Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS18041.roa
File:                     AS18041.roa (raw, json)
Hash identifier:          0eXqa6lLeBGTyx/xOa91BcAWiBHv3y5Uqax7NYuRhqk=
Subject key identifier:   8B:F9:F6:A4:0F:D0:76:DB:99:18:CB:9A:AD:C9:A9:12:14:AD:0A:AA
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       442A4D9EFB171F9DBB1AC3B07F290A13DFC41E52
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS18041.roa
Signing time:             Tue 05 Nov 2024 03:40:06 +0000
ROA not before:           Tue 05 Nov 2024 03:35:06 +0000
ROA not after:            Tue 04 Nov 2025 03:40:06 +0000
asID:                     18041
IP address blocks:        2a06:a005:500::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 11:21:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:2a:4d:9e:fb:17:1f:9d:bb:1a:c3:b0:7f:29:0a:13:df:c4:1e:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:06 2024 GMT
            Not After : Nov  4 03:40:06 2025 GMT
        Subject: CN=8BF9F6A40FD076DB9918CB9AADC9A91214AD0AAA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2a:a9:4a:29:7d:96:fa:12:0b:39:e8:74:91:
                    ad:d0:17:a6:22:24:7a:f8:65:e6:e0:54:3c:85:cf:
                    bd:fd:00:d3:e8:51:13:b4:c0:6f:bb:a1:3c:b6:08:
                    29:c3:eb:8c:f6:a6:f1:6e:c8:e1:2e:e8:9b:ed:0a:
                    02:ab:9f:ca:f4:25:c3:9d:b9:13:f9:5c:ae:4b:3d:
                    f2:3c:85:e6:b1:f2:3e:55:8b:ba:1d:1a:68:19:5f:
                    ea:a4:71:d6:8d:e9:33:91:6c:24:2d:df:c4:cc:d1:
                    9c:c2:e9:1e:e7:8f:3d:5d:19:68:9c:36:f2:5b:c6:
                    06:4f:6c:b2:9e:a9:d9:6d:82:bf:9a:61:d6:01:cd:
                    48:65:61:43:ee:5c:a8:f1:db:a3:5b:ac:e0:c2:34:
                    9b:0e:0f:fb:c7:b7:30:d8:4b:04:f2:20:a0:ec:1b:
                    15:86:cc:29:39:ee:a4:ed:09:4b:b0:44:26:a3:8f:
                    fa:6d:d4:9d:94:f5:60:ec:d7:af:89:9e:b8:19:24:
                    03:8b:d2:6a:6d:b6:34:08:8e:23:fd:23:a8:35:1b:
                    1c:82:e1:d9:a2:9e:38:fa:19:8e:74:ac:5d:a0:cb:
                    95:a0:19:e0:1a:62:86:45:eb:ad:85:1b:4b:27:aa:
                    b2:c4:fb:bc:f9:52:97:9d:81:b7:0f:45:8e:69:f4:
                    93:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F9:F6:A4:0F:D0:76:DB:99:18:CB:9A:AD:C9:A9:12:14:AD:0A:AA
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS18041.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:500::/44

    Signature Algorithm: sha256WithRSAEncryption
         27:a9:32:43:96:70:b8:bf:a7:46:8f:b0:e4:c7:e4:be:af:d0:
         85:6b:2d:10:f8:dc:11:b1:09:04:13:f0:61:bb:7e:88:c1:3e:
         1e:0c:b7:33:db:88:54:44:c1:6b:80:71:53:94:63:69:40:0a:
         47:4d:a9:4a:bb:4c:08:2b:c5:fe:15:73:97:29:25:d4:36:b8:
         46:69:90:fa:72:08:9d:74:a6:af:67:09:06:11:61:22:a4:a7:
         dd:2e:75:b8:b7:1e:1a:c4:27:05:be:9d:93:95:2f:75:ea:ef:
         e1:ab:14:58:a5:b1:3a:e2:38:f4:0e:3b:2b:ae:4f:bd:8b:75:
         50:5c:2e:e5:47:cb:e3:16:5a:2e:bf:ae:7b:c4:75:9e:0d:cd:
         82:e4:2b:48:c7:14:e9:38:fd:94:8d:0a:fd:ab:58:91:db:56:
         e2:25:7b:43:1c:9e:3b:d3:12:90:a1:f5:31:45:33:ba:94:8d:
         ad:30:cf:19:fb:9d:cf:8e:b9:01:69:31:28:04:a6:97:b3:a8:
         d9:87:3e:d9:ff:62:13:02:9f:06:a6:7c:79:64:f4:bc:80:59:
         a9:12:22:8b:25:5e:65:b9:71:fe:79:0c:da:e0:1e:a0:42:82:
         61:68:e3:84:04:d9:8c:c7:4e:fe:14:31:ea:4c:a9:ee:f7:dd:
         cb:4e:a4:be
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIURCpNnvsXH527GsOwfykKE9/EHlIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDZaFw0yNTExMDQwMzQwMDZaMDMxMTAvBgNV
BAMTKDhCRjlGNkE0MEZEMDc2REI5OTE4Q0I5QUFEQzlBOTEyMTRBRDBBQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7KqlKKX2W+hILOeh0ka3QF6Yi
JHr4ZebgVDyFz739ANPoURO0wG+7oTy2CCnD64z2pvFuyOEu6JvtCgKrn8r0JcOd
uRP5XK5LPfI8heax8j5Vi7odGmgZX+qkcdaN6TORbCQt38TM0ZzC6R7njz1dGWic
NvJbxgZPbLKeqdltgr+aYdYBzUhlYUPuXKjx26NbrODCNJsOD/vHtzDYSwTyIKDs
GxWGzCk57qTtCUuwRCajj/pt1J2U9WDs16+JnrgZJAOL0mpttjQIjiP9I6g1GxyC
4dminjj6GY50rF2gy5WgGeAaYoZF662FG0snqrLE+7z5UpedgbcPRY5p9JORAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUi/n2pA/QdtuZGMuarcmpEhStCqowHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTgwNDEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwQqBqAFBQAwDQYJKoZIhvcNAQELBQADggEBACepMkOW
cLi/p0aPsOTH5L6v0IVrLRD43BGxCQQT8GG7fojBPh4MtzPbiFREwWuAcVOUY2lA
CkdNqUq7TAgrxf4Vc5cpJdQ2uEZpkPpyCJ10pq9nCQYRYSKkp90udbi3HhrEJwW+
nZOVL3Xq7+GrFFilsTriOPQOOyuuT72LdVBcLuVHy+MWWi6/rnvEdZ4NzYLkK0jH
FOk4/ZSNCv2rWJHbVuIle0McnjvTEpCh9TFFM7qUja0wzxn7nc+OuQFpMSgEppez
qNmHPtn/YhMCnwamfHlk9LyAWakSIoslXmW5cf55DNrgHqBCgmFo44QE2YzHTv4U
MepMqe733ctOpL4=
-----END CERTIFICATE-----