Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS198515.roa
File:                     AS198515.roa (raw, json)
Hash identifier:          /ozHxTK4adxr7BwJS5bkDTbcmVNuYV1QWF92AfxbI0w=
Subject key identifier:   3B:15:38:4A:A7:B6:BF:81:18:F2:D8:D5:47:80:DE:46:45:AC:1C:F3
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       3EC2BDC088653E7DF7D6D68DA8E609D794D7AB52
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS198515.roa
Signing time:             Thu 01 Feb 2024 22:44:24 +0000
ROA not before:           Thu 01 Feb 2024 22:39:24 +0000
ROA not after:            Thu 30 Jan 2025 22:44:24 +0000
asID:                     198515
IP address blocks:        2a06:a005:1876::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:c2:bd:c0:88:65:3e:7d:f7:d6:d6:8d:a8:e6:09:d7:94:d7:ab:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Feb  1 22:39:24 2024 GMT
            Not After : Jan 30 22:44:24 2025 GMT
        Subject: CN=3B15384AA7B6BF8118F2D8D54780DE4645AC1CF3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:79:d5:a2:48:4f:0c:e6:08:2d:f0:01:bd:d2:
                    05:7c:e7:cc:f7:e7:dc:19:7a:c6:85:d9:c7:df:91:
                    b6:08:4e:62:2a:97:70:f0:52:92:cf:be:fb:07:77:
                    fb:b5:69:47:15:9c:ab:3d:4e:d0:37:1b:e9:9b:ee:
                    c1:f0:1b:86:11:ed:33:d9:17:52:6f:78:09:75:5e:
                    53:cd:c1:b7:6b:bb:23:0e:58:18:9b:4c:ce:dc:a0:
                    de:c6:3a:44:e6:13:10:33:2b:84:99:69:97:01:3b:
                    58:cd:a7:54:03:4d:69:43:20:04:2e:cd:72:b8:be:
                    0c:e6:4c:be:17:73:18:dd:d4:da:a5:42:a1:8c:ec:
                    8e:f9:39:ef:af:57:83:8e:68:b8:91:24:2f:0f:39:
                    79:25:a3:02:91:cf:18:33:3d:55:ff:72:36:c4:92:
                    fa:1f:68:58:fb:0f:27:c5:c2:a0:c2:e2:c3:04:8a:
                    d2:13:29:96:13:96:e3:2c:ef:3c:de:3a:d6:37:5a:
                    3f:d6:6a:9b:c2:44:69:6c:08:3f:2b:1b:d4:f4:38:
                    53:b2:08:45:4e:46:b0:0d:e9:1b:8c:61:dc:5f:c0:
                    d0:f6:2e:44:7a:4e:58:57:45:ec:b4:99:90:d8:31:
                    7f:f5:af:c0:f4:9a:1b:52:df:94:ea:c0:d9:e4:27:
                    ed:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:15:38:4A:A7:B6:BF:81:18:F2:D8:D5:47:80:DE:46:45:AC:1C:F3
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS198515.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1876::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:25:e7:f5:7d:4d:e0:95:a0:a2:f1:10:e4:e1:ac:7f:4a:28:
         86:42:a2:a7:5f:86:27:f1:d4:15:82:a4:08:90:8e:26:21:d0:
         b3:74:17:9e:dc:67:37:89:7c:8d:13:a6:01:76:23:02:b3:45:
         f1:19:f6:2b:a6:98:42:69:aa:e7:79:f2:f8:27:b6:c2:7d:d7:
         2c:ea:9d:57:b3:a9:f6:3e:ac:87:f0:69:7a:f8:76:5b:6e:a3:
         25:ac:b0:5a:22:95:1f:fe:68:96:15:e7:cf:05:2c:30:05:43:
         35:b4:3b:0d:f0:c4:7a:ec:b4:ab:62:6e:bf:1a:c1:f5:54:73:
         2e:03:39:00:a3:35:90:5a:55:c4:03:80:c9:94:bf:4c:3c:32:
         cd:31:af:49:4f:c3:ce:53:6c:64:b1:82:73:88:b2:1f:00:54:
         a0:75:dc:2f:25:4a:5e:a1:d2:27:a1:e6:a1:49:29:21:44:de:
         fa:15:7b:8c:50:9e:3d:b9:91:c2:93:3b:c0:0f:38:03:a4:a2:
         53:51:6b:da:bc:2d:ed:f3:43:1f:ab:f9:a7:a4:37:c0:53:a7:
         23:9a:e8:f6:b5:40:86:33:0d:4a:d6:84:b7:b2:45:d6:97:f4:
         30:00:5b:64:52:4d:e8:23:40:0a:43:45:f4:d3:ba:da:bd:e0:
         e2:c0:da:c5
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUPsK9wIhlPn331taNqOYJ15TXq1IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAyMDEyMjM5MjRaFw0yNTAxMzAyMjQ0MjRaMDMxMTAvBgNV
BAMTKDNCMTUzODRBQTdCNkJGODExOEYyRDhENTQ3ODBERTQ2NDVBQzFDRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRedWiSE8M5ggt8AG90gV858z3
59wZesaF2cffkbYITmIql3DwUpLPvvsHd/u1aUcVnKs9TtA3G+mb7sHwG4YR7TPZ
F1JveAl1XlPNwbdruyMOWBibTM7coN7GOkTmExAzK4SZaZcBO1jNp1QDTWlDIAQu
zXK4vgzmTL4Xcxjd1NqlQqGM7I75Oe+vV4OOaLiRJC8POXklowKRzxgzPVX/cjbE
kvofaFj7DyfFwqDC4sMEitITKZYTluMs7zzeOtY3Wj/WapvCRGlsCD8rG9T0OFOy
CEVORrAN6RuMYdxfwND2LkR6TlhXRey0mZDYMX/1r8D0mhtS35TqwNnkJ+3/AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUOxU4Sqe2v4EY8tjVR4DeRkWsHPMwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTk4NTE1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBRh2MA0GCSqGSIb3DQEBCwUAA4IBAQBDJef1
fU3glaCi8RDk4ax/SiiGQqKnX4Yn8dQVgqQIkI4mIdCzdBee3Gc3iXyNE6YBdiMC
s0XxGfYrpphCaarnefL4J7bCfdcs6p1Xs6n2PqyH8Gl6+HZbbqMlrLBaIpUf/miW
FefPBSwwBUM1tDsN8MR67LSrYm6/GsH1VHMuAzkAozWQWlXEA4DJlL9MPDLNMa9J
T8POU2xksYJziLIfAFSgddwvJUpeodInoeahSSkhRN76FXuMUJ49uZHCkzvADzgD
pKJTUWvavC3t80Mfq/mnpDfAU6cjmuj2tUCGMw1K1oS3skXWl/QwAFtkUk3oI0AK
Q0X007raveDiwNrF
-----END CERTIFICATE-----