Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/8/3139342e3131362e3232372e302f32342d3234203d3e203331383938.roa
File:                     3139342e3131362e3232372e302f32342d3234203d3e203331383938.roa (raw, json)
Hash identifier:          T6jcjZk0eose1dyVcPbTe7ix+xlcd70qHDNE1iyJWTU=
Subject key identifier:   DB:09:3C:32:5E:DC:A3:87:D9:1E:E0:58:EA:CC:42:AF:EB:BC:CF:75
Certificate issuer:       /CN=e3dcc9700181940fb31c01ea795ecfbc31492afa
Certificate serial:       5D7FEC2A57A5BE55DABBA976EB56AA23276F67D0
Authority key identifier: E3:DC:C9:70:01:81:94:0F:B3:1C:01:EA:79:5E:CF:BC:31:49:2A:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49zJcAGBlA-zHAHqeV7PvDFJKvo.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/8/3139342e3131362e3232372e302f32342d3234203d3e203331383938.roa
Signing time:             Sat 02 Aug 2025 06:12:42 +0000
ROA not before:           Sat 02 Aug 2025 06:07:42 +0000
ROA not after:            Sat 01 Aug 2026 06:12:42 +0000
asID:                     31898
IP address blocks:        194.116.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/8/E3DCC9700181940FB31C01EA795ECFBC31492AFA.crl
                          rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/8/E3DCC9700181940FB31C01EA795ECFBC31492AFA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49zJcAGBlA-zHAHqeV7PvDFJKvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 20:46:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:7f:ec:2a:57:a5:be:55:da:bb:a9:76:eb:56:aa:23:27:6f:67:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3dcc9700181940fb31c01ea795ecfbc31492afa
        Validity
            Not Before: Aug  2 06:07:42 2025 GMT
            Not After : Aug  1 06:12:42 2026 GMT
        Subject: CN=DB093C325EDCA387D91EE058EACC42AFEBBCCF75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:fa:5d:6e:e5:33:ff:1b:3a:4e:39:18:c7:b3:
                    da:83:dd:2b:61:e6:44:e3:1f:34:a0:d9:7f:fa:52:
                    9f:79:68:fb:e8:70:09:15:38:88:02:d9:5b:f6:61:
                    67:ae:b5:67:b5:39:b5:31:61:5e:42:c2:69:c7:1e:
                    63:00:e7:0d:c4:2c:d4:4d:1e:a8:af:49:9e:da:2a:
                    44:d2:0e:2f:78:56:e4:54:02:85:e2:57:3b:3b:72:
                    fc:bd:d5:49:e4:9d:77:bc:cd:44:75:21:51:45:2c:
                    e9:75:6f:99:0f:af:02:d8:04:62:f0:6a:12:01:4e:
                    26:cf:e9:91:f2:9b:bc:8e:db:b3:2b:50:f6:a9:77:
                    a8:6d:68:17:ea:e5:31:c1:cd:7d:b9:23:3f:2b:d2:
                    be:cc:80:62:5f:bf:18:c6:a4:ad:1a:55:a5:d0:0c:
                    e7:f3:10:ef:40:bc:1b:b2:2d:9f:8a:4c:ee:2b:22:
                    6a:81:74:bb:e0:37:45:4b:20:0a:b0:42:38:c4:75:
                    2b:2f:bf:f5:44:6c:f8:67:34:d5:da:eb:a7:f9:d7:
                    43:ae:e3:78:95:f5:22:1b:41:88:7d:49:0d:09:bd:
                    cc:58:ff:3f:91:b0:df:67:02:91:4d:ad:d7:b0:44:
                    9c:a2:46:21:c7:53:6e:80:72:85:a0:ff:30:b5:45:
                    3f:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:09:3C:32:5E:DC:A3:87:D9:1E:E0:58:EA:CC:42:AF:EB:BC:CF:75
            X509v3 Authority Key Identifier:
                keyid:E3:DC:C9:70:01:81:94:0F:B3:1C:01:EA:79:5E:CF:BC:31:49:2A:FA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/8/E3DCC9700181940FB31C01EA795ECFBC31492AFA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49zJcAGBlA-zHAHqeV7PvDFJKvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/8/3139342e3131362e3232372e302f32342d3234203d3e203331383938.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:a5:d1:48:77:30:6e:3a:d3:90:2c:ec:2e:ff:ea:3c:2a:13:
         c2:94:7f:c1:1f:c6:9a:0b:db:1f:8b:ca:85:19:be:55:a4:9b:
         09:47:6b:cf:83:6c:4b:57:41:fe:30:9e:4f:d2:6b:58:81:37:
         c5:ed:db:a0:4b:a1:34:b8:83:54:52:90:88:2a:64:1b:de:af:
         4a:9a:90:3c:5b:d9:46:30:a2:39:49:2a:79:b5:a7:ef:63:f4:
         12:73:ba:94:81:d9:a6:6c:53:fc:2d:cf:6d:3b:98:72:ea:fb:
         89:fe:04:01:54:45:3f:34:e4:72:58:a6:26:58:17:66:4f:b4:
         2c:e0:9f:f3:30:5c:5a:45:94:5a:5d:0b:cd:8d:5d:bb:1a:c1:
         d8:f6:97:85:24:34:3f:be:16:08:d6:89:aa:5c:72:65:1d:ca:
         44:14:c8:fc:6a:14:10:66:50:25:4a:01:a9:72:8b:33:88:fa:
         3a:22:7a:66:b2:33:38:11:82:ab:c8:dd:bf:f8:9b:27:ce:1c:
         99:4e:45:03:d2:9b:49:05:b5:0b:35:a5:6f:09:12:e1:0d:5a:
         41:30:a6:8c:5b:71:be:8c:5f:43:35:b5:c7:46:70:8b:56:c4:
         a6:50:09:89:de:77:7a:a8:a4:78:c0:ea:46:37:45:cd:db:9b:
         5d:4f:48:12
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgIUXX/sKlelvlXau6l261aqIydvZ9AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTNkY2M5NzAwMTgxOTQwZmIzMWMwMWVhNzk1ZWNmYmMz
MTQ5MmFmYTAeFw0yNTA4MDIwNjA3NDJaFw0yNjA4MDEwNjEyNDJaMDMxMTAvBgNV
BAMTKERCMDkzQzMyNUVEQ0EzODdEOTFFRTA1OEVBQ0M0MkFGRUJCQ0NGNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb+l1u5TP/GzpOORjHs9qD3Sth
5kTjHzSg2X/6Up95aPvocAkVOIgC2Vv2YWeutWe1ObUxYV5CwmnHHmMA5w3ELNRN
HqivSZ7aKkTSDi94VuRUAoXiVzs7cvy91UnknXe8zUR1IVFFLOl1b5kPrwLYBGLw
ahIBTibP6ZHym7yO27MrUPapd6htaBfq5THBzX25Iz8r0r7MgGJfvxjGpK0aVaXQ
DOfzEO9AvBuyLZ+KTO4rImqBdLvgN0VLIAqwQjjEdSsvv/VEbPhnNNXa66f510Ou
43iV9SIbQYh9SQ0JvcxY/z+RsN9nApFNrdewRJyiRiHHU26AcoWg/zC1RT8TAgMB
AAGjggIkMIICIDAdBgNVHQ4EFgQU2wk8Ml7co4fZHuBY6sxCr+u8z3UwHwYDVR0j
BBgwFoAU49zJcAGBlA+zHAHqeV7PvDFJKvowDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvNmFiOTZlN2E2MTMwNDk4YWE5ODEzZDdlZTViYmVkMzEvOC9FM0RDQzk3MDAx
ODE5NDBGQjMxQzAxRUE3OTVFQ0ZCQzMxNDkyQUZBLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDl6SmNBR0JsQS16SEFIcWVWN1B2REZKS3ZvLmNlcjCBpAYIKwYB
BQUHAQsEgZcwgZQwgZEGCCsGAQUFBzALhoGEcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzZhYjk2ZTdhNjEzMDQ5OGFhOTgxM2Q3ZWU1YmJlZDMx
LzgvMzEzOTM0MmUzMTMxMzYyZTMyMzIzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2Uy
MDMzMzEzODM5Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYB
BQUHAQcBAf8EEDAOMAwEAgABMAYDBADCdOMwDQYJKoZIhvcNAQELBQADggEBAAOl
0Uh3MG4605As7C7/6jwqE8KUf8EfxpoL2x+LyoUZvlWkmwlHa8+DbEtXQf4wnk/S
a1iBN8Xt26BLoTS4g1RSkIgqZBver0qakDxb2UYwojlJKnm1p+9j9BJzupSB2aZs
U/wtz207mHLq+4n+BAFURT805HJYpiZYF2ZPtCzgn/MwXFpFlFpdC82NXbsawdj2
l4UkND++FgjWiapccmUdykQUyPxqFBBmUCVKAalyizOI+joiemayMzgRgqvI3b/4
myfOHJlORQPSm0kFtQs1pW8JEuENWkEwpoxbcb6MX0M1tcdGcItWxKZQCYned3qo
pHjA6kY3Rc3bm11PSBI=
-----END CERTIFICATE-----