:c4:92:a9:49:9f:e0:4f:74:e2:44:88:9e:ea:72:dd:16:
         59:d0:50:46:f5:fc:ff:5a:71:84:03:c7:8d:21:eb:dd:ab:eb:
         3d:2f:32:b3:70:3b:df:06:da:cc:37:17:fe:f6:b7:13:77:e9:
         17:47:dc:e1:14:33:7c:7f:6b:68:dd:5e:76:80:6d:55:6c:03:
         36:b5:87:a2:62:0f:26:d8:3f:5f:69:09:7d:35:80:b4:58:e2:
         41:33:e1:08:34:a9:a3:26:e3:d7:a7:9a:a9:98:5e:77:4f:45:
         d7:cd:e7:09:80:72:93:7c:ab:0f:cf:70:6f:73:d0:92:c3:cf:
         88:dd:57:1e:74:a9:ae:34:70:57:9b:c6:8b:2a:a0:6e:32:50:
         7a:ef:e2:47:99:ee:9f:a8:3e:c9:cf:5f:74:40:39:32:24:33:
         fc:f2:a5:4f
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUcCsUd/CM/7hq5HQ0YQiB4w1FlsUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA1MDMxNzI3MjJaFw0yNTA1MDIxNzMyMjJaMDMxMTAvBgNV
BAMTKDBFNTJCQThFMjAwRERDQzNDNDI4MDI3NDYzNUVBNzNDM0JCODNGQUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbMc7XoV9LmSDLoJ/TLfMAy75b
NYJNYz/QX66YfWdRnenVL7D+NCOy89VekL1H1c71Jm7XNBqtRhpi8fHRvVBtdr7x
Z+1y+zWVVE7AvHIpjNITrRlp/Tw1IVGugmo3YQZ9FvbeNnQ2JsGq2ubZVd3e+srE
hovlc0BG2p3NsSvpvy6kvbrwoEn0yS7+Wc17y7I+md2YxEGkmsKKhzNphiNOyUKE
7C65puaoCxDA4elMyM38nJG8wpMFqO2QE41YvnPn0fvDOTOaku3djc39/eZDIP+r
9Q6dn4FOD56G60wA0AcXpfLsQhbbZAVJL+OOprLpYUhsrugI621C/9w/VGLDAgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUDlK6jiAN3MPEKAJ0Y16nPDu4P60wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
NTQzMDkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAFVWtwwDQYJKoZIhvcNAQELBQADggEBAAU9nEfFDICj
tpU7huwVKhnFxqLr4MU8yQTUEuKpmGsO06TbcQIqMDAw5vA+4sA1a4/OgASbvE1p
VTggLeeXBmokj3R3waLCfWFK2E31Xld+5jOOt1c60GJleF6WxJKpSZ/gT3TiRIie
6nLdFlnQUEb1/P9acYQDx40h692r6z0vMrNwO98G2sw3F/72txN36RdH3OEUM3x/
a2jdXnaAbVVsAza1h6JiDybYP19pCX01gLRY4kEz4Qg0qaMm49enmqmYXndPRdfN
5wmAcpN8qw/PcG9z0JLDz4jdVx50qa40cFebxosqoG4yUHrv4keZ7p+oPsnPX3RA
OTIkM/zypU8=
-----END CERTIFICATE-----