Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS3320.roa
File:                     AS3320.roa (raw, json)
Hash identifier:          Cu4gNNF3aVvYPh6ykuPplkwnVX3enSVujoBHGlqZB00=
Subject key identifier:   BE:27:35:06:15:BC:B8:8B:12:5B:80:17:30:3D:5A:51:27:78:2F:1C
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       2E616BF2DDF3C476182959101D860FA9A87FDC37
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS3320.roa
Signing time:             Thu 03 Jul 2025 15:51:58 +0000
ROA not before:           Thu 03 Jul 2025 15:46:58 +0000
ROA not after:            Thu 02 Jul 2026 15:51:58 +0000
asID:                     3320
IP address blocks:        81.31.210.0/23 maxlen: 24
                          185.195.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:61:6b:f2:dd:f3:c4:76:18:29:59:10:1d:86:0f:a9:a8:7f:dc:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:58 2025 GMT
            Not After : Jul  2 15:51:58 2026 GMT
        Subject: CN=BE27350615BCB88B125B8017303D5A5127782F1C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:2d:d6:a0:90:7d:46:31:a9:28:81:53:7b:de:
                    50:6d:2b:f2:aa:fc:c8:e7:93:69:50:bb:6a:b6:dc:
                    96:df:f3:d1:d1:86:b9:38:f0:9d:d9:75:0f:ce:e8:
                    6d:93:5e:25:cc:3d:2c:fb:94:1b:22:d7:f1:ee:fb:
                    13:ef:67:85:46:0a:2d:81:7c:b9:77:65:8f:e0:4b:
                    18:22:3f:25:2d:19:6c:83:ee:f1:c8:62:e6:82:62:
                    26:a0:18:58:dd:da:60:1d:04:1f:ee:c6:b0:d2:7e:
                    da:cd:91:16:48:88:64:27:35:22:df:45:f3:c7:d3:
                    e6:f3:70:6b:42:78:59:73:c7:04:c8:57:e2:f3:a4:
                    0c:0c:0d:15:de:8d:44:5c:7e:54:e3:85:ed:b7:c5:
                    3e:8f:2a:0d:a0:d1:42:97:ce:c0:bd:62:71:0d:ba:
                    94:91:ff:71:62:98:c1:e8:88:a3:02:b0:da:4d:34:
                    79:bb:aa:ab:2e:a9:fa:ca:8a:52:d3:6b:85:70:7b:
                    b2:e5:35:64:14:50:f3:61:25:e9:70:5d:fe:f8:9e:
                    c0:dd:e7:82:62:7b:84:41:1d:b6:7b:ad:e8:8e:ac:
                    bb:d0:68:18:68:1d:a4:9c:c7:cd:1c:04:b5:8c:7b:
                    c0:de:60:d6:4f:9c:ac:cc:24:d5:56:51:71:49:12:
                    31:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:27:35:06:15:BC:B8:8B:12:5B:80:17:30:3D:5A:51:27:78:2F:1C
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS3320.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.210.0/23
                  185.195.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:19:25:91:3a:a4:4f:0a:ab:d3:ae:4c:61:a1:a1:da:33:93:
         f2:47:40:01:51:9e:61:c4:aa:fd:cd:af:3b:63:9e:d1:93:fe:
         96:1d:5e:c4:3e:7d:b4:dc:c5:e5:e8:18:f5:ca:1a:9a:ed:2a:
         93:d7:07:06:64:e0:7a:71:fa:55:06:21:e5:4e:2a:bc:8b:d5:
         c7:66:dd:9f:1a:6c:d1:c0:b3:28:e9:17:57:8b:3c:71:ae:5a:
         2a:7c:43:50:3b:56:01:23:d4:2f:81:42:d6:f1:84:5c:d5:eb:
         d7:0e:b2:9c:48:d9:17:65:39:91:23:93:9a:2b:0f:c6:a9:f2:
         01:53:e1:f4:5f:db:4b:6e:04:1b:27:95:42:79:0b:e7:2e:60:
         e2:3d:0e:a0:02:1e:2c:55:1d:cb:eb:06:86:71:c1:a3:97:c6:
         aa:ad:3a:e8:58:32:37:27:71:be:89:7b:cf:67:90:df:40:71:
         d3:1a:62:d7:6b:41:46:40:dd:6c:4c:9e:ca:83:7e:f6:dc:d7:
         b1:b3:be:b0:a9:7c:ad:33:88:fd:75:00:4e:02:5f:d6:e2:d2:
         0c:63:78:fa:dc:7e:9d:bd:5a:e4:8f:d7:e6:3f:e6:24:b7:5e:
         7d:20:fc:a7:30:b3:eb:55:c9:ee:60:c8:01:cb:95:29:a6:cf:
         31:0a:f2:ad
-----BEGIN CERTIFICATE-----
MIIE6TCCA9GgAwIBAgIULmFr8t3zxHYYKVkQHYYPqah/3DcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2NThaFw0yNjA3MDIxNTUxNThaMDMxMTAvBgNV
BAMTKEJFMjczNTA2MTVCQ0I4OEIxMjVCODAxNzMwM0Q1QTUxMjc3ODJGMUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCLdagkH1GMakogVN73lBtK/Kq
/Mjnk2lQu2q23Jbf89HRhrk48J3ZdQ/O6G2TXiXMPSz7lBsi1/Hu+xPvZ4VGCi2B
fLl3ZY/gSxgiPyUtGWyD7vHIYuaCYiagGFjd2mAdBB/uxrDSftrNkRZIiGQnNSLf
RfPH0+bzcGtCeFlzxwTIV+LzpAwMDRXejURcflTjhe23xT6PKg2g0UKXzsC9YnEN
upSR/3FimMHoiKMCsNpNNHm7qqsuqfrKilLTa4Vwe7LlNWQUUPNhJelwXf74nsDd
54Jie4RBHbZ7reiOrLvQaBhoHaScx80cBLWMe8DeYNZPnKzMJNVWUXFJEjHTAgMB
AAGjggHzMIIB7zAdBgNVHQ4EFgQUvic1BhW8uIsSW4AXMD1aUSd4LxwwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBuBggrBgEF
BQcBCwRiMGAwXgYIKwYBBQUHMAuGUnJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MzMyMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB
/wQWMBQwEgQCAAEwDAMEAVEf0gMEALnD7zANBgkqhkiG9w0BAQsFAAOCAQEAZhkl
kTqkTwqr065MYaGh2jOT8kdAAVGeYcSq/c2vO2Oe0ZP+lh1exD59tNzF5egY9coa
mu0qk9cHBmTgenH6VQYh5U4qvIvVx2bdnxps0cCzKOkXV4s8ca5aKnxDUDtWASPU
L4FC1vGEXNXr1w6ynEjZF2U5kSOTmisPxqnyAVPh9F/bS24EGyeVQnkL5y5g4j0O
oAIeLFUdy+sGhnHBo5fGqq066FgyNydxvol7z2eQ30Bx0xpi12tBRkDdbEyeyoN+
9tzXsbO+sKl8rTOI/XUATgJf1uLSDGN4+tx+nb1a5I/X5j/mJLdefSD8pzCz61XJ
7mDIAcuVKabPMQryrQ==
-----END CERTIFICATE-----