Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf8e52381d018e8593884d2a30/0/3230392e38372e3137342e302f32332d3234203d3e20383334.roa
File:                     3230392e38372e3137342e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          iuXN+sPLUH2ykCoctEN9OsXmdhju0XOJG2LkcnqJfLk=
Subject key identifier:   A0:1D:BC:A0:91:98:A6:84:43:00:73:2D:AE:8F:83:59:67:5E:2F:1A
Certificate issuer:       /CN=137bca5a0ff837b3808ba493bd14ab78cc4fd6296629253051
Certificate serial:       0586FC05BBFBF662B898897D690A2B59C0645D5E
Authority key identifier: 4F:44:9F:0C:CB:37:8E:C6:D3:FC:D7:6A:A7:EE:D5:9A:F1:15:93:BB
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/35213db6-703a-4ad8-9450-0a0e1d371cff/137bca5a0ff837b3808ba493bd14ab78cc4fd6296629253051.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf8e52381d018e8593884d2a30/0/3230392e38372e3137342e302f32332d3234203d3e20383334.roa
Signing time:             Thu 01 May 2025 20:14:47 +0000
ROA not before:           Thu 01 May 2025 20:09:47 +0000
ROA not after:            Thu 30 Apr 2026 20:14:47 +0000
asID:                     834
IP address blocks:        209.87.174.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf8e52381d018e8593884d2a30/0/4F449F0CCB378EC6D3FCD76AA7EED59AF11593BB.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf8e52381d018e8593884d2a30/0/4F449F0CCB378EC6D3FCD76AA7EED59AF11593BB.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/35213db6-703a-4ad8-9450-0a0e1d371cff/137bca5a0ff837b3808ba493bd14ab78cc4fd6296629253051.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/35213db6-703a-4ad8-9450-0a0e1d371cff/35213db6-703a-4ad8-9450-0a0e1d371cff.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/35213db6-703a-4ad8-9450-0a0e1d371cff/35213db6-703a-4ad8-9450-0a0e1d371cff.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/35213db6-703a-4ad8-9450-0a0e1d371cff.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 08 May 2025 09:20:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:86:fc:05:bb:fb:f6:62:b8:98:89:7d:69:0a:2b:59:c0:64:5d:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137bca5a0ff837b3808ba493bd14ab78cc4fd6296629253051
        Validity
            Not Before: May  1 20:09:47 2025 GMT
            Not After : Apr 30 20:14:47 2026 GMT
        Subject: CN=A01DBCA09198A6844300732DAE8F8359675E2F1A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:1f:f1:00:a0:dd:e1:71:c4:6e:3c:d0:55:97:
                    9c:3d:a7:7c:4e:0b:38:ee:b0:39:01:5f:bf:f8:e9:
                    f9:af:75:e6:dc:9d:5b:81:26:ce:5d:89:c2:39:89:
                    69:02:9d:94:64:03:34:19:a2:d3:49:f7:b1:ae:6e:
                    37:fb:05:c7:e9:6d:1a:4b:89:e5:50:35:55:9e:44:
                    42:c4:c3:af:c0:1a:e9:99:f7:2d:92:b0:62:bb:f1:
                    d3:86:c3:5b:57:94:f5:27:38:79:ae:e1:22:a9:81:
                    1e:82:fe:e1:8f:95:8a:78:53:a7:0d:03:86:e4:d7:
                    ac:47:28:13:d4:9f:3a:34:36:c2:4b:ca:c1:79:91:
                    c7:c7:42:1d:41:40:57:eb:bf:9a:6c:ca:a9:e9:33:
                    4d:99:16:99:7c:4a:eb:79:d1:c1:c8:88:75:c5:fe:
                    c4:9b:31:97:f0:2e:9d:e3:67:95:d3:9e:b0:45:0c:
                    f0:97:9c:2b:32:d6:cd:08:90:6c:35:0b:80:56:f8:
                    25:61:99:4b:41:1b:79:83:ce:15:68:16:78:3a:51:
                    09:6d:97:71:08:41:cf:36:6f:31:d1:e2:50:81:ad:
                    ce:9e:00:55:d5:77:a1:d2:66:73:30:4a:96:f6:b8:
                    fb:8d:41:56:d7:f8:39:8f:e1:39:f4:22:3a:dc:44:
                    e8:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:1D:BC:A0:91:98:A6:84:43:00:73:2D:AE:8F:83:59:67:5E:2F:1A
            X509v3 Authority Key Identifier:
                keyid:4F:44:9F:0C:CB:37:8E:C6:D3:FC:D7:6A:A7:EE:D5:9A:F1:15:93:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf8e52381d018e8593884d2a30/0/4F449F0CCB378EC6D3FCD76AA7EED59AF11593BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/35213db6-703a-4ad8-9450-0a0e1d371cff/137bca5a0ff837b3808ba493bd14ab78cc4fd6296629253051.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf8e52381d018e8593884d2a30/0/3230392e38372e3137342e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.87.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:eb:85:3e:08:51:62:b8:88:f8:cf:1c:85:99:7c:76:f3:f1:
         ae:73:f5:ef:3e:bd:15:00:70:1e:b1:1c:10:fb:d6:5f:23:68:
         c4:13:21:32:40:ca:09:4a:e4:8b:42:5b:7d:d4:c6:00:35:fe:
         b0:d2:f1:65:11:d9:bf:b5:3b:1e:e2:db:e4:b9:fc:71:78:65:
         53:43:bb:73:3b:e4:42:95:61:a9:ff:2f:70:91:ab:9f:55:00:
         b5:88:f6:15:9e:60:91:b4:c5:93:3f:16:84:7d:24:3b:a1:85:
         f8:10:dd:7f:69:2b:0c:36:01:af:54:cf:9e:53:20:c7:ec:00:
         e0:71:5a:c3:bf:e8:cb:05:56:68:39:a4:95:3b:30:4b:e0:b0:
         72:9c:70:92:5b:81:62:2c:70:90:62:07:a5:a1:bd:aa:29:2f:
         21:82:de:1a:2a:0a:21:29:31:ea:98:97:ab:b6:98:af:8f:43:
         0d:e5:0f:b9:32:ed:e5:84:2f:7e:5d:a5:22:4f:6f:e9:4e:9b:
         49:2b:c8:30:61:52:a5:91:77:b1:fe:11:5e:dd:c4:1f:de:5b:
         3a:ba:f9:b2:8a:61:5b:1a:53:de:0b:c6:c3:4a:47:ce:f2:16:
         f9:63:62:c8:6b:af:6f:c0:cc:76:53:2f:cd:57:e4:33:12:03:
         7e:72:40:da
-----BEGIN CERTIFICATE-----
MIIFrTCCBJWgAwIBAgIUBYb8Bbv79mK4mIl9aQorWcBkXV4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMTM3YmNhNWEwZmY4MzdiMzgwOGJhNDkzYmQxNGFiNzhj
YzRmZDYyOTY2MjkyNTMwNTEwHhcNMjUwNTAxMjAwOTQ3WhcNMjYwNDMwMjAxNDQ3
WjAzMTEwLwYDVQQDEyhBMDFEQkNBMDkxOThBNjg0NDMwMDczMkRBRThGODM1OTY3
NUUyRjFBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1h/xAKDd4XHE
bjzQVZecPad8Tgs47rA5AV+/+On5r3Xm3J1bgSbOXYnCOYlpAp2UZAM0GaLTSfex
rm43+wXH6W0aS4nlUDVVnkRCxMOvwBrpmfctkrBiu/HThsNbV5T1Jzh5ruEiqYEe
gv7hj5WKeFOnDQOG5NesRygT1J86NDbCS8rBeZHHx0IdQUBX67+abMqp6TNNmRaZ
fErredHByIh1xf7EmzGX8C6d42eV056wRQzwl5wrMtbNCJBsNQuAVvglYZlLQRt5
g84VaBZ4OlEJbZdxCEHPNm8x0eJQga3OngBV1Xeh0mZzMEqW9rj7jUFW1/g5j+E5
9CI63ETo+wIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFKAdvKCRmKaEQwBzLa6Pg1ln
Xi8aMB8GA1UdIwQYMBaAFE9EnwzLN47G0/zXaqfu1ZrxFZO7MA4GA1UdDwEB/wQE
AwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6Ly9ycGtpLXJwcy5hcmluLm5l
dC9yZXBvc2l0b3J5LzhhODQ4YWRmOGU1MjM4MWQwMThlODU5Mzg4NGQyYTMwLzAv
NEY0NDlGMENDQjM3OEVDNkQzRkNENzZBQTdFRUQ1OUFGMTE1OTNCQi5jcmwwgfMG
CCsGAQUFBwEBBIHmMIHjMIHgBggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmlu
Lm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2Ut
YjA4Yy0yMTcxZGEyMTU3ZDMvNGFiN2FlNGQtYmQ3Yi00YjMzLTlhODgtNWIyMmQy
YTgzMzdkLzM1MjEzZGI2LTcwM2EtNGFkOC05NDUwLTBhMGUxZDM3MWNmZi8xMzdi
Y2E1YTBmZjgzN2IzODA4YmE0OTNiZDE0YWI3OGNjNGZkNjI5NjYyOTI1MzA1MS5j
ZXIwgZ0GCCsGAQUFBwELBIGQMIGNMIGKBggrBgEFBQcwC4Z+cnN5bmM6Ly9ycGtp
LXJwcy5hcmluLm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRmOGU1MjM4MWQwMThlODU5
Mzg4NGQyYTMwLzAvMzIzMDM5MmUzODM3MmUzMTM3MzQyZTMwMmYzMjMzMmQzMjM0
MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYI
KwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHRV64wDQYJKoZIhvcNAQELBQADggEB
ADXrhT4IUWK4iPjPHIWZfHbz8a5z9e8+vRUAcB6xHBD71l8jaMQTITJAyglK5ItC
W33UxgA1/rDS8WUR2b+1Ox7i2+S5/HF4ZVNDu3M75EKVYan/L3CRq59VALWI9hWe
YJG0xZM/FoR9JDuhhfgQ3X9pKww2Aa9Uz55TIMfsAOBxWsO/6MsFVmg5pJU7MEvg
sHKccJJbgWIscJBiB6WhvaopLyGC3hoqCiEpMeqYl6u2mK+PQw3lD7ky7eWEL35d
pSJPb+lOm0kryDBhUqWRd7H+EV7dxB/eWzq6+bKKYVsaU94LxsNKR87yFvljYshr
r2/AzHZTL81X5DMSA35yQNo=
-----END CERTIFICATE-----