Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS134666.roa
File:                     AS134666.roa (raw, json)
Hash identifier:          ldc3IWppy5xEznzuhHQw0Lf0ev7DdEdgMK5GXlX2XFQ=
Subject key identifier:   F4:DE:67:33:40:D4:32:1C:A4:A4:57:90:6B:A7:F7:48:22:98:1C:7F
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       3D7C148DEA2102D3BC1CEC57F6F5576BB0FC803D
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS134666.roa
Signing time:             Tue 05 Nov 2024 03:40:05 +0000
ROA not before:           Tue 05 Nov 2024 03:35:05 +0000
ROA not after:            Tue 04 Nov 2025 03:40:05 +0000
asID:                     134666
IP address blocks:        2a06:a005:a70::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:7c:14:8d:ea:21:02:d3:bc:1c:ec:57:f6:f5:57:6b:b0:fc:80:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:05 2024 GMT
            Not After : Nov  4 03:40:05 2025 GMT
        Subject: CN=F4DE673340D4321CA4A457906BA7F74822981C7F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:07:90:c5:22:62:53:c4:6c:d6:7e:a0:0e:e6:
                    a5:6b:f4:62:a9:9b:cf:04:b8:00:f6:95:ff:35:80:
                    72:8b:e1:db:50:1d:85:ab:f5:20:bf:03:4e:4d:d4:
                    e8:8c:51:bf:21:56:52:fa:d8:a3:85:dc:00:17:2a:
                    5c:c7:c4:cc:20:32:ae:38:e7:dc:09:b1:72:95:31:
                    4c:13:f6:15:99:54:5d:19:fa:8a:fd:4b:95:d3:f2:
                    11:7f:fb:6a:ea:fc:84:d7:b1:e0:1b:19:82:a4:e3:
                    66:6c:20:41:5c:de:51:26:ce:93:6d:79:53:c0:bf:
                    6f:a3:41:d0:42:d2:ba:e2:17:13:99:1e:41:71:cb:
                    7c:8a:5e:f8:36:89:cf:b2:31:5b:ca:8c:8e:de:2c:
                    0f:d7:ea:d0:36:8a:49:91:ce:04:d2:cf:ac:69:54:
                    31:cb:8f:6f:09:8c:a5:3e:db:2b:00:c8:19:94:99:
                    7b:d9:35:68:21:3a:cb:11:3e:69:a1:77:93:04:34:
                    f2:35:5e:bb:d1:7f:5d:94:86:88:e9:56:10:f4:3e:
                    40:71:31:b3:26:75:38:88:6d:d9:4d:94:67:ba:a0:
                    cc:98:46:ea:de:21:30:00:de:e3:93:eb:5e:6c:1a:
                    c4:7c:29:d6:41:0a:cb:38:70:ea:2e:2a:23:9d:50:
                    73:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:DE:67:33:40:D4:32:1C:A4:A4:57:90:6B:A7:F7:48:22:98:1C:7F
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS134666.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:a70::/44

    Signature Algorithm: sha256WithRSAEncryption
         8b:b8:b8:59:fb:f5:50:dd:01:f7:91:85:95:4d:09:1f:5a:0f:
         41:71:9c:de:55:9d:be:d5:0f:77:86:64:5a:f3:45:34:17:e6:
         54:63:64:f1:bf:91:51:2f:5e:03:af:dd:fa:ae:1c:25:9c:60:
         92:ca:17:b5:f0:0f:7e:84:a2:2f:d2:88:4b:81:f2:c5:06:5b:
         0a:7e:f0:02:3f:21:12:74:bb:9c:d2:51:51:4f:29:0b:47:c3:
         de:c2:2a:64:fb:62:45:5f:02:54:3e:da:c4:26:2b:d9:59:bc:
         12:45:69:91:91:99:95:c2:74:75:15:46:8a:14:cd:0c:d5:a8:
         44:6e:27:0c:e1:8d:1a:23:96:c1:a5:f7:9c:2b:74:54:ad:3e:
         f5:f0:3b:4c:cf:2e:15:d6:88:17:8c:00:30:69:3e:0f:e8:8e:
         dc:ef:8a:47:7a:bc:33:ba:8e:c2:c8:24:23:43:77:d9:7c:35:
         8c:0e:23:d6:a7:14:3a:e0:9e:33:41:77:6b:3e:e7:68:d9:aa:
         6b:6f:be:d9:3d:73:45:dc:8d:b0:ea:37:a2:0a:06:0b:0e:82:
         15:68:00:7a:86:d2:7b:9d:cc:e0:83:24:dd:54:c1:6d:11:d9:
         b4:b7:d2:33:68:7a:de:ff:9b:8f:02:2d:92:b7:83:88:f6:a6:
         95:0c:ac:72
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUPXwUjeohAtO8HOxX9vVXa7D8gD0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDVaFw0yNTExMDQwMzQwMDVaMDMxMTAvBgNV
BAMTKEY0REU2NzMzNDBENDMyMUNBNEE0NTc5MDZCQTdGNzQ4MjI5ODFDN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAB5DFImJTxGzWfqAO5qVr9GKp
m88EuAD2lf81gHKL4dtQHYWr9SC/A05N1OiMUb8hVlL62KOF3AAXKlzHxMwgMq44
59wJsXKVMUwT9hWZVF0Z+or9S5XT8hF/+2rq/ITXseAbGYKk42ZsIEFc3lEmzpNt
eVPAv2+jQdBC0rriFxOZHkFxy3yKXvg2ic+yMVvKjI7eLA/X6tA2ikmRzgTSz6xp
VDHLj28JjKU+2ysAyBmUmXvZNWghOssRPmmhd5MENPI1XrvRf12UhojpVhD0PkBx
MbMmdTiIbdlNlGe6oMyYRureITAA3uOT615sGsR8KdZBCss4cOouKiOdUHMNAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU9N5nM0DUMhykpFeQa6f3SCKYHH8wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTM0NjY2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQpwMA0GCSqGSIb3DQEBCwUAA4IBAQCLuLhZ
+/VQ3QH3kYWVTQkfWg9BcZzeVZ2+1Q93hmRa80U0F+ZUY2Txv5FRL14Dr936rhwl
nGCSyhe18A9+hKIv0ohLgfLFBlsKfvACPyESdLuc0lFRTykLR8Pewipk+2JFXwJU
PtrEJivZWbwSRWmRkZmVwnR1FUaKFM0M1ahEbicM4Y0aI5bBpfecK3RUrT718DtM
zy4V1ogXjAAwaT4P6I7c74pHerwzuo7CyCQjQ3fZfDWMDiPWpxQ64J4zQXdrPudo
2aprb77ZPXNF3I2w6jeiCgYLDoIVaAB6htJ7nczggyTdVMFtEdm0t9IzaHre/5uP
Ai2St4OI9qaVDKxy
-----END CERTIFICATE-----