Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS147018.roa
File:                     AS147018.roa (raw, json)
Hash identifier:          pODcYlzwSl/ruuRZysNZeYST/q6TqQ72vz/B9OitCrY=
Subject key identifier:   3E:DC:5D:6E:EA:D6:F3:8E:74:83:EF:C9:FB:23:CC:F6:30:CD:4A:C3
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       253EF238DF3A795940F64E7919D3154EE1D33DAA
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS147018.roa
Signing time:             Tue 05 Nov 2024 03:40:10 +0000
ROA not before:           Tue 05 Nov 2024 03:35:10 +0000
ROA not after:            Tue 04 Nov 2025 03:40:10 +0000
asID:                     147018
IP address blocks:        2a06:a005:a06::/48 maxlen: 48
                          2a06:a005:fc0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:3e:f2:38:df:3a:79:59:40:f6:4e:79:19:d3:15:4e:e1:d3:3d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:10 2024 GMT
            Not After : Nov  4 03:40:10 2025 GMT
        Subject: CN=3EDC5D6EEAD6F38E7483EFC9FB23CCF630CD4AC3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:0d:87:8d:9c:6a:16:bc:31:3f:12:9c:69:c8:
                    a8:53:68:1c:98:95:51:52:0a:94:ea:bf:87:7d:a8:
                    85:85:77:96:db:10:1c:8a:4a:42:68:20:39:1a:f6:
                    a0:d4:78:05:12:bd:90:11:59:74:8d:5f:0a:37:9d:
                    bb:e5:f5:e9:54:a7:f9:bf:7f:a0:3f:a2:05:cd:92:
                    24:80:e8:4c:a1:2a:0c:85:05:63:b4:14:bb:f2:7f:
                    c0:f4:6e:c6:4c:96:a2:e1:9a:2d:a7:2d:90:db:77:
                    da:5c:0f:0f:c9:0d:df:98:0a:92:5b:18:07:d6:8c:
                    d0:0f:94:b1:da:38:4f:32:a8:50:11:2a:ea:c0:50:
                    b4:80:18:c0:34:2c:1b:41:52:c7:67:55:82:37:0d:
                    68:5b:ea:ca:62:bc:0c:59:30:5a:7d:68:b1:e9:10:
                    7f:87:9a:77:d4:5b:9c:42:44:63:47:b5:ca:e5:6f:
                    5e:3a:ac:34:2d:75:5a:5e:47:fe:f9:f9:d8:44:da:
                    f9:93:b8:a6:b4:aa:e4:a7:85:b9:78:b0:44:78:9a:
                    9d:d6:0d:41:e5:a0:2e:a5:a6:9b:7e:d7:d5:63:ea:
                    c6:c9:43:09:ea:b9:c4:2b:05:92:bb:bf:15:e5:23:
                    c4:ee:5d:00:2a:af:3e:5c:e4:7a:63:aa:d4:99:30:
                    e5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:DC:5D:6E:EA:D6:F3:8E:74:83:EF:C9:FB:23:CC:F6:30:CD:4A:C3
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS147018.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:a06::/48
                  2a06:a005:fc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6e:0a:9f:30:05:2b:22:e4:58:c1:a5:3c:55:1e:df:da:33:63:
         a3:ac:bc:c8:55:4f:9f:9d:d0:00:67:8c:5c:e8:1b:94:76:42:
         8d:49:06:8d:9d:03:55:e8:70:e7:c1:3b:ea:0e:5e:91:86:bc:
         da:fd:b2:e6:ac:04:03:02:de:86:f7:35:1f:59:5c:62:cb:58:
         2e:92:7e:15:41:7c:84:5d:d1:8a:53:b5:e1:d5:58:a7:0f:38:
         5a:77:86:00:e7:6b:0d:7e:68:05:a4:5d:8b:32:e2:72:e8:42:
         fe:5d:e5:90:11:a3:8f:72:87:02:31:b5:cf:1a:ee:fd:ec:c1:
         4d:3a:a8:44:e8:72:bd:b6:86:eb:d5:f5:42:1d:c7:66:5b:0f:
         36:87:94:8d:94:b6:89:0b:23:b9:af:4f:c2:8d:eb:1a:76:2f:
         3e:43:ec:f5:bf:4f:f3:b4:5a:d1:9c:df:fc:d0:9d:a1:52:09:
         50:ce:c5:43:2a:29:e7:59:01:8a:72:ae:68:1d:5b:7f:f7:73:
         46:0a:f9:67:92:35:10:e1:5e:c7:99:48:b3:a6:cc:44:b9:ba:
         9d:1b:f2:e9:48:30:19:2b:4f:76:5c:f4:75:07:60:cc:10:cc:
         5f:2d:42:fc:11:fe:8d:f6:92:64:93:79:c1:34:38:74:64:dd:
         e5:bb:61:b5
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUJT7yON86eVlA9k55GdMVTuHTPaowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MTBaFw0yNTExMDQwMzQwMTBaMDMxMTAvBgNV
BAMTKDNFREM1RDZFRUFENkYzOEU3NDgzRUZDOUZCMjNDQ0Y2MzBDRDRBQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1DYeNnGoWvDE/EpxpyKhTaByY
lVFSCpTqv4d9qIWFd5bbEByKSkJoIDka9qDUeAUSvZARWXSNXwo3nbvl9elUp/m/
f6A/ogXNkiSA6EyhKgyFBWO0FLvyf8D0bsZMlqLhmi2nLZDbd9pcDw/JDd+YCpJb
GAfWjNAPlLHaOE8yqFARKurAULSAGMA0LBtBUsdnVYI3DWhb6spivAxZMFp9aLHp
EH+HmnfUW5xCRGNHtcrlb146rDQtdVpeR/75+dhE2vmTuKa0quSnhbl4sER4mp3W
DUHloC6lppt+19Vj6sbJQwnqucQrBZK7vxXlI8TuXQAqrz5c5HpjqtSZMOVXAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUPtxdburW8450g+/J+yPM9jDNSsMwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTQ3MDE4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQoGAwcEKgagBQ/AMA0GCSqGSIb3DQEBCwUA
A4IBAQBuCp8wBSsi5FjBpTxVHt/aM2OjrLzIVU+fndAAZ4xc6BuUdkKNSQaNnQNV
6HDnwTvqDl6Rhrza/bLmrAQDAt6G9zUfWVxiy1gukn4VQXyEXdGKU7Xh1VinDzha
d4YA52sNfmgFpF2LMuJy6EL+XeWQEaOPcocCMbXPGu797MFNOqhE6HK9tobr1fVC
HcdmWw82h5SNlLaJCyO5r0/Cjesadi8+Q+z1v0/ztFrRnN/80J2hUglQzsVDKinn
WQGKcq5oHVt/93NGCvlnkjUQ4V7HmUizpsxEubqdG/LpSDAZK092XPR1B2DMEMxf
LUL8Ef6N9pJkk3nBNDh0ZN3lu2G1
-----END CERTIFICATE-----