Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/821eef7e060345e4be569cd347ccbe36/1/3139352e3133372e3235322e302f32342d3234203d3e20313937353337.roa
File:                     3139352e3133372e3235322e302f32342d3234203d3e20313937353337.roa (raw, json)
Hash identifier:          6Nbavc8JB81EZ5PdDQdVGn6cq8HL5cS0r2vLSX9cTDY=
Subject key identifier:   1B:09:F6:3B:78:6D:6F:F2:7B:F1:86:8F:DB:91:50:29:0C:6B:15:02
Certificate issuer:       /CN=07b1fb1839a414f2bbaafbe0efcd0f202bcf74fe
Certificate serial:       70ABDA8CEAA0CF9D817888DEA94EBE013ED778D8
Authority key identifier: 07:B1:FB:18:39:A4:14:F2:BB:AA:FB:E0:EF:CD:0F:20:2B:CF:74:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B7H7GDmkFPK7qvvg780PICvPdP4.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/821eef7e060345e4be569cd347ccbe36/1/3139352e3133372e3235322e302f32342d3234203d3e20313937353337.roa
Signing time:             Sun 04 May 2025 13:31:32 +0000
ROA not before:           Sun 04 May 2025 13:26:32 +0000
ROA not after:            Sun 03 May 2026 13:31:32 +0000
asID:                     197537
IP address blocks:        195.137.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/821eef7e060345e4be569cd347ccbe36/1/07B1FB1839A414F2BBAAFBE0EFCD0F202BCF74FE.crl
                          rsync://rpki-rps.arin.net/repository/821eef7e060345e4be569cd347ccbe36/1/07B1FB1839A414F2BBAAFBE0EFCD0F202BCF74FE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B7H7GDmkFPK7qvvg780PICvPdP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:ab:da:8c:ea:a0:cf:9d:81:78:88:de:a9:4e:be:01:3e:d7:78:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07b1fb1839a414f2bbaafbe0efcd0f202bcf74fe
        Validity
            Not Before: May  4 13:26:32 2025 GMT
            Not After : May  3 13:31:32 2026 GMT
        Subject: CN=1B09F63B786D6FF27BF1868FDB9150290C6B1502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0b:0d:d0:ee:0d:2c:ac:91:27:9b:c9:45:f8:
                    ff:cf:5d:5b:da:68:05:c9:0a:89:4d:d8:5e:ff:cb:
                    6c:0c:06:3d:e1:6b:58:c9:e6:0c:e7:c0:2a:98:44:
                    1e:cf:cd:da:47:ec:ac:1d:a8:90:48:71:35:d0:8c:
                    db:e0:91:6a:8f:4b:c4:07:4f:21:34:95:c1:dd:51:
                    87:0c:40:9f:27:49:ed:76:3f:d3:ba:54:a6:11:da:
                    53:b9:41:83:be:6b:da:1f:83:fd:c2:75:47:d3:7b:
                    8e:eb:21:e7:6b:6e:32:b9:2a:89:ca:a7:29:aa:63:
                    f6:e2:11:ff:91:ee:0a:39:83:49:e9:0d:14:73:82:
                    ca:31:6a:e9:84:41:32:95:85:d7:07:39:35:0c:9c:
                    35:83:0b:49:c4:77:f9:93:c8:3c:83:57:68:4e:63:
                    7d:f2:ec:97:5f:39:e2:de:c7:b8:35:69:9c:a2:98:
                    c7:2e:87:a6:c1:05:05:b6:dd:a8:56:52:03:ec:c9:
                    e3:da:eb:86:32:82:24:96:ca:41:cc:b9:6c:00:7d:
                    85:8f:9b:92:dd:15:d1:41:77:65:69:a6:7d:9a:98:
                    38:53:51:3a:35:45:fb:b8:ec:2e:2e:fd:5a:76:cf:
                    6e:a8:41:c5:20:a3:a2:cf:9f:2b:93:fc:85:71:fc:
                    d1:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:09:F6:3B:78:6D:6F:F2:7B:F1:86:8F:DB:91:50:29:0C:6B:15:02
            X509v3 Authority Key Identifier:
                keyid:07:B1:FB:18:39:A4:14:F2:BB:AA:FB:E0:EF:CD:0F:20:2B:CF:74:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/821eef7e060345e4be569cd347ccbe36/1/07B1FB1839A414F2BBAAFBE0EFCD0F202BCF74FE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B7H7GDmkFPK7qvvg780PICvPdP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/821eef7e060345e4be569cd347ccbe36/1/3139352e3133372e3235322e302f32342d3234203d3e20313937353337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:0c:e1:b5:f7:82:21:e5:73:73:7e:f1:62:04:4b:dc:c6:d5:
         02:87:d6:b1:35:7a:77:04:54:a7:ac:a1:ee:bd:ee:c3:4b:0d:
         ea:76:2a:77:0e:46:be:d0:91:ec:84:c8:c8:80:54:34:6c:de:
         56:3e:41:2e:ae:c3:3d:63:61:05:50:32:10:91:5c:90:d5:60:
         2a:28:14:e6:a5:f9:3f:76:3d:b1:2c:ea:a6:dd:84:80:58:3f:
         38:85:d7:1a:3b:e2:f8:be:be:45:dc:c5:d0:e4:0b:91:ee:21:
         1d:51:f0:e0:94:bc:d4:fd:47:3f:a2:11:ef:72:82:19:c8:ce:
         a6:8f:5d:87:93:df:09:ec:5e:86:f3:d4:64:94:4b:b8:06:01:
         b3:c4:5b:c9:69:d6:d7:13:f7:21:15:9c:dc:5e:d3:9c:31:0a:
         31:0c:cc:6b:fd:41:4d:03:54:00:66:74:41:cc:c9:92:a7:0c:
         40:32:61:20:5f:cd:ab:80:2c:80:fa:f5:cb:08:d2:73:94:c9:
         89:20:70:8b:78:17:72:01:2a:d2:3f:6b:a3:85:42:26:56:c6:
         3c:99:4b:60:a1:38:17:ef:77:f1:ea:44:dc:12:db:87:d4:e6:
         52:bc:c5:99:30:1d:08:d1:7d:87:39:ab:65:71:1f:70:6b:7f:
         01:7c:a2:bf
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIUcKvajOqgz52BeIjeqU6+AT7XeNgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDdiMWZiMTgzOWE0MTRmMmJiYWFmYmUwZWZjZDBmMjAy
YmNmNzRmZTAeFw0yNTA1MDQxMzI2MzJaFw0yNjA1MDMxMzMxMzJaMDMxMTAvBgNV
BAMTKDFCMDlGNjNCNzg2RDZGRjI3QkYxODY4RkRCOTE1MDI5MEM2QjE1MDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1Cw3Q7g0srJEnm8lF+P/PXVva
aAXJColN2F7/y2wMBj3ha1jJ5gznwCqYRB7PzdpH7KwdqJBIcTXQjNvgkWqPS8QH
TyE0lcHdUYcMQJ8nSe12P9O6VKYR2lO5QYO+a9ofg/3CdUfTe47rIedrbjK5KonK
pymqY/biEf+R7go5g0npDRRzgsoxaumEQTKVhdcHOTUMnDWDC0nEd/mTyDyDV2hO
Y33y7JdfOeLex7g1aZyimMcuh6bBBQW23ahWUgPsyePa64YygiSWykHMuWwAfYWP
m5LdFdFBd2Vppn2amDhTUTo1Rfu47C4u/Vp2z26oQcUgo6LPnyuT/IVx/NFLAgMB
AAGjggImMIICIjAdBgNVHQ4EFgQUGwn2O3htb/J78YaP25FQKQxrFQIwHwYDVR0j
BBgwFoAUB7H7GDmkFPK7qvvg780PICvPdP4wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvODIxZWVmN2UwNjAzNDVlNGJlNTY5Y2QzNDdjY2JlMzYvMS8wN0IxRkIxODM5
QTQxNEYyQkJBQUZCRTBFRkNEMEYyMDJCQ0Y3NEZFLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvQjdIN0dEbWtGUEs3cXZ2Zzc4MFBJQ3ZQZFA0LmNlcjCBpgYIKwYB
BQUHAQsEgZkwgZYwgZMGCCsGAQUFBzALhoGGcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzgyMWVlZjdlMDYwMzQ1ZTRiZTU2OWNkMzQ3Y2NiZTM2
LzEvMzEzOTM1MmUzMTMzMzcyZTMyMzUzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2Uy
MDMxMzkzNzM1MzMzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggr
BgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMOJ/DANBgkqhkiG9w0BAQsFAAOCAQEA
OQzhtfeCIeVzc37xYgRL3MbVAofWsTV6dwRUp6yh7r3uw0sN6nYqdw5GvtCR7ITI
yIBUNGzeVj5BLq7DPWNhBVAyEJFckNVgKigU5qX5P3Y9sSzqpt2EgFg/OIXXGjvi
+L6+RdzF0OQLke4hHVHw4JS81P1HP6IR73KCGcjOpo9dh5PfCexehvPUZJRLuAYB
s8RbyWnW1xP3IRWc3F7TnDEKMQzMa/1BTQNUAGZ0QczJkqcMQDJhIF/Nq4AsgPr1
ywjSc5TJiSBwi3gXcgEq0j9ro4VCJlbGPJlLYKE4F+938epE3BLbh9TmUrzFmTAd
CNF9hzmrZXEfcGt/AXyivw==
-----END CERTIFICATE-----