Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS133752.roa
File:                     AS133752.roa (raw, json)
Hash identifier:          hAIq2uxcR40kXpym+SngHTJzVz/tG/Ca7h+tZ19haMA=
Subject key identifier:   F1:39:94:33:CD:B5:52:0B:9C:BB:95:55:17:42:49:C8:11:C9:BF:71
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       365DA00D4E765A39BA8187EB7D5D8063BC4C3CAC
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS133752.roa
Signing time:             Thu 03 Jul 2025 15:51:34 +0000
ROA not before:           Thu 03 Jul 2025 15:46:34 +0000
ROA not after:            Thu 02 Jul 2026 15:51:34 +0000
asID:                     133752
IP address blocks:        27.0.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:5d:a0:0d:4e:76:5a:39:ba:81:87:eb:7d:5d:80:63:bc:4c:3c:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:34 2025 GMT
            Not After : Jul  2 15:51:34 2026 GMT
        Subject: CN=F1399433CDB5520B9CBB9555174249C811C9BF71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e7:55:01:fc:d5:9b:cf:50:27:52:af:9b:bb:
                    9e:a8:da:6c:04:b1:f7:c1:db:f0:43:9f:9d:85:f9:
                    72:d9:f5:fe:df:d6:6f:90:a4:63:00:dc:a1:34:af:
                    6c:47:84:aa:4d:25:70:ad:16:00:8a:a4:84:bf:f7:
                    cc:e2:f0:36:73:1e:53:53:43:9d:36:34:46:00:c3:
                    20:64:bf:0f:1b:5b:1d:00:4b:70:4d:39:ff:e1:f7:
                    e5:3d:d4:3b:f7:04:34:2e:9c:9f:bd:d8:ec:8b:29:
                    5a:8c:1f:3b:e4:bd:20:b8:d6:69:e0:3a:da:69:74:
                    fd:f4:94:eb:9a:ca:64:1d:72:be:23:49:8b:b6:ad:
                    67:e3:9c:c3:e5:c9:80:33:a1:03:ea:ed:d8:b9:11:
                    97:c3:1e:fd:c3:06:d4:53:0d:a7:87:d2:58:1f:f9:
                    49:5a:f5:a1:07:b9:85:bf:5f:b4:34:11:09:3c:5c:
                    8b:a9:cc:ff:bd:68:6c:16:1e:80:70:4d:66:20:bb:
                    f6:50:d9:0d:ce:7c:8b:1a:be:a5:7f:ef:e2:75:fe:
                    c9:49:4d:74:68:a4:f6:75:c8:a8:2d:b8:c9:a4:32:
                    81:77:7f:e2:31:f9:c3:7a:4b:64:3c:c9:e6:07:8d:
                    0b:08:a5:a0:bf:53:23:b6:ad:77:45:86:ab:b1:a3:
                    7c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:39:94:33:CD:B5:52:0B:9C:BB:95:55:17:42:49:C8:11:C9:BF:71
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS133752.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.0.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:ab:94:6d:bc:79:b0:11:49:52:03:5f:7b:6e:48:71:4d:a3:
         dc:fb:98:b6:ab:9a:e9:cd:8c:60:09:2c:e3:97:ce:f4:c7:26:
         6d:f8:29:14:f7:90:83:06:13:84:1e:6a:39:63:db:44:d9:fd:
         a5:a5:b2:30:43:fc:52:ee:c3:77:fa:52:8f:47:fb:af:a1:5d:
         4d:e2:31:49:2e:43:91:c5:d5:1b:9f:1c:8b:28:ef:52:b5:b7:
         1a:2e:9b:ed:40:c2:d8:c7:5a:98:a1:0a:5e:a8:9f:b5:97:2d:
         d3:37:2a:a2:65:91:71:c3:23:28:13:e5:5e:45:f0:c9:fe:fa:
         ad:2a:45:2e:0d:3b:9a:d6:3b:59:3a:01:3a:21:e7:48:e2:57:
         84:c0:03:f0:cc:e0:e9:da:bb:50:b7:fa:72:69:fe:6f:59:03:
         ce:83:22:56:ad:72:1e:e4:22:21:70:fd:a6:1f:5f:b5:7e:c9:
         e2:50:e5:23:cd:be:7c:3f:f1:18:29:67:15:9b:56:1e:3c:b3:
         60:f1:95:24:c1:c4:84:78:03:1d:71:30:97:03:d0:b6:60:f9:
         f8:57:2b:96:49:23:7b:96:6c:80:d6:08:d8:b1:c3:9f:b3:58:
         2d:3d:d0:0f:f5:78:c2:6a:fe:09:0a:4e:02:cc:15:76:e5:cb:
         07:41:62:b0
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUNl2gDU52Wjm6gYfrfV2AY7xMPKwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MzRaFw0yNjA3MDIxNTUxMzRaMDMxMTAvBgNV
BAMTKEYxMzk5NDMzQ0RCNTUyMEI5Q0JCOTU1NTE3NDI0OUM4MTFDOUJGNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC251UB/NWbz1AnUq+bu56o2mwE
sffB2/BDn52F+XLZ9f7f1m+QpGMA3KE0r2xHhKpNJXCtFgCKpIS/98zi8DZzHlNT
Q502NEYAwyBkvw8bWx0AS3BNOf/h9+U91Dv3BDQunJ+92OyLKVqMHzvkvSC41mng
OtppdP30lOuaymQdcr4jSYu2rWfjnMPlyYAzoQPq7di5EZfDHv3DBtRTDaeH0lgf
+Ula9aEHuYW/X7Q0EQk8XIupzP+9aGwWHoBwTWYgu/ZQ2Q3OfIsavqV/7+J1/slJ
TXRopPZ1yKgtuMmkMoF3f+Ix+cN6S2Q8yeYHjQsIpaC/UyO2rXdFhquxo3wTAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQU8TmUM821Ugucu5VVF0JJyBHJv3EwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTMzNzUyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAGwDoMA0GCSqGSIb3DQEBCwUAA4IBAQCTq5RtvHmw
EUlSA197bkhxTaPc+5i2q5rpzYxgCSzjl870xyZt+CkU95CDBhOEHmo5Y9tE2f2l
pbIwQ/xS7sN3+lKPR/uvoV1N4jFJLkORxdUbnxyLKO9StbcaLpvtQMLYx1qYoQpe
qJ+1ly3TNyqiZZFxwyMoE+VeRfDJ/vqtKkUuDTua1jtZOgE6IedI4leEwAPwzODp
2rtQt/pyaf5vWQPOgyJWrXIe5CIhcP2mH1+1fsniUOUjzb58P/EYKWcVm1YePLNg
8ZUkwcSEeAMdcTCXA9C2YPn4VyuWSSN7lmyA1gjYscOfs1gtPdAP9XjCav4JCk4C
zBV25csHQWKw
-----END CERTIFICATE-----
Generated at Fri Jul 4 22:09:59 2025 by rpki-client