Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS150323.roa
File:                     AS150323.roa (raw, json)
Hash identifier:          NDhwN46bKQbdnEpKe7iCKYnM7HrsqVPi6Oec2V4BDeU=
Subject key identifier:   F9:C8:CB:AF:CA:C8:2D:6E:B2:F4:2F:DB:3A:08:91:A3:DE:8A:3D:EE
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       310C2A554E890406AE250F848967C7CF397896EF
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS150323.roa
Signing time:             Thu 29 Feb 2024 08:44:24 +0000
ROA not before:           Thu 29 Feb 2024 08:39:24 +0000
ROA not after:            Thu 27 Feb 2025 08:44:24 +0000
asID:                     150323
IP address blocks:        2a06:a005:1ee0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:0c:2a:55:4e:89:04:06:ae:25:0f:84:89:67:c7:cf:39:78:96:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Feb 29 08:39:24 2024 GMT
            Not After : Feb 27 08:44:24 2025 GMT
        Subject: CN=F9C8CBAFCAC82D6EB2F42FDB3A0891A3DE8A3DEE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:18:ad:43:5a:a9:79:e9:74:fc:20:e2:f6:20:
                    9e:eb:cb:93:73:9f:ed:c9:c2:2c:ef:f3:cf:7d:45:
                    d4:c2:4d:d7:aa:c2:3c:81:39:f0:c5:b2:19:9d:3c:
                    3a:51:cc:2b:a7:5d:0d:ad:61:bb:ae:ba:fa:a8:c8:
                    f9:2a:eb:a3:a7:dc:05:8a:9e:ec:52:dd:ec:35:79:
                    b0:fa:e7:c9:cc:18:66:5a:8c:bd:82:e5:82:a9:4c:
                    1a:ba:34:58:e5:72:71:ce:ed:f3:65:d9:56:4c:fb:
                    37:53:4b:79:d4:89:36:0a:3a:d0:7b:20:79:ee:66:
                    ac:4c:e5:7f:95:af:07:eb:ac:05:83:6a:37:2d:9e:
                    e5:02:f2:44:ba:75:b6:a3:f5:b2:2c:14:5e:37:0c:
                    e5:77:e2:e4:99:7c:ed:ef:12:b1:9f:56:ca:30:15:
                    c4:fa:a0:c8:c7:f3:66:16:d5:af:10:e1:69:f2:42:
                    60:94:e2:03:c6:7c:ed:ba:9e:44:56:db:03:04:61:
                    51:67:27:c3:2a:34:94:b4:5b:62:fa:56:db:e0:aa:
                    21:25:b0:f1:ee:f9:c7:ab:09:d1:4d:ed:79:d1:78:
                    4c:e3:ca:4e:3d:63:70:a2:7e:9b:20:e7:be:a0:9e:
                    0d:59:31:ea:7e:90:ca:c0:a8:d0:1b:82:d2:91:7e:
                    74:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:C8:CB:AF:CA:C8:2D:6E:B2:F4:2F:DB:3A:08:91:A3:DE:8A:3D:EE
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS150323.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1ee0::/44

    Signature Algorithm: sha256WithRSAEncryption
         72:f8:a8:1c:d2:da:c1:96:d9:ef:91:1c:55:bb:f9:a8:a7:a9:
         d3:b3:63:bc:f0:2e:38:de:7b:72:be:4b:45:81:58:77:7f:58:
         f9:c5:be:0c:e3:35:57:70:53:5d:df:bb:ed:61:07:c3:cf:1f:
         00:15:ac:d1:39:74:c0:b8:f5:84:cd:79:08:6a:00:d4:11:cd:
         96:11:e3:cc:79:42:5b:fb:0c:64:70:b5:84:c6:32:de:4b:68:
         40:83:d0:fb:76:c7:70:91:9a:7d:dc:58:4a:0c:1d:75:7c:59:
         5c:a3:3f:e3:7e:bd:e5:15:6f:d9:34:bb:b7:b3:c8:61:f2:81:
         89:53:0b:40:f2:70:94:ab:96:f8:fb:5a:ec:9e:dc:07:78:4f:
         d9:65:d9:af:bc:c6:d7:22:c7:c5:0c:18:aa:e0:d6:f1:93:ce:
         81:dc:56:a2:2b:26:63:c0:7e:b0:9d:23:a1:56:f4:4b:81:c4:
         e0:88:6e:86:0d:eb:93:b7:5c:2b:27:0f:41:38:cb:b9:82:a6:
         15:93:ce:fb:d6:f4:51:8b:b8:bd:db:72:8e:46:1c:ab:19:33:
         8d:c6:15:f7:8b:bd:fc:69:4a:06:1b:99:4b:2d:31:27:ae:90:
         51:03:62:d1:82:64:ba:57:75:e7:78:40:20:4a:62:48:03:45:
         0a:ab:ae:ad
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUMQwqVU6JBAauJQ+EiWfHzzl4lu8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAyMjkwODM5MjRaFw0yNTAyMjcwODQ0MjRaMDMxMTAvBgNV
BAMTKEY5QzhDQkFGQ0FDODJENkVCMkY0MkZEQjNBMDg5MUEzREU4QTNERUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvGK1DWql56XT8IOL2IJ7ry5Nz
n+3Jwizv8899RdTCTdeqwjyBOfDFshmdPDpRzCunXQ2tYbuuuvqoyPkq66On3AWK
nuxS3ew1ebD658nMGGZajL2C5YKpTBq6NFjlcnHO7fNl2VZM+zdTS3nUiTYKOtB7
IHnuZqxM5X+VrwfrrAWDajctnuUC8kS6dbaj9bIsFF43DOV34uSZfO3vErGfVsow
FcT6oMjH82YW1a8Q4WnyQmCU4gPGfO26nkRW2wMEYVFnJ8MqNJS0W2L6VtvgqiEl
sPHu+cerCdFN7XnReEzjyk49Y3Cifpsg576gng1ZMep+kMrAqNAbgtKRfnTjAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU+cjLr8rILW6y9C/bOgiRo96KPe4wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTUwMzIzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBR7gMA0GCSqGSIb3DQEBCwUAA4IBAQBy+Kgc
0trBltnvkRxVu/mop6nTs2O88C443ntyvktFgVh3f1j5xb4M4zVXcFNd37vtYQfD
zx8AFazROXTAuPWEzXkIagDUEc2WEePMeUJb+wxkcLWExjLeS2hAg9D7dsdwkZp9
3FhKDB11fFlcoz/jfr3lFW/ZNLu3s8hh8oGJUwtA8nCUq5b4+1rsntwHeE/ZZdmv
vMbXIsfFDBiq4Nbxk86B3FaiKyZjwH6wnSOhVvRLgcTgiG6GDeuTt1wrJw9BOMu5
gqYVk8771vRRi7i923KORhyrGTONxhX3i738aUoGG5lLLTEnrpBRA2LRgmS6V3Xn
eEAgSmJIA0UKq66t
-----END CERTIFICATE-----