Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS138517.roa
File:                     AS138517.roa (raw, json)
Hash identifier:          OG76ipTl9NwI5YQvYuy3/uKP10aHIhG5nRD4GdtKK8I=
Subject key identifier:   F3:8D:16:DA:8D:91:4B:AF:3D:9D:6F:A2:A4:A1:4A:7B:2A:23:31:5A
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       470FC07FEC756033E7BB42FE34C657FA855CB873
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS138517.roa
Signing time:             Tue 05 Dec 2023 02:44:17 +0000
ROA not before:           Tue 05 Dec 2023 02:39:17 +0000
ROA not after:            Tue 03 Dec 2024 02:44:17 +0000
asID:                     138517
IP address blocks:        2a06:a005:2b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:0f:c0:7f:ec:75:60:33:e7:bb:42:fe:34:c6:57:fa:85:5c:b8:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:17 2023 GMT
            Not After : Dec  3 02:44:17 2024 GMT
        Subject: CN=F38D16DA8D914BAF3D9D6FA2A4A14A7B2A23315A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:00:77:33:bb:c7:fe:d4:24:93:13:4d:e5:17:
                    14:56:cd:e7:3b:56:56:30:b6:42:35:c4:ef:19:06:
                    b8:e7:6e:d9:ea:df:f3:ca:1e:80:3f:00:1a:5c:a7:
                    96:b2:b6:f6:b3:9a:2c:12:fc:d9:e2:71:c1:7e:bc:
                    43:a3:7b:3e:7a:6a:a5:61:59:2b:45:90:e6:5b:cf:
                    08:fa:60:58:f3:9e:8d:79:60:39:10:bc:d3:56:32:
                    77:c4:ec:93:82:8a:b0:e2:0a:00:b1:28:52:84:5e:
                    ff:9b:ad:83:1d:da:21:fa:fd:61:41:f5:1d:39:d8:
                    ef:66:6c:34:d7:f8:19:5b:74:46:60:7c:81:78:33:
                    b5:a9:2d:ee:d5:28:e3:0a:3a:40:fa:17:67:91:63:
                    95:96:c9:39:2b:c4:b7:9d:a3:1e:73:b7:97:dc:86:
                    b9:28:f3:f6:99:d6:04:25:7c:76:7b:dd:06:ad:37:
                    20:6e:96:69:77:45:c4:a6:e0:8a:06:17:60:a9:37:
                    ed:7a:ce:f9:6b:98:cc:8d:95:b8:c5:e3:9d:f1:fb:
                    20:6f:7b:19:d1:29:f3:e8:6f:05:ab:8f:32:0d:2b:
                    61:18:c8:0f:19:4c:ec:76:94:5e:b5:76:b3:06:bb:
                    fa:e7:a7:e0:3e:1f:63:c7:d8:9f:72:37:aa:fb:eb:
                    7f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:8D:16:DA:8D:91:4B:AF:3D:9D:6F:A2:A4:A1:4A:7B:2A:23:31:5A
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS138517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         92:00:ce:d9:56:d6:1b:66:25:97:5b:b0:00:a4:1f:e2:23:dc:
         e5:b7:3f:1e:25:22:8f:52:e3:8a:38:6a:6a:1d:57:58:84:30:
         b7:fd:29:3e:e8:34:e8:9e:e0:be:63:79:2e:d9:1e:0d:c3:f3:
         1f:cc:c1:be:cc:fc:4c:44:fa:65:6a:8b:e5:f5:77:40:55:88:
         27:1c:62:10:8d:16:28:fc:49:31:8d:61:b0:ff:c6:5f:23:fb:
         61:c0:f9:3a:a6:9a:79:fe:a3:cb:5a:29:38:6d:0e:ca:8d:4c:
         ce:bc:10:8e:d2:27:61:4f:99:84:21:5d:e1:e7:f5:3d:10:60:
         d0:d6:bd:58:ad:c2:7c:ed:53:cd:58:d7:e3:04:ff:22:f0:d5:
         cd:bd:de:09:56:1e:9d:0c:c0:47:66:e0:ab:1f:cc:ab:c5:1f:
         a3:ec:2a:a0:0d:77:e7:ef:f8:9a:d3:7d:ed:04:6a:3c:00:d8:
         2e:5b:60:b1:14:df:b3:dc:6b:c6:f3:c1:ce:47:b1:ec:fe:1d:
         aa:c9:c4:9d:6d:fa:ce:a5:6f:25:fe:c7:69:db:76:55:06:e8:
         2f:09:37:16:5b:43:3d:35:38:a8:fb:7e:70:bf:18:fa:eb:28:
         f1:fe:e8:5e:38:7c:4c:bc:1b:11:6f:8f:c8:26:4c:c6:0e:a0:
         f5:58:7a:68
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIURw/Af+x1YDPnu0L+NMZX+oVcuHMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTdaFw0yNDEyMDMwMjQ0MTdaMDMxMTAvBgNV
BAMTKEYzOEQxNkRBOEQ5MTRCQUYzRDlENkZBMkE0QTE0QTdCMkEyMzMxNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1AHczu8f+1CSTE03lFxRWzec7
VlYwtkI1xO8ZBrjnbtnq3/PKHoA/ABpcp5aytvazmiwS/NniccF+vEOjez56aqVh
WStFkOZbzwj6YFjzno15YDkQvNNWMnfE7JOCirDiCgCxKFKEXv+brYMd2iH6/WFB
9R052O9mbDTX+BlbdEZgfIF4M7WpLe7VKOMKOkD6F2eRY5WWyTkrxLedox5zt5fc
hrko8/aZ1gQlfHZ73QatNyBulml3RcSm4IoGF2CpN+16zvlrmMyNlbjF453x+yBv
exnRKfPobwWrjzINK2EYyA8ZTOx2lF61drMGu/rnp+A+H2PH2J9yN6r763/NAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU840W2o2RS689nW+ipKFKeyojMVowHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTM4NTE3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQKwMA0GCSqGSIb3DQEBCwUAA4IBAQCSAM7Z
VtYbZiWXW7AApB/iI9zltz8eJSKPUuOKOGpqHVdYhDC3/Sk+6DTonuC+Y3ku2R4N
w/MfzMG+zPxMRPplaovl9XdAVYgnHGIQjRYo/EkxjWGw/8ZfI/thwPk6ppp5/qPL
Wik4bQ7KjUzOvBCO0idhT5mEIV3h5/U9EGDQ1r1YrcJ87VPNWNfjBP8i8NXNvd4J
Vh6dDMBHZuCrH8yrxR+j7CqgDXfn7/ia033tBGo8ANguW2CxFN+z3GvG88HOR7Hs
/h2qycSdbfrOpW8l/sdp23ZVBugvCTcWW0M9NTio+35wvxj66yjx/uheOHxMvBsR
b4/IJkzGDqD1WHpo
-----END CERTIFICATE-----