Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS199668.roa
File:                     AS199668.roa (raw, json)
Hash identifier:          YysJJS6wn6cUAw401c+RZyTv3enPRScwFtJkq9YnIp4=
Subject key identifier:   2F:42:A7:44:B1:B6:D6:7B:7C:54:9D:45:CD:44:02:EF:AA:99:9C:A4
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       68A8B71D6D2AE3D7F479F5ABEE255AACE0BDF664
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS199668.roa
Signing time:             Wed 14 Feb 2024 23:44:24 +0000
ROA not before:           Wed 14 Feb 2024 23:39:24 +0000
ROA not after:            Wed 12 Feb 2025 23:44:24 +0000
asID:                     199668
IP address blocks:        2a06:a005:1875::/48 maxlen: 48
                          2a06:a005:1d5b::/48 maxlen: 48
                          2a06:a005:2ba0::/44 maxlen: 48
                          2a06:a005:2e20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:a8:b7:1d:6d:2a:e3:d7:f4:79:f5:ab:ee:25:5a:ac:e0:bd:f6:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Feb 14 23:39:24 2024 GMT
            Not After : Feb 12 23:44:24 2025 GMT
        Subject: CN=2F42A744B1B6D67B7C549D45CD4402EFAA999CA4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:21:2c:78:f1:74:20:da:cc:bd:21:8c:c5:69:
                    f3:81:c5:10:ac:2d:5f:d8:53:ea:cf:2a:8d:29:ff:
                    0f:47:86:41:32:70:63:62:a8:bb:9c:6e:57:61:61:
                    72:08:9c:1f:30:62:ed:d6:a1:ec:27:4d:aa:19:2f:
                    f7:e5:e6:f9:61:a4:2e:34:2d:88:a7:5e:1b:58:12:
                    ef:42:2c:d9:01:78:25:d6:42:bd:c8:76:27:a3:a1:
                    6c:a7:5d:cb:85:ab:17:f0:6f:78:3f:e8:de:86:44:
                    7a:46:55:e2:82:24:27:1e:05:a2:cf:a6:5a:6d:44:
                    93:22:c7:dd:6f:d2:2e:62:bd:f3:94:88:d7:49:53:
                    40:9d:f0:4d:95:2c:47:84:f8:16:75:2e:17:f3:7a:
                    4d:8a:64:48:46:8d:2a:fa:bc:43:dc:39:63:63:ec:
                    8b:a8:f4:15:53:96:c8:a6:1b:75:80:63:e5:5b:79:
                    b3:3b:b5:da:3c:74:1e:48:68:24:d2:f4:86:1f:48:
                    36:4f:31:18:92:4c:76:02:25:3e:70:3d:df:09:91:
                    68:1f:c9:8f:00:b6:01:2d:89:b3:c5:e3:9b:49:0b:
                    93:d0:8e:9a:79:ff:22:1a:a3:39:57:7e:a7:7d:de:
                    39:f5:b2:67:f5:37:d7:ef:11:d9:98:4e:11:77:35:
                    d4:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:42:A7:44:B1:B6:D6:7B:7C:54:9D:45:CD:44:02:EF:AA:99:9C:A4
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS199668.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1875::/48
                  2a06:a005:1d5b::/48
                  2a06:a005:2ba0::/44
                  2a06:a005:2e20::/44

    Signature Algorithm: sha256WithRSAEncryption
         23:0e:d2:c5:37:30:65:43:16:e7:e5:a0:ec:e3:81:f0:09:02:
         a0:34:44:18:c9:20:6d:1a:85:70:22:11:e5:f0:cb:cd:f6:04:
         25:55:0b:57:f0:9b:ad:89:87:71:0c:1b:f5:93:2c:9f:3d:bd:
         52:32:84:22:dc:39:6e:dc:6f:e0:4f:14:df:70:72:76:4b:ba:
         5b:d5:1b:5e:a1:ca:eb:05:b4:bb:e1:14:ff:7b:01:56:6f:56:
         92:02:7e:b9:3f:72:92:a8:e9:27:f7:82:7c:0e:73:ce:6e:85:
         df:8f:bb:41:01:8c:06:df:e5:62:5c:3f:b5:c5:53:21:c9:50:
         92:28:e3:87:2b:d3:3e:27:dc:af:8d:0a:fc:69:ec:ee:35:50:
         56:15:a7:c4:40:f3:a4:f1:66:22:2c:52:de:07:b3:bd:62:d5:
         58:69:ac:f7:a7:f5:81:da:36:8e:ae:e8:c9:60:5e:19:f8:dd:
         e6:9f:ce:9c:fb:4e:53:5c:7d:4c:33:9d:b5:2b:4a:c6:26:83:
         12:25:c4:3e:00:aa:2d:18:79:54:05:35:13:00:cf:6e:7e:8c:
         47:e5:dc:40:a8:da:63:7b:fe:0d:69:e4:6d:6e:00:bd:b2:03:
         f2:51:66:72:bc:f1:94:34:77:ba:75:3c:4b:b5:93:7e:de:84:
         88:0e:ef:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUaKi3HW0q49f0efWr7iVarOC99mQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAyMTQyMzM5MjRaFw0yNTAyMTIyMzQ0MjRaMDMxMTAvBgNV
BAMTKDJGNDJBNzQ0QjFCNkQ2N0I3QzU0OUQ0NUNENDQwMkVGQUE5OTlDQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNISx48XQg2sy9IYzFafOBxRCs
LV/YU+rPKo0p/w9HhkEycGNiqLucbldhYXIInB8wYu3WoewnTaoZL/fl5vlhpC40
LYinXhtYEu9CLNkBeCXWQr3IdiejoWynXcuFqxfwb3g/6N6GRHpGVeKCJCceBaLP
plptRJMix91v0i5ivfOUiNdJU0Cd8E2VLEeE+BZ1Lhfzek2KZEhGjSr6vEPcOWNj
7Iuo9BVTlsimG3WAY+VbebM7tdo8dB5IaCTS9IYfSDZPMRiSTHYCJT5wPd8JkWgf
yY8AtgEtibPF45tJC5PQjpp5/yIaozlXfqd93jn1smf1N9fvEdmYThF3NdQdAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUL0KnRLG21nt8VJ1FzUQC76qZnKQwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTk5NjY4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEH
AQH/BC4wLDAqBAIAAjAkAwcAKgagBRh1AwcAKgagBR1bAwcEKgagBSugAwcEKgag
BS4gMA0GCSqGSIb3DQEBCwUAA4IBAQAjDtLFNzBlQxbn5aDs44HwCQKgNEQYySBt
GoVwIhHl8MvN9gQlVQtX8JutiYdxDBv1kyyfPb1SMoQi3Dlu3G/gTxTfcHJ2S7pb
1RteocrrBbS74RT/ewFWb1aSAn65P3KSqOkn94J8DnPOboXfj7tBAYwG3+ViXD+1
xVMhyVCSKOOHK9M+J9yvjQr8aezuNVBWFafEQPOk8WYiLFLeB7O9YtVYaaz3p/WB
2jaOrujJYF4Z+N3mn86c+05TXH1MM521K0rGJoMSJcQ+AKotGHlUBTUTAM9ufoxH
5dxAqNpje/4NaeRtbgC9sgPyUWZyvPGUNHe6dTxLtZN+3oSIDu+Y
-----END CERTIFICATE-----