Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS17138.roa
File:                     AS17138.roa (raw, json)
Hash identifier:          dxYI/+7/WcUhfeeSWACtFK4LlUP2eTPMl+/bprB+I2Y=
Subject key identifier:   AE:C4:AF:6F:3A:92:0D:88:EF:99:FE:97:38:6F:2F:D7:10:EF:95:A4
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       51C9E8F092EEA98C610E05100BB9BDA2CA72B6CE
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS17138.roa
Signing time:             Tue 05 Dec 2023 02:44:09 +0000
ROA not before:           Tue 05 Dec 2023 02:39:09 +0000
ROA not after:            Tue 03 Dec 2024 02:44:09 +0000
asID:                     17138
IP address blocks:        2a06:a005:b10::/44 maxlen: 48
                          2a06:a005:b20::/44 maxlen: 48
                          2a06:a005:b30::/44 maxlen: 48
                          2a06:a005:b40::/44 maxlen: 48
                          2a06:a005:b50::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:c9:e8:f0:92:ee:a9:8c:61:0e:05:10:0b:b9:bd:a2:ca:72:b6:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:09 2023 GMT
            Not After : Dec  3 02:44:09 2024 GMT
        Subject: CN=AEC4AF6F3A920D88EF99FE97386F2FD710EF95A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:1d:5d:32:6a:34:36:c2:fb:79:84:fb:a8:60:
                    89:a9:55:e8:f2:9f:cb:80:16:17:9d:ff:80:75:d4:
                    53:64:19:d8:7f:46:ff:1b:83:0d:63:9d:72:b0:9d:
                    cb:a9:46:f8:21:a8:8d:b9:07:8f:d0:a9:d5:12:76:
                    5f:07:53:c5:b3:05:b8:40:4e:cd:16:5c:32:de:b9:
                    29:b1:bc:f4:0e:42:77:d4:9b:a5:54:18:05:06:63:
                    ef:90:36:34:d1:53:36:6a:41:ba:cd:de:ad:08:74:
                    85:09:fe:8d:a9:bd:b5:2c:8e:68:de:85:76:cf:e1:
                    d1:ac:51:7a:62:5a:b0:76:fc:22:7e:5e:28:c7:ec:
                    6f:48:fe:ff:2d:d2:ff:44:f6:e8:1f:66:8f:c6:1c:
                    8d:30:c5:b2:07:76:91:cf:1c:0a:77:33:0d:66:41:
                    b1:df:d2:f2:46:0e:02:5e:f3:cb:af:0a:f2:dd:10:
                    f0:12:c2:3a:c9:8b:13:99:5c:e1:ee:fa:ef:93:70:
                    44:74:5f:e9:87:20:3d:0c:17:ef:26:4b:1b:a6:1d:
                    4b:44:08:15:29:4f:5b:41:4c:6b:52:a1:78:e4:e8:
                    9a:d6:9c:0e:cf:87:b7:8b:3c:e4:59:53:02:18:c6:
                    ab:d0:81:4c:13:ab:56:82:2c:0c:0a:ea:a2:95:28:
                    38:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:C4:AF:6F:3A:92:0D:88:EF:99:FE:97:38:6F:2F:D7:10:EF:95:A4
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS17138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:b10::-2a06:a005:b5f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         54:26:cf:2f:02:2c:45:98:6b:ef:f4:6a:34:f2:ba:1a:44:11:
         bd:d0:e5:f1:0e:6b:8a:bd:25:63:65:c8:b9:17:02:24:e3:ae:
         3e:fa:6e:52:39:28:90:26:37:88:75:1e:71:dc:ca:5d:a6:18:
         60:3f:07:ea:be:90:3a:99:af:e4:2d:ba:51:0b:fe:9b:0d:30:
         76:e3:31:a4:31:73:5a:98:de:d4:08:61:1d:ce:c8:57:5b:48:
         9c:75:66:43:ba:fe:d0:30:6e:65:b7:c7:ed:88:66:26:06:ca:
         40:36:4d:7b:58:71:da:91:c5:ae:29:5d:ce:02:25:80:03:02:
         02:79:d5:cc:9f:41:7d:dd:51:4e:dd:cb:b1:2f:8e:a6:65:65:
         23:b7:cc:91:c7:27:f4:5d:cb:07:96:ad:d5:b0:70:3d:a4:60:
         e7:b4:a2:e8:48:a7:a5:c3:08:a2:c1:f4:b0:fc:46:53:a7:5b:
         ea:ce:9b:b9:7b:17:f2:8e:fc:25:db:ac:22:e9:10:ac:2e:37:
         66:bd:67:76:de:3b:5e:ff:67:c1:63:e7:ad:f1:64:1c:15:77:
         5f:ce:cd:10:b4:14:50:41:a3:9b:6a:47:3a:a5:52:34:61:7d:
         a6:c0:ee:d6:52:db:d9:36:5d:20:5c:ea:42:0a:e6:f7:aa:c1:
         99:d4:0a:59
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIUUcno8JLuqYxhDgUQC7m9ospyts4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MDlaFw0yNDEyMDMwMjQ0MDlaMDMxMTAvBgNV
BAMTKEFFQzRBRjZGM0E5MjBEODhFRjk5RkU5NzM4NkYyRkQ3MTBFRjk1QTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoHV0yajQ2wvt5hPuoYImpVejy
n8uAFhed/4B11FNkGdh/Rv8bgw1jnXKwncupRvghqI25B4/QqdUSdl8HU8WzBbhA
Ts0WXDLeuSmxvPQOQnfUm6VUGAUGY++QNjTRUzZqQbrN3q0IdIUJ/o2pvbUsjmje
hXbP4dGsUXpiWrB2/CJ+XijH7G9I/v8t0v9E9ugfZo/GHI0wxbIHdpHPHAp3Mw1m
QbHf0vJGDgJe88uvCvLdEPASwjrJixOZXOHu+u+TcER0X+mHID0MF+8mSxumHUtE
CBUpT1tBTGtSoXjk6JrWnA7Ph7eLPORZUwIYxqvQgUwTq1aCLAwK6qKVKDjbAgMB
AAGjggH8MIIB+DAdBgNVHQ4EFgQUrsSvbzqSDYjvmf6XOG8v1xDvlaQwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTcxMzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwLQYIKwYBBQUHAQcB
Af8EHjAcMBoEAgACMBQwEgMHBCoGoAULEAMHBSoGoAULQDANBgkqhkiG9w0BAQsF
AAOCAQEAVCbPLwIsRZhr7/RqNPK6GkQRvdDl8Q5rir0lY2XIuRcCJOOuPvpuUjko
kCY3iHUecdzKXaYYYD8H6r6QOpmv5C26UQv+mw0wduMxpDFzWpje1AhhHc7IV1tI
nHVmQ7r+0DBuZbfH7YhmJgbKQDZNe1hx2pHFrildzgIlgAMCAnnVzJ9Bfd1RTt3L
sS+OpmVlI7fMkccn9F3LB5at1bBwPaRg57Si6EinpcMIosH0sPxGU6db6s6buXsX
8o78JdusIukQrC43Zr1ndt47Xv9nwWPnrfFkHBV3X87NELQUUEGjm2pHOqVSNGF9
psDu1lLb2TZdIFzqQgrm96rBmdQKWQ==
-----END CERTIFICATE-----