Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS18250.roa
File:                     AS18250.roa (raw, json)
Hash identifier:          zCXJvmjqs0lKCr/mjn3nkGIgS0GCseWeQSFgfmVrIjk=
Subject key identifier:   31:38:65:9D:DC:22:26:AF:88:BA:97:A2:BF:3C:BE:7D:3E:F8:96:77
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       27DE30E7592E9E1F15CCCA916C3969BA942782DF
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS18250.roa
Signing time:             Tue 05 Nov 2024 03:40:10 +0000
ROA not before:           Tue 05 Nov 2024 03:35:10 +0000
ROA not after:            Tue 04 Nov 2025 03:40:10 +0000
asID:                     18250
IP address blocks:        2a06:a005:4e0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:de:30:e7:59:2e:9e:1f:15:cc:ca:91:6c:39:69:ba:94:27:82:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:10 2024 GMT
            Not After : Nov  4 03:40:10 2025 GMT
        Subject: CN=3138659DDC2226AF88BA97A2BF3CBE7D3EF89677
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:ca:25:b9:94:aa:6e:5f:c5:36:3f:29:3a:d5:
                    bb:ce:8d:82:c5:f8:50:21:f6:84:0e:05:59:ee:a0:
                    ba:e1:86:44:97:20:fc:ac:47:f0:ea:af:7d:fa:2f:
                    7f:18:86:6e:6e:73:c9:5a:e8:76:26:97:67:01:ca:
                    71:e2:68:9c:54:9d:8d:eb:da:e4:1f:22:07:e5:93:
                    57:89:3c:33:02:c2:98:a3:13:fd:6a:ad:df:e7:dd:
                    0e:0d:50:67:e6:1b:3a:ce:f2:a7:3d:7b:04:0a:db:
                    1a:24:75:76:f7:e7:01:af:c0:5c:98:a7:ff:b5:0e:
                    fb:e9:55:fd:ad:33:63:a1:55:71:ac:af:e5:79:38:
                    ff:93:ad:0f:d1:b9:87:1a:17:79:3b:3c:33:1b:81:
                    2f:bc:ea:d3:83:b7:a4:ef:f2:71:69:ab:92:23:a9:
                    5e:05:7b:4c:79:f6:44:0c:4f:9b:80:e8:ec:98:cb:
                    73:52:74:f8:e5:e2:59:76:3e:7d:93:b9:58:06:1c:
                    29:34:33:85:74:fe:7c:17:5f:54:53:f1:85:53:38:
                    dd:00:76:5d:a8:3d:98:58:f5:1d:50:6f:36:c1:76:
                    ce:46:e1:f9:e7:8a:c8:b1:79:93:3d:a8:6a:ac:32:
                    be:a8:e9:26:b0:3b:6e:d4:5c:dc:4b:30:bc:d2:f9:
                    b3:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:38:65:9D:DC:22:26:AF:88:BA:97:A2:BF:3C:BE:7D:3E:F8:96:77
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS18250.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:4e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         09:6c:a1:a2:7f:4c:f2:62:9e:8a:9c:9f:1f:14:f7:44:c7:95:
         f6:ed:3f:44:a4:b1:12:a2:8f:1b:2d:8d:91:1a:6c:54:3a:d4:
         fe:bf:ce:da:ca:2e:94:21:08:b2:74:c7:2d:d6:96:3f:b0:93:
         1a:01:bb:1b:23:b2:0f:c3:39:01:72:f9:e1:1f:99:93:ca:d7:
         ca:76:b3:60:52:f5:94:70:a3:f2:f4:06:5f:5d:58:d4:74:d9:
         60:aa:e5:64:8f:a3:2d:d3:ff:33:4b:5d:fa:ff:24:3d:1f:36:
         16:95:44:21:8e:74:5f:46:5b:c5:f2:4a:b1:88:d9:89:64:63:
         94:d6:c4:f7:73:70:b2:b2:d3:08:42:9a:e7:af:31:f0:2f:2c:
         89:c1:9e:9f:26:b2:af:30:65:63:2b:93:c5:b0:7c:0e:05:3b:
         0d:20:c2:29:33:7f:13:9a:9a:88:58:55:a9:3f:21:e7:e7:b4:
         d7:f4:48:ea:a8:b3:cf:5f:42:85:f6:32:84:5c:7f:a2:87:78:
         62:df:b9:54:ee:46:d9:40:77:87:97:23:41:a8:60:ad:21:af:
         47:15:39:d5:5b:b9:11:d0:6a:0c:44:1e:40:d9:e2:1a:9a:81:
         62:ae:00:93:ff:d5:10:0a:f8:b9:f2:37:45:53:47:73:2f:4c:
         c4:97:1a:e2
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUJ94w51kunh8VzMqRbDlpupQngt8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MTBaFw0yNTExMDQwMzQwMTBaMDMxMTAvBgNV
BAMTKDMxMzg2NTlEREMyMjI2QUY4OEJBOTdBMkJGM0NCRTdEM0VGODk2NzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtyiW5lKpuX8U2Pyk61bvOjYLF
+FAh9oQOBVnuoLrhhkSXIPysR/Dqr336L38Yhm5uc8la6HYml2cBynHiaJxUnY3r
2uQfIgflk1eJPDMCwpijE/1qrd/n3Q4NUGfmGzrO8qc9ewQK2xokdXb35wGvwFyY
p/+1DvvpVf2tM2OhVXGsr+V5OP+TrQ/RuYcaF3k7PDMbgS+86tODt6Tv8nFpq5Ij
qV4Fe0x59kQMT5uA6OyYy3NSdPjl4ll2Pn2TuVgGHCk0M4V0/nwXX1RT8YVTON0A
dl2oPZhY9R1QbzbBds5G4fnnisixeZM9qGqsMr6o6SawO27UXNxLMLzS+bPfAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUMThlndwiJq+Iupeivzy+fT74lncwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTgyNTAucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwQqBqAFBOAwDQYJKoZIhvcNAQELBQADggEBAAlsoaJ/
TPJinoqcnx8U90THlfbtP0SksRKijxstjZEabFQ61P6/ztrKLpQhCLJ0xy3Wlj+w
kxoBuxsjsg/DOQFy+eEfmZPK18p2s2BS9ZRwo/L0Bl9dWNR02WCq5WSPoy3T/zNL
Xfr/JD0fNhaVRCGOdF9GW8XySrGI2YlkY5TWxPdzcLKy0whCmuevMfAvLInBnp8m
sq8wZWMrk8WwfA4FOw0gwikzfxOamohYVak/IefntNf0SOqos89fQoX2MoRcf6KH
eGLfuVTuRtlAd4eXI0GoYK0hr0cVOdVbuRHQagxEHkDZ4hqagWKuAJP/1RAK+Lny
N0VTR3MvTMSXGuI=
-----END CERTIFICATE-----