Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS131745.roa
File:                     AS131745.roa (raw, json)
Hash identifier:          hzlyKDiNcRPbIReNCxW/B6/SEQNeNzsb3nEngxiQIig=
Subject key identifier:   87:68:7A:5A:F8:A6:24:94:6F:8F:AC:0E:7E:7C:E2:5C:F8:F8:D6:A6
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       45574F83D9BCB6F1BC8191C0F060D2F9B9333D06
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS131745.roa
Signing time:             Tue 05 Dec 2023 02:44:14 +0000
ROA not before:           Tue 05 Dec 2023 02:39:14 +0000
ROA not after:            Tue 03 Dec 2024 02:44:14 +0000
asID:                     131745
IP address blocks:        2a06:a005:457::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:57:4f:83:d9:bc:b6:f1:bc:81:91:c0:f0:60:d2:f9:b9:33:3d:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:14 2023 GMT
            Not After : Dec  3 02:44:14 2024 GMT
        Subject: CN=87687A5AF8A624946F8FAC0E7E7CE25CF8F8D6A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6c:62:71:7e:f7:f9:36:40:56:85:ec:60:9b:
                    31:0d:39:ca:f5:b5:81:a8:07:09:e4:11:8a:1c:fd:
                    f8:93:f8:0c:19:fc:ef:2f:2e:ec:0f:c1:a1:4e:72:
                    d7:e2:48:42:7f:a7:e7:28:b1:c7:94:93:7c:4e:ea:
                    60:be:f3:1d:32:03:61:0c:f4:63:41:e4:21:57:99:
                    fc:ac:dd:13:12:ae:f2:37:e7:db:28:23:f6:e4:d8:
                    c9:3b:86:88:0e:c6:44:3b:61:2a:a7:95:76:b0:c3:
                    c9:f0:d1:ed:03:d1:6f:19:79:f7:da:6e:96:f3:45:
                    95:ab:8c:9b:d3:7c:ef:fb:60:49:f7:00:96:1e:70:
                    65:6d:93:35:f3:74:09:25:b8:c0:48:d0:de:95:96:
                    6d:65:7f:65:ce:08:06:de:c5:4c:7e:63:e3:eb:f1:
                    8d:81:d4:84:e9:0b:f5:be:94:2e:2f:8c:14:7f:2c:
                    fe:83:14:7d:46:17:c5:73:db:2b:d4:75:ee:08:ba:
                    a1:bd:0b:65:8b:6b:ff:b9:88:b4:e7:8e:1d:bd:08:
                    87:ee:0b:42:37:5f:56:ff:0e:5c:5a:1e:95:ba:7a:
                    b2:14:df:5a:0f:fe:87:09:23:76:82:83:16:2d:08:
                    44:ce:2e:9b:ef:93:31:87:be:39:42:0f:95:ff:86:
                    e5:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:68:7A:5A:F8:A6:24:94:6F:8F:AC:0E:7E:7C:E2:5C:F8:F8:D6:A6
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS131745.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:457::/48

    Signature Algorithm: sha256WithRSAEncryption
         c8:4a:73:15:ca:07:56:0f:84:be:d0:68:4e:3f:af:ac:24:f2:
         72:12:ae:fa:e8:a7:74:b4:a5:36:1e:7e:b4:ae:8b:56:e2:19:
         68:79:25:6c:16:7b:71:43:a8:be:1f:ee:7a:98:ec:61:d4:6e:
         87:1b:75:26:8d:87:34:68:c7:b6:23:c9:5d:3d:d6:13:22:8b:
         47:84:98:ce:8a:1d:48:02:d7:44:53:8e:67:76:b1:30:13:ba:
         0b:c5:12:44:d1:a4:71:2c:72:ca:f2:35:2e:ac:e9:f1:fa:c1:
         19:49:4e:8a:7a:05:59:bb:c1:9b:09:9d:f5:c8:d4:ae:32:f8:
         99:ad:5e:06:1a:5c:4c:84:51:98:1d:82:75:cf:0a:e2:da:0a:
         2b:17:89:b1:78:c2:c8:3b:f9:af:48:4b:20:c7:49:ba:0b:f0:
         f1:ae:77:7d:29:37:93:5f:bc:17:8e:c2:f4:5c:27:d5:cd:57:
         7d:47:c3:01:02:c4:71:cb:f2:90:c3:c7:09:20:87:3f:c5:9b:
         73:f0:3e:33:58:ec:f6:e4:99:da:86:71:72:ec:02:ea:57:c0:
         bc:98:0b:4c:fd:f9:76:1e:8e:d9:ac:da:5d:46:e6:5d:59:99:
         83:e9:fc:d3:90:c8:22:44:75:cc:3a:77:33:7d:31:98:8b:c0:
         cf:9f:3d:7f
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIURVdPg9m8tvG8gZHA8GDS+bkzPQYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTRaFw0yNDEyMDMwMjQ0MTRaMDMxMTAvBgNV
BAMTKDg3Njg3QTVBRjhBNjI0OTQ2RjhGQUMwRTdFN0NFMjVDRjhGOEQ2QTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/bGJxfvf5NkBWhexgmzENOcr1
tYGoBwnkEYoc/fiT+AwZ/O8vLuwPwaFOctfiSEJ/p+cosceUk3xO6mC+8x0yA2EM
9GNB5CFXmfys3RMSrvI359soI/bk2Mk7hogOxkQ7YSqnlXaww8nw0e0D0W8Zeffa
bpbzRZWrjJvTfO/7YEn3AJYecGVtkzXzdAkluMBI0N6Vlm1lf2XOCAbexUx+Y+Pr
8Y2B1ITpC/W+lC4vjBR/LP6DFH1GF8Vz2yvUde4IuqG9C2WLa/+5iLTnjh29CIfu
C0I3X1b/DlxaHpW6erIU31oP/ocJI3aCgxYtCETOLpvvkzGHvjlCD5X/huU5AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUh2h6WvimJJRvj6wOfnziXPj41qYwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTMxNzQ1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQRXMA0GCSqGSIb3DQEBCwUAA4IBAQDISnMV
ygdWD4S+0GhOP6+sJPJyEq766Kd0tKU2Hn60rotW4hloeSVsFntxQ6i+H+56mOxh
1G6HG3UmjYc0aMe2I8ldPdYTIotHhJjOih1IAtdEU45ndrEwE7oLxRJE0aRxLHLK
8jUurOnx+sEZSU6KegVZu8GbCZ31yNSuMviZrV4GGlxMhFGYHYJ1zwri2gorF4mx
eMLIO/mvSEsgx0m6C/Dxrnd9KTeTX7wXjsL0XCfVzVd9R8MBAsRxy/KQw8cJIIc/
xZtz8D4zWOz25JnahnFy7ALqV8C8mAtM/fl2Ho7ZrNpdRuZdWZmD6fzTkMgiRHXM
OnczfTGYi8DPnz1/
-----END CERTIFICATE-----