Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204044.roa
File:                     AS204044.roa (raw, json)
Hash identifier:          V+wPVfx4AaB2/yrfXvE3T8x32rLhGn7+mkMDkRzNCXs=
Subject key identifier:   A5:33:E4:BA:8D:A2:43:E3:E1:A4:05:28:C6:9C:BB:40:60:90:FD:10
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       7E4FDA9751BC5E5921F9976D0C6B3FE41774FA36
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204044.roa
Signing time:             Fri 09 May 2025 04:29:05 +0000
ROA not before:           Fri 09 May 2025 04:24:05 +0000
ROA not after:            Fri 08 May 2026 04:29:05 +0000
asID:                     204044
IP address blocks:        111.235.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:4f:da:97:51:bc:5e:59:21:f9:97:6d:0c:6b:3f:e4:17:74:fa:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: May  9 04:24:05 2025 GMT
            Not After : May  8 04:29:05 2026 GMT
        Subject: CN=A533E4BA8DA243E3E1A40528C69CBB406090FD10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6e:98:5d:02:88:0b:37:3d:96:ff:a6:90:1d:
                    69:5f:cc:e4:bf:79:0b:1b:0d:5a:20:fb:2b:d8:a8:
                    72:a5:ea:57:c8:59:2d:f6:88:b5:26:b0:54:7e:74:
                    b8:91:9d:a7:cc:4d:5f:c8:ec:0b:58:1a:8d:0b:4d:
                    9b:5a:8d:51:24:ab:a5:23:5f:88:db:13:b4:ae:29:
                    bb:7d:0c:2b:63:b5:f0:9c:cd:30:2f:e4:68:a1:26:
                    7d:b2:e5:d1:02:5b:7f:cd:43:eb:d4:be:f5:7b:b6:
                    81:2a:46:a0:44:f4:e3:7b:6d:28:6b:17:27:7c:5f:
                    79:aa:bf:9c:9d:24:84:a8:14:69:e2:1f:d9:3a:cc:
                    92:7f:d6:bf:87:fb:28:a9:43:bb:47:61:ff:74:4c:
                    19:09:37:60:cd:55:a4:71:45:13:56:09:ad:7f:91:
                    b6:f8:bd:50:db:2f:cc:a8:cb:33:e4:a5:b8:5f:57:
                    ab:c2:fc:bb:12:19:fb:75:22:2a:76:a5:a9:98:a3:
                    3d:1f:16:e4:82:22:3d:65:a9:b6:11:41:86:d9:52:
                    a6:b7:f7:d7:54:0d:40:bd:37:39:3d:68:41:84:08:
                    65:34:6a:2f:c1:97:97:58:57:10:3b:f0:83:3b:38:
                    46:83:76:5b:e7:65:a1:b9:df:85:87:4f:17:f4:64:
                    90:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:33:E4:BA:8D:A2:43:E3:E1:A4:05:28:C6:9C:BB:40:60:90:FD:10
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204044.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  111.235.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:a2:98:56:87:37:fe:28:a3:ff:3b:e8:35:d2:4a:70:94:33:
         0b:cd:1f:11:25:2c:06:0a:03:4c:5f:a4:4e:95:85:79:01:2c:
         8d:94:22:f3:2f:8f:e6:1b:61:d6:57:73:dc:49:df:8c:34:ce:
         6e:d1:56:cb:c2:fe:d5:eb:ea:74:69:c1:a2:9b:72:c0:62:ff:
         a8:4f:69:a7:34:28:4f:4c:7f:0f:2c:11:2a:28:a7:5a:90:80:
         22:de:74:f7:59:ab:84:eb:68:11:51:f6:1c:d4:f0:ac:32:61:
         12:1e:40:30:72:38:31:cc:1a:c4:71:59:b8:5d:74:ef:97:8e:
         dc:5e:64:2b:9d:b5:e1:a9:fb:e7:50:93:2a:e3:1c:fa:3e:42:
         25:eb:72:8d:40:94:4f:2a:b4:2b:33:1f:f9:a7:11:d6:e7:38:
         e6:57:c8:bc:df:9c:f2:dc:be:46:cc:3b:f0:c7:b7:e1:1c:0e:
         4e:d6:2d:c0:b1:45:bd:72:b1:dd:c7:51:cc:d0:ad:16:0e:a2:
         94:23:2e:f9:9b:63:ce:be:37:3e:2b:85:01:bc:9c:ea:3b:5c:
         4a:db:3b:75:a3:d4:b8:8c:e9:30:e8:65:96:3c:a3:8f:70:df:
         5f:7e:33:39:37:73:d8:85:f8:f8:74:25:5a:72:ca:43:be:a0:
         14:b0:34:f8
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUfk/al1G8Xlkh+ZdtDGs/5Bd0+jYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNTA1MDkwNDI0MDVaFw0yNjA1MDgwNDI5MDVaMDMxMTAvBgNV
BAMTKEE1MzNFNEJBOERBMjQzRTNFMUE0MDUyOEM2OUNCQjQwNjA5MEZEMTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgbphdAogLNz2W/6aQHWlfzOS/
eQsbDVog+yvYqHKl6lfIWS32iLUmsFR+dLiRnafMTV/I7AtYGo0LTZtajVEkq6Uj
X4jbE7SuKbt9DCtjtfCczTAv5GihJn2y5dECW3/NQ+vUvvV7toEqRqBE9ON7bShr
Fyd8X3mqv5ydJISoFGniH9k6zJJ/1r+H+yipQ7tHYf90TBkJN2DNVaRxRRNWCa1/
kbb4vVDbL8yoyzPkpbhfV6vC/LsSGft1Iip2pamYoz0fFuSCIj1lqbYRQYbZUqa3
99dUDUC9Nzk9aEGECGU0ai/Bl5dYVxA78IM7OEaDdlvnZaG534WHTxf0ZJDHAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUpTPkuo2iQ+PhpAUoxpy7QGCQ/RAwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA0MDQ0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAb+uXMA0GCSqGSIb3DQEBCwUAA4IBAQBXophWhzf+
KKP/O+g10kpwlDMLzR8RJSwGCgNMX6ROlYV5ASyNlCLzL4/mG2HWV3PcSd+MNM5u
0VbLwv7V6+p0acGim3LAYv+oT2mnNChPTH8PLBEqKKdakIAi3nT3WauE62gRUfYc
1PCsMmESHkAwcjgxzBrEcVm4XXTvl47cXmQrnbXhqfvnUJMq4xz6PkIl63KNQJRP
KrQrMx/5pxHW5zjmV8i835zy3L5GzDvwx7fhHA5O1i3AsUW9crHdx1HM0K0WDqKU
Iy75m2POvjc+K4UBvJzqO1xK2zt1o9S4jOkw6GWWPKOPcN9ffjM5N3PYhfj4dCVa
cspDvqAUsDT4
-----END CERTIFICATE-----