Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf89e02e8b018ab95d1cec7a41/0/3137372e3132382e3132382e302f32322d3234203d3e203430383530.roa
File:                     3137372e3132382e3132382e302f32322d3234203d3e203430383530.roa (raw, json)
Hash identifier:          74aabq1I+zUFazk8ieE1EmalhpvbETlQq9ytfFwnr90=
Subject key identifier:   46:01:2A:89:8B:87:03:57:66:D5:53:39:AA:69:5D:A0:50:47:02:09
Certificate issuer:       /CN=0b75eb340709c863b5ee2132841f8644dd26fad4a204af7738
Certificate serial:       61F3FD7AC4316E7921CF720E176699D655565EB6
Authority key identifier: 54:0B:53:6A:C1:A2:BB:8F:D1:20:16:62:B4:30:48:5B:DE:4F:A6:D0
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/1a4b6836-4e28-439c-9ea2-50482aa15b68/0b75eb340709c863b5ee2132841f8644dd26fad4a204af7738.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf89e02e8b018ab95d1cec7a41/0/3137372e3132382e3132382e302f32322d3234203d3e203430383530.roa
Signing time:             Thu 24 Jul 2025 20:53:21 +0000
ROA not before:           Thu 24 Jul 2025 20:48:21 +0000
ROA not after:            Thu 23 Jul 2026 20:53:21 +0000
asID:                     40850
IP address blocks:        177.128.128.0/22 maxlen: 24
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:f3:fd:7a:c4:31:6e:79:21:cf:72:0e:17:66:99:d6:55:56:5e:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b75eb340709c863b5ee2132841f8644dd26fad4a204af7738
        Validity
            Not Before: Jul 24 20:48:21 2025 GMT
            Not After : Jul 23 20:53:21 2026 GMT
        Subject: CN=46012A898B87035766D55339AA695DA050470209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:bf:94:5d:de:ca:bb:b9:9b:49:8d:36:15:85:
                    cb:0f:35:ab:da:fa:62:98:c8:6c:91:af:02:5c:aa:
                    3d:c9:c7:7f:17:bf:50:6f:1b:1f:a6:f4:77:6f:a1:
                    b8:87:ce:6f:ee:45:e5:2d:a5:ec:18:34:0c:98:53:
                    4d:fb:92:85:9a:a1:78:92:8f:1c:d4:54:78:e7:8a:
                    14:7d:5d:51:8f:1e:c4:c4:61:76:ba:bc:13:47:aa:
                    ba:d8:78:0a:f8:4b:69:35:d7:31:93:0d:5f:ce:1c:
                    30:e4:e5:be:04:4e:95:2f:05:a8:f7:6e:41:93:94:
                    3e:47:67:32:00:aa:25:fc:b6:b5:50:b7:1d:f5:8f:
                    41:68:88:f1:fb:69:f6:cf:b2:79:dd:c8:dd:7e:6b:
                    2a:22:72:df:69:a2:ac:7f:c3:57:a9:e9:67:fa:94:
                    17:46:a3:f1:2b:11:71:64:21:ed:09:82:08:3d:43:
                    21:48:8a:ac:3d:63:a5:47:03:59:00:56:b1:b4:98:
                    81:ec:af:59:c3:61:3e:0f:93:01:b5:3d:fd:9c:86:
                    52:70:a8:c4:9b:41:d1:c0:2b:42:8c:a9:12:c1:69:
                    ca:0b:68:d4:eb:1d:0d:f2:4c:be:52:05:b1:e0:f9:
                    d6:51:8b:61:6b:62:47:62:db:02:f9:cd:ba:d9:ad:
                    62:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:01:2A:89:8B:87:03:57:66:D5:53:39:AA:69:5D:A0:50:47:02:09
            X509v3 Authority Key Identifier:
                keyid:54:0B:53:6A:C1:A2:BB:8F:D1:20:16:62:B4:30:48:5B:DE:4F:A6:D0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf89e02e8b018ab95d1cec7a41/0/540B536AC1A2BB8FD1201662B430485BDE4FA6D0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/1a4b6836-4e28-439c-9ea2-50482aa15b68/0b75eb340709c863b5ee2132841f8644dd26fad4a204af7738.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf89e02e8b018ab95d1cec7a41/0/3137372e3132382e3132382e302f32322d3234203d3e203430383530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  177.128.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:29:e1:52:a3:f2:23:2f:1a:f2:ef:a4:8b:f5:fb:63:36:87:
         fe:71:4e:90:2e:94:ba:48:1c:2e:93:eb:84:a7:d3:91:8e:a7:
         c1:6b:0f:2c:01:82:c1:cb:5c:19:ea:54:6f:ca:9a:ea:f4:de:
         b3:61:b6:6c:ee:7a:cf:2b:8a:e5:b9:1c:12:49:7d:bd:ed:66:
         d1:4f:c8:7a:e2:6b:de:98:91:27:86:f1:7f:c7:a1:31:14:b5:
         d5:11:5f:9a:2d:65:36:b7:5e:24:e9:70:fa:2d:28:ae:53:66:
         f0:d0:bd:ec:62:fb:16:74:82:6d:82:7a:dd:a8:a5:2a:a4:79:
         35:b3:30:3d:59:bb:63:a8:2c:37:ea:54:b0:18:a7:15:c6:f4:
         f1:b6:30:39:d8:d4:a4:57:c2:76:de:13:e4:13:41:de:78:d5:
         9a:67:fd:e7:bd:6f:be:21:b4:9a:80:50:1c:8a:9c:e6:42:ed:
         ec:3c:52:13:25:08:b6:5c:fd:5a:b9:15:58:4e:31:e7:74:dd:
         15:40:85:37:74:96:a3:94:2e:9d:19:d4:12:95:f6:b9:54:26:
         c0:b1:57:10:54:72:96:88:df:14:74:96:5d:d6:38:f7:0b:3a:
         af:c1:3e:1c:fa:a7:b8:b3:b2:f5:90:33:59:42:1f:aa:b9:be:
         f6:ce:ae:e4
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgIUYfP9esQxbnkhz3IOF2aZ1lVWXrYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMGI3NWViMzQwNzA5Yzg2M2I1ZWUyMTMyODQxZjg2NDRk
ZDI2ZmFkNGEyMDRhZjc3MzgwHhcNMjUwNzI0MjA0ODIxWhcNMjYwNzIzMjA1MzIx
WjAzMTEwLwYDVQQDEyg0NjAxMkE4OThCODcwMzU3NjZENTUzMzlBQTY5NURBMDUw
NDcwMjA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA47+UXd7Ku7mb
SY02FYXLDzWr2vpimMhska8CXKo9ycd/F79QbxsfpvR3b6G4h85v7kXlLaXsGDQM
mFNN+5KFmqF4ko8c1FR454oUfV1Rjx7ExGF2urwTR6q62HgK+EtpNdcxkw1fzhww
5OW+BE6VLwWo925Bk5Q+R2cyAKol/La1ULcd9Y9BaIjx+2n2z7J53cjdfmsqInLf
aaKsf8NXqeln+pQXRqPxKxFxZCHtCYIIPUMhSIqsPWOlRwNZAFaxtJiB7K9Zw2E+
D5MBtT39nIZScKjEm0HRwCtCjKkSwWnKC2jU6x0N8ky+UgWx4PnWUYtha2JHYtsC
+c262a1iEQIDAQABo4ICtDCCArAwHQYDVR0OBBYEFEYBKomLhwNXZtVTOappXaBQ
RwIJMB8GA1UdIwQYMBaAFFQLU2rBoruP0SAWYrQwSFveT6bQMA4GA1UdDwEB/wQE
AwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6Ly9ycGtpLXJwcy5hcmluLm5l
dC9yZXBvc2l0b3J5LzhhODQ4YWRmODllMDJlOGIwMThhYjk1ZDFjZWM3YTQxLzAv
NTQwQjUzNkFDMUEyQkI4RkQxMjAxNjYyQjQzMDQ4NUJERTRGQTZEMC5jcmwwgfMG
CCsGAQUFBwEBBIHmMIHjMIHgBggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmlu
Lm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2Ut
YjA4Yy0yMTcxZGEyMTU3ZDMvNWI3ZmIxMjItZGZkZi00YzBjLWI5MGQtM2JjN2E1
ZmViODJiLzFhNGI2ODM2LTRlMjgtNDM5Yy05ZWEyLTUwNDgyYWExNWI2OC8wYjc1
ZWIzNDA3MDljODYzYjVlZTIxMzI4NDFmODY0NGRkMjZmYWQ0YTIwNGFmNzczOC5j
ZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5jOi8vcnBr
aS1ycHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg5ZTAyZThiMDE4YWI5
NWQxY2VjN2E0MS8wLzMxMzczNzJlMzEzMjM4MmUzMTMyMzgyZTMwMmYzMjMyMmQz
MjM0MjAzZDNlMjAzNDMwMzgzNTMwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsYCAMA0GCSqGSIb3DQEB
CwUAA4IBAQCmKeFSo/IjLxry76SL9ftjNof+cU6QLpS6SBwuk+uEp9ORjqfBaw8s
AYLBy1wZ6lRvyprq9N6zYbZs7nrPK4rluRwSSX297WbRT8h64mvemJEnhvF/x6Ex
FLXVEV+aLWU2t14k6XD6LSiuU2bw0L3sYvsWdIJtgnrdqKUqpHk1szA9WbtjqCw3
6lSwGKcVxvTxtjA52NSkV8J23hPkE0HeeNWaZ/3nvW++IbSagFAcipzmQu3sPFIT
JQi2XP1auRVYTjHndN0VQIU3dJajlC6dGdQSlfa5VCbAsVcQVHKWiN8UdJZd1jj3
CzqvwT4c+qe4s7L1kDNZQh+qub72zq7k
-----END CERTIFICATE-----