Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS150298.roa
File:                     AS150298.roa (raw, json)
Hash identifier:          X/Uw12+5DWqHrhaIUER7L4cN/Rzlh5JkE7Ubpcr+TnA=
Subject key identifier:   2F:E5:7F:CF:E6:B9:A2:21:3D:89:C0:90:55:B8:96:B7:3E:83:63:8D
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       256D0C107310D2AD88B7C3E6EEDAD0563DB1AC01
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS150298.roa
Signing time:             Tue 05 Nov 2024 03:40:08 +0000
ROA not before:           Tue 05 Nov 2024 03:35:08 +0000
ROA not after:            Tue 04 Nov 2025 03:40:08 +0000
asID:                     150298
IP address blocks:        2a06:a005:1278::/48 maxlen: 48
                          2a06:a005:1c50::/44 maxlen: 48
                          2a06:a005:1c60::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:6d:0c:10:73:10:d2:ad:88:b7:c3:e6:ee:da:d0:56:3d:b1:ac:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:08 2024 GMT
            Not After : Nov  4 03:40:08 2025 GMT
        Subject: CN=2FE57FCFE6B9A2213D89C09055B896B73E83638D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0e:44:a7:95:47:46:8b:7d:17:5a:01:93:26:
                    d8:44:89:05:c4:1a:60:76:40:b2:5a:0c:93:f6:f4:
                    7d:d4:07:da:d3:32:9e:05:c0:8c:ab:9e:5c:0e:22:
                    00:ef:cf:da:48:03:07:50:d8:b6:bc:2d:3f:21:1b:
                    fb:a9:4d:fa:d0:fd:14:c8:09:8e:c8:81:d5:03:5f:
                    4d:ff:d2:cf:95:57:c9:82:e3:d8:22:77:67:d3:0a:
                    88:5d:a2:0e:ca:73:dc:3a:3b:9e:8f:90:87:16:72:
                    ec:24:2a:e7:3c:3a:75:e3:c3:59:cc:5c:28:c4:a8:
                    a8:39:81:c5:94:c5:c8:79:f4:64:38:63:dc:13:2e:
                    81:b8:be:0b:41:40:43:63:9e:88:ec:8a:25:09:7c:
                    18:61:74:ca:dc:82:41:ac:0e:46:c0:11:cf:97:a6:
                    83:26:a2:c4:12:35:10:22:64:b0:bb:33:ef:99:25:
                    2a:f7:d6:a3:76:63:4c:dd:bd:7c:37:da:e3:b0:86:
                    3e:cb:b7:92:a5:3c:5e:f8:38:22:2c:1e:ec:0e:45:
                    4e:79:79:cb:d3:64:3d:1e:bf:34:a3:a8:33:55:9a:
                    f9:ba:46:30:23:dc:90:a7:28:52:dc:8e:4c:38:7c:
                    ca:0d:5c:03:1d:9f:e6:5b:2d:f9:11:7b:f2:6a:9a:
                    71:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:E5:7F:CF:E6:B9:A2:21:3D:89:C0:90:55:B8:96:B7:3E:83:63:8D
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS150298.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1278::/48
                  2a06:a005:1c50::-2a06:a005:1c6f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         2b:1b:7c:d5:86:de:ad:47:d2:fd:26:ed:8d:18:86:56:6d:7f:
         6f:6c:f2:f6:11:96:6c:06:3d:e5:b6:d2:cc:75:2d:ba:48:30:
         d6:82:59:ce:90:f2:8f:33:09:e1:4c:a3:4b:24:5c:d5:f8:28:
         c0:6e:c9:af:5f:df:c7:96:92:92:94:fa:84:7d:4b:19:24:9f:
         29:05:4f:10:a1:6e:d7:73:df:b6:fd:c3:a9:9e:c4:0a:af:c6:
         61:77:88:03:b1:d4:52:85:cf:08:23:ad:33:04:cf:4c:be:a6:
         1e:f4:eb:9e:ed:2f:d1:b7:5d:c4:86:b3:89:d7:4b:37:de:3f:
         41:e3:7b:eb:bc:bb:fa:f4:11:73:8f:c7:e0:03:6d:c1:d5:be:
         e1:f2:4d:13:7c:a9:93:e6:2c:a4:e3:7a:bc:d8:e9:45:66:38:
         cb:79:35:9d:b4:34:c7:2d:78:ce:5f:cf:7b:b5:24:aa:b8:1c:
         21:6a:ce:56:5a:1f:6e:7f:95:41:ee:34:4c:c7:89:d2:c7:38:
         05:de:00:9a:73:8e:17:ba:83:79:91:55:91:6b:c5:be:6f:bc:
         c5:47:e1:0f:85:4e:2d:95:43:cf:84:95:35:50:87:a2:8c:64:
         69:5c:50:dc:57:e7:97:80:eb:ae:15:ba:e9:e9:6c:aa:f5:90:
         1a:96:ea:ea
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgIUJW0MEHMQ0q2It8Pm7trQVj2xrAEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDhaFw0yNTExMDQwMzQwMDhaMDMxMTAvBgNV
BAMTKDJGRTU3RkNGRTZCOUEyMjEzRDg5QzA5MDU1Qjg5NkI3M0U4MzYzOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0DkSnlUdGi30XWgGTJthEiQXE
GmB2QLJaDJP29H3UB9rTMp4FwIyrnlwOIgDvz9pIAwdQ2La8LT8hG/upTfrQ/RTI
CY7IgdUDX03/0s+VV8mC49gid2fTCohdog7Kc9w6O56PkIcWcuwkKuc8OnXjw1nM
XCjEqKg5gcWUxch59GQ4Y9wTLoG4vgtBQENjnojsiiUJfBhhdMrcgkGsDkbAEc+X
poMmosQSNRAiZLC7M++ZJSr31qN2Y0zdvXw32uOwhj7Lt5KlPF74OCIsHuwORU55
ecvTZD0evzSjqDNVmvm6RjAj3JCnKFLcjkw4fMoNXAMdn+ZbLfkRe/JqmnGHAgMB
AAGjggIGMIICAjAdBgNVHQ4EFgQUL+V/z+a5oiE9icCQVbiWtz6DY40wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTUwMjk4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEH
AQH/BCcwJTAjBAIAAjAdAwcAKgagBRJ4MBIDBwQqBqAFHFADBwQqBqAFHGAwDQYJ
KoZIhvcNAQELBQADggEBACsbfNWG3q1H0v0m7Y0YhlZtf29s8vYRlmwGPeW20sx1
LbpIMNaCWc6Q8o8zCeFMo0skXNX4KMBuya9f38eWkpKU+oR9SxkknykFTxChbtdz
37b9w6mexAqvxmF3iAOx1FKFzwgjrTMEz0y+ph70657tL9G3XcSGs4nXSzfeP0Hj
e+u8u/r0EXOPx+ADbcHVvuHyTRN8qZPmLKTjerzY6UVmOMt5NZ20NMcteM5fz3u1
JKq4HCFqzlZaH25/lUHuNEzHidLHOAXeAJpzjhe6g3mRVZFrxb5vvMVH4Q+FTi2V
Q8+ElTVQh6KMZGlcUNxX55eA664VuunpbKr1kBqW6uo=
-----END CERTIFICATE-----