Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS148971.roa
File:                     AS148971.roa (raw, json)
Hash identifier:          zXW2r68RQ56dKJvKXGyeTIL6JDdnqDJpELDsbxJKZf0=
Subject key identifier:   D3:6E:4F:06:68:22:C4:15:28:32:B1:68:15:3C:F3:FE:CB:6F:BD:5F
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       70E90EED33397282AA6FC22F1E27B923D7CB5C18
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS148971.roa
Signing time:             Tue 05 Dec 2023 02:44:18 +0000
ROA not before:           Tue 05 Dec 2023 02:39:18 +0000
ROA not after:            Tue 03 Dec 2024 02:44:18 +0000
asID:                     148971
IP address blocks:        2a06:a005:25a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:e9:0e:ed:33:39:72:82:aa:6f:c2:2f:1e:27:b9:23:d7:cb:5c:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:18 2023 GMT
            Not After : Dec  3 02:44:18 2024 GMT
        Subject: CN=D36E4F066822C4152832B168153CF3FECB6FBD5F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:68:65:7e:b2:a9:c3:44:d6:8c:e8:e4:41:b7:
                    fe:39:db:72:a0:c3:39:bb:a3:f6:a2:dc:3a:30:65:
                    d1:50:8d:0f:db:12:fd:8a:b7:5a:51:3d:0c:fd:34:
                    00:a9:bc:24:3b:ec:c6:c6:a7:8c:87:94:b9:6b:8e:
                    59:cd:02:0d:2b:fc:8d:82:07:e9:fc:a8:94:3d:fd:
                    05:d7:c8:b7:a8:b1:b8:ed:0d:f2:59:f6:c1:5c:f6:
                    69:44:54:5d:68:74:a3:0f:e7:81:2f:50:54:f0:53:
                    42:ca:9a:48:7c:58:6b:d2:9a:cc:ac:e6:b4:60:4f:
                    49:00:bd:5f:b7:b9:ce:cc:3c:ca:a3:76:91:b5:26:
                    05:1c:70:8a:3a:be:e3:9d:05:6f:02:f0:91:73:77:
                    b9:22:62:73:88:e8:fb:1e:e1:86:71:9d:34:8c:22:
                    c0:84:25:b5:45:d1:63:cd:42:ff:42:4e:5e:b3:76:
                    ec:65:0f:ba:32:e5:c9:5b:02:86:3c:c8:a6:d0:96:
                    eb:57:44:1e:4f:11:38:28:8a:ee:4a:59:72:37:d4:
                    61:30:b2:cb:5b:e2:21:15:2f:d1:6e:a2:6e:cf:3b:
                    cb:81:90:62:08:b6:fa:60:a2:0e:c2:77:ab:61:48:
                    c2:e3:f6:ac:b6:56:bd:eb:37:fb:fb:1b:c8:3a:c1:
                    44:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:6E:4F:06:68:22:C4:15:28:32:B1:68:15:3C:F3:FE:CB:6F:BD:5F
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS148971.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:25a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         8f:34:ca:51:8f:1b:79:a8:1b:76:67:31:48:2c:6a:f3:ce:a5:
         61:fc:6c:bd:1b:44:68:65:b9:20:bd:fc:e7:30:b6:70:48:d7:
         56:81:8a:b0:98:fe:8c:40:7a:ee:c0:1f:03:52:ef:69:cc:7a:
         dd:ea:ea:0e:72:a8:07:e2:d3:84:c1:29:57:64:41:aa:15:7b:
         2a:17:75:73:2c:dc:ac:67:af:d4:1d:da:2a:6e:9e:f1:47:ca:
         92:21:5a:a8:ed:75:02:12:20:a2:22:ba:13:be:c1:4e:b7:ab:
         d0:66:b2:f1:d0:b6:90:25:58:71:83:74:d9:6b:5f:04:9c:aa:
         45:46:b0:89:a9:cf:49:b2:e1:35:fa:b4:69:b8:a6:50:cb:16:
         66:bb:b2:11:1d:c3:1f:9b:b3:1d:1e:08:a6:f3:ba:58:5f:ea:
         76:a4:d2:04:76:da:d5:f6:7a:cd:a5:55:8c:3b:b0:f0:70:66:
         f9:8f:b8:75:14:fb:d1:5b:a9:08:ae:28:c3:fc:9a:db:8e:b6:
         5b:17:23:43:0b:b1:98:33:8e:2b:e3:c1:6c:95:69:fe:75:6e:
         73:63:cf:88:91:76:d8:11:dd:98:2b:89:b6:7a:f5:82:97:74:
         8c:de:0c:1f:5f:5f:8e:fc:6f:1d:32:e6:91:55:c9:c1:20:4c:
         c2:89:4a:2d
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUcOkO7TM5coKqb8IvHie5I9fLXBgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MThaFw0yNDEyMDMwMjQ0MThaMDMxMTAvBgNV
BAMTKEQzNkU0RjA2NjgyMkM0MTUyODMyQjE2ODE1M0NGM0ZFQ0I2RkJENUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjaGV+sqnDRNaM6ORBt/4523Kg
wzm7o/ai3DowZdFQjQ/bEv2Kt1pRPQz9NACpvCQ77MbGp4yHlLlrjlnNAg0r/I2C
B+n8qJQ9/QXXyLeosbjtDfJZ9sFc9mlEVF1odKMP54EvUFTwU0LKmkh8WGvSmsys
5rRgT0kAvV+3uc7MPMqjdpG1JgUccIo6vuOdBW8C8JFzd7kiYnOI6Pse4YZxnTSM
IsCEJbVF0WPNQv9CTl6zduxlD7oy5clbAoY8yKbQlutXRB5PETgoiu5KWXI31GEw
sstb4iEVL9Fuom7PO8uBkGIItvpgog7Cd6thSMLj9qy2Vr3rN/v7G8g6wUT1AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU025PBmgixBUoMrFoFTzz/stvvV8wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTQ4OTcxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSWgMA0GCSqGSIb3DQEBCwUAA4IBAQCPNMpR
jxt5qBt2ZzFILGrzzqVh/Gy9G0RoZbkgvfznMLZwSNdWgYqwmP6MQHruwB8DUu9p
zHrd6uoOcqgH4tOEwSlXZEGqFXsqF3VzLNysZ6/UHdoqbp7xR8qSIVqo7XUCEiCi
IroTvsFOt6vQZrLx0LaQJVhxg3TZa18EnKpFRrCJqc9JsuE1+rRpuKZQyxZmu7IR
HcMfm7MdHgim87pYX+p2pNIEdtrV9nrNpVWMO7DwcGb5j7h1FPvRW6kIrijD/Jrb
jrZbFyNDC7GYM44r48FslWn+dW5zY8+IkXbYEd2YK4m2evWCl3SM3gwfX1+O/G8d
MuaRVcnBIEzCiUot
-----END CERTIFICATE-----