Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS141694.roa
File:                     AS141694.roa (raw, json)
Hash identifier:          I9tv9aqaKjfPEa3Oq/S5oM6++N5r/9rtJgEqSLK1xtU=
Subject key identifier:   38:E4:62:2B:53:BE:79:63:04:96:13:91:12:6E:14:C5:EE:5E:E8:7A
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       2B4B8CF7C84A7AC7DE6C0234C8765161C19BACD9
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS141694.roa
Signing time:             Tue 05 Nov 2024 03:40:00 +0000
ROA not before:           Tue 05 Nov 2024 03:35:00 +0000
ROA not after:            Tue 04 Nov 2025 03:40:00 +0000
asID:                     141694
IP address blocks:        2a06:a005:f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:4b:8c:f7:c8:4a:7a:c7:de:6c:02:34:c8:76:51:61:c1:9b:ac:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:00 2024 GMT
            Not After : Nov  4 03:40:00 2025 GMT
        Subject: CN=38E4622B53BE796304961391126E14C5EE5EE87A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:28:cd:cb:da:18:24:95:64:ee:12:5c:26:fc:
                    39:15:c0:b5:c3:14:c2:00:83:a1:61:48:40:43:62:
                    7f:01:78:e5:e8:2d:82:b5:3a:7a:e9:5e:7e:84:26:
                    c3:3f:61:69:37:a8:b2:0a:9e:e3:17:f7:95:6c:15:
                    1e:be:5d:76:33:9b:0c:d8:32:74:8b:4b:d0:76:b2:
                    ae:8e:88:8a:23:98:cb:93:59:c7:da:9d:c4:f4:59:
                    38:d5:2a:ee:30:90:f6:b0:1a:ab:55:c6:87:ea:1b:
                    f2:55:d0:32:a8:ce:07:4b:c8:be:e1:ab:30:26:2d:
                    89:1f:00:5a:06:dd:54:d6:e7:68:e8:38:43:52:c2:
                    7d:d7:a6:53:9f:d5:22:c7:4b:ae:ad:49:fb:dc:d5:
                    10:fa:02:2d:3a:84:09:d2:62:72:fc:34:6b:8e:48:
                    8f:c3:db:69:02:2d:72:35:e6:03:47:1d:d9:38:6a:
                    aa:22:2c:3a:dd:53:9c:e2:eb:5d:76:6f:db:7c:33:
                    a6:98:12:be:54:82:04:72:e2:f9:82:50:e6:a4:c1:
                    ef:3f:41:98:e8:f2:6f:c9:8e:72:82:f7:e5:7f:d7:
                    fe:52:8e:76:0b:74:4f:eb:e2:05:83:ac:11:5c:1f:
                    8d:5d:08:a0:fc:fd:af:50:09:97:e3:a2:c7:32:54:
                    31:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:E4:62:2B:53:BE:79:63:04:96:13:91:12:6E:14:C5:EE:5E:E8:7A
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS141694.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         b1:bf:4e:3a:32:bf:6c:cc:40:bf:e6:dd:28:3f:47:2e:cd:a9:
         65:3d:c9:23:30:a0:f2:f5:99:f4:fe:5e:17:dd:66:38:74:04:
         e6:63:98:70:5a:ed:61:73:7a:3d:3f:10:da:6e:d5:f2:6f:25:
         73:e0:50:65:d2:13:98:95:e3:6e:ba:36:19:30:40:82:db:aa:
         8b:7b:98:b6:1b:2f:31:f0:3a:a4:3a:a8:32:df:70:c6:77:8b:
         49:a3:08:f8:fb:a2:73:2d:b0:59:de:8f:1b:96:81:84:91:b0:
         50:cf:57:fe:9c:bc:dc:51:3d:fc:58:ce:f4:e6:d1:ad:7d:70:
         5b:f2:1a:a1:61:c0:49:03:c3:79:5b:4c:2c:17:a3:52:3c:3c:
         29:f7:62:42:fa:a1:db:ea:52:aa:af:93:61:58:a2:73:c0:4b:
         5b:ce:26:a5:bb:27:1c:25:09:a3:68:f4:2d:00:2a:df:1b:89:
         37:17:f8:18:5a:ec:90:76:2f:a4:29:a3:6d:28:64:bc:32:b3:
         cc:29:d4:1e:e9:d2:c8:1b:77:a3:a1:6e:81:15:15:1b:bd:c4:
         33:48:c0:ed:31:1d:e9:d2:a7:26:c6:ed:87:ba:2d:e3:66:b8:
         b4:43:99:53:75:03:6a:d7:97:9a:ba:e4:f2:b1:68:6b:86:78:
         9b:25:9d:27
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUK0uM98hKesfebAI0yHZRYcGbrNkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDBaFw0yNTExMDQwMzQwMDBaMDMxMTAvBgNV
BAMTKDM4RTQ2MjJCNTNCRTc5NjMwNDk2MTM5MTEyNkUxNEM1RUU1RUU4N0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMKM3L2hgklWTuElwm/DkVwLXD
FMIAg6FhSEBDYn8BeOXoLYK1OnrpXn6EJsM/YWk3qLIKnuMX95VsFR6+XXYzmwzY
MnSLS9B2sq6OiIojmMuTWcfancT0WTjVKu4wkPawGqtVxofqG/JV0DKozgdLyL7h
qzAmLYkfAFoG3VTW52joOENSwn3XplOf1SLHS66tSfvc1RD6Ai06hAnSYnL8NGuO
SI/D22kCLXI15gNHHdk4aqoiLDrdU5zi6112b9t8M6aYEr5UggRy4vmCUOakwe8/
QZjo8m/JjnKC9+V/1/5SjnYLdE/r4gWDrBFcH41dCKD8/a9QCZfjoscyVDE1AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUOORiK1O+eWMElhOREm4Uxe5e6HowHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTQxNjk0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQDwMA0GCSqGSIb3DQEBCwUAA4IBAQCxv046
Mr9szEC/5t0oP0cuzallPckjMKDy9Zn0/l4X3WY4dATmY5hwWu1hc3o9PxDabtXy
byVz4FBl0hOYleNuujYZMECC26qLe5i2Gy8x8DqkOqgy33DGd4tJowj4+6JzLbBZ
3o8bloGEkbBQz1f+nLzcUT38WM705tGtfXBb8hqhYcBJA8N5W0wsF6NSPDwp92JC
+qHb6lKqr5NhWKJzwEtbzialuyccJQmjaPQtACrfG4k3F/gYWuyQdi+kKaNtKGS8
MrPMKdQe6dLIG3ejoW6BFRUbvcQzSMDtMR3p0qcmxu2Hui3jZri0Q5lTdQNq15ea
uuTysWhrhnibJZ0n
-----END CERTIFICATE-----