Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200021.roa
File:                     AS200021.roa (raw, json)
Hash identifier:          C9mU9hRm3uGMPH2eEJzvo0hrxae8MogaKo7WoeQYzuM=
Subject key identifier:   C4:FF:D9:65:82:AA:00:AE:91:FE:B2:7B:17:19:6C:34:9A:82:0B:A6
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       6AA204AFCD740913651840F896A195E4AE746EAF
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200021.roa
Signing time:             Sun 07 Jan 2024 09:44:21 +0000
ROA not before:           Sun 07 Jan 2024 09:39:21 +0000
ROA not after:            Sun 05 Jan 2025 09:44:21 +0000
asID:                     200021
IP address blocks:        2a06:a005:1c30::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:a2:04:af:cd:74:09:13:65:18:40:f8:96:a1:95:e4:ae:74:6e:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan  7 09:39:21 2024 GMT
            Not After : Jan  5 09:44:21 2025 GMT
        Subject: CN=C4FFD96582AA00AE91FEB27B17196C349A820BA6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:87:7d:8e:81:4d:e5:2d:46:85:28:76:c1:62:
                    30:01:2f:b9:ef:d6:6c:aa:24:8a:84:34:e0:74:0a:
                    b3:35:ca:86:22:ee:e8:a6:d6:1b:39:2c:72:f8:c0:
                    4f:ca:77:75:bf:00:bb:28:cb:4b:35:c8:12:ee:64:
                    cd:c3:75:d5:70:5a:53:8d:1d:51:5e:10:41:3e:15:
                    d8:f9:93:da:b5:78:ac:bd:53:33:77:12:d5:ba:e9:
                    97:73:fb:e4:7c:d6:52:b0:3d:54:5f:c3:71:31:ff:
                    04:82:2f:ea:50:3f:33:03:b3:c9:25:0c:89:92:ea:
                    64:9f:f7:b7:d3:1f:24:45:72:9c:4e:bb:d7:9b:ba:
                    7e:27:17:3c:65:51:8c:57:c1:7e:d5:70:df:e2:00:
                    71:a6:e3:4a:b0:52:91:14:ae:39:6a:1f:df:3f:2f:
                    2c:94:12:92:d0:15:14:e7:ca:2c:fc:bc:19:81:c1:
                    e7:7d:02:7f:30:2e:08:0a:ad:03:9d:e9:a9:4f:72:
                    7e:dd:48:45:2f:41:09:5f:e7:94:73:1d:bc:ed:42:
                    83:41:5c:93:4f:78:2e:ea:e1:c6:e0:1a:15:b5:75:
                    3a:eb:87:52:45:79:d5:76:9c:40:7d:14:26:36:d1:
                    cd:7e:49:cb:84:ce:8e:93:71:89:b1:6e:11:a6:78:
                    e2:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:FF:D9:65:82:AA:00:AE:91:FE:B2:7B:17:19:6C:34:9A:82:0B:A6
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200021.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1c30::/44

    Signature Algorithm: sha256WithRSAEncryption
         94:4e:17:ea:e3:22:5c:6f:9e:59:af:ad:4b:2b:78:02:ff:37:
         e0:62:c9:0e:e2:7d:f5:28:b3:c0:e1:bd:49:9a:64:b3:f6:90:
         15:42:fe:e7:9f:eb:3b:20:a3:7a:6e:9c:bc:c1:0d:48:7c:dc:
         5a:e3:a8:56:7d:31:e4:3c:f2:c3:c9:9f:87:8a:cd:d4:a5:5f:
         39:50:61:41:1c:a2:30:fc:51:6f:3a:f0:a3:74:d9:ee:f6:72:
         30:c6:62:c8:4c:fd:e5:0d:b0:8e:e7:8d:a3:96:a7:5d:d8:46:
         f5:ee:9b:af:05:2c:f8:ed:6d:3d:2d:13:2b:f6:99:c4:b9:fa:
         a9:8a:c5:34:9c:66:af:4b:c0:b4:d3:0a:26:20:46:83:50:9e:
         49:df:ed:d6:5d:01:47:78:94:11:69:31:d1:3c:ad:08:bc:e5:
         20:2c:da:04:9e:03:94:ac:21:19:31:af:12:8a:5f:f5:57:95:
         25:aa:4f:78:f5:b6:c6:b4:ed:b4:3b:eb:26:50:f6:70:bb:ef:
         f9:42:16:19:90:91:cd:44:f0:48:ce:23:88:ba:36:18:00:13:
         66:f5:5a:15:41:9c:48:22:e4:d1:a3:33:2b:ec:a8:97:99:43:
         f8:12:b8:a7:fb:35:b6:50:1e:d2:30:dd:c7:91:68:64:5c:e0:
         64:58:68:18
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUaqIEr810CRNlGED4lqGV5K50bq8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMDcwOTM5MjFaFw0yNTAxMDUwOTQ0MjFaMDMxMTAvBgNV
BAMTKEM0RkZEOTY1ODJBQTAwQUU5MUZFQjI3QjE3MTk2QzM0OUE4MjBCQTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCth32OgU3lLUaFKHbBYjABL7nv
1myqJIqENOB0CrM1yoYi7uim1hs5LHL4wE/Kd3W/ALsoy0s1yBLuZM3DddVwWlON
HVFeEEE+Fdj5k9q1eKy9UzN3EtW66Zdz++R81lKwPVRfw3Ex/wSCL+pQPzMDs8kl
DImS6mSf97fTHyRFcpxOu9ebun4nFzxlUYxXwX7VcN/iAHGm40qwUpEUrjlqH98/
LyyUEpLQFRTnyiz8vBmBwed9An8wLggKrQOd6alPcn7dSEUvQQlf55RzHbztQoNB
XJNPeC7q4cbgGhW1dTrrh1JFedV2nEB9FCY20c1+ScuEzo6TcYmxbhGmeOKZAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUxP/ZZYKqAK6R/rJ7FxlsNJqCC6YwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwMDIxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRwwMA0GCSqGSIb3DQEBCwUAA4IBAQCUThfq
4yJcb55Zr61LK3gC/zfgYskO4n31KLPA4b1JmmSz9pAVQv7nn+s7IKN6bpy8wQ1I
fNxa46hWfTHkPPLDyZ+His3UpV85UGFBHKIw/FFvOvCjdNnu9nIwxmLITP3lDbCO
542jlqdd2Eb17puvBSz47W09LRMr9pnEufqpisU0nGavS8C00womIEaDUJ5J3+3W
XQFHeJQRaTHRPK0IvOUgLNoEngOUrCEZMa8Sil/1V5Ulqk949bbGtO20O+smUPZw
u+/5QhYZkJHNRPBIziOIujYYABNm9VoVQZxIIuTRozMr7KiXmUP4Erin+zW2UB7S
MN3HkWhkXOBkWGgY
-----END CERTIFICATE-----