Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200158.roa
File:                     AS200158.roa (raw, json)
Hash identifier:          RSFSLJXubtfQtgUok92v531iFLr4s1NsOh/B5+udI1w=
Subject key identifier:   CA:CD:9A:77:5D:16:AE:A9:BA:61:D3:5B:2D:01:2B:93:7E:C2:2E:B2
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       5ACA9F80982CE1A95D739F995A3DD190594C82F8
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200158.roa
Signing time:             Fri 29 Nov 2024 09:40:12 +0000
ROA not before:           Fri 29 Nov 2024 09:35:12 +0000
ROA not after:            Fri 28 Nov 2025 09:40:12 +0000
asID:                     200158
IP address blocks:        2a06:a005:1c7d::/48 maxlen: 48
                          2a06:a005:2be0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:24:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:ca:9f:80:98:2c:e1:a9:5d:73:9f:99:5a:3d:d1:90:59:4c:82:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov 29 09:35:12 2024 GMT
            Not After : Nov 28 09:40:12 2025 GMT
        Subject: CN=CACD9A775D16AEA9BA61D35B2D012B937EC22EB2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:84:d2:29:2e:e5:4a:9d:b5:8c:51:03:1d:bc:
                    9a:63:f7:59:dc:04:7c:41:1e:d9:43:03:2a:d8:a3:
                    a8:c7:d3:5c:e6:75:9d:d0:8e:d0:c3:c7:9e:6a:c9:
                    2f:62:7d:3d:42:fb:4b:db:08:d5:41:b6:ce:18:50:
                    aa:51:7e:d0:e3:9a:cc:c6:fa:b0:67:b7:d2:f6:19:
                    14:ca:55:f0:75:7f:0f:9a:26:1c:04:e4:ad:16:aa:
                    55:9a:3d:c3:94:5e:a4:b4:1d:e2:b5:3b:b6:cb:5a:
                    5b:3a:2d:0b:36:e0:33:99:56:b1:e4:6e:ed:ac:37:
                    ba:82:89:ea:7a:07:03:98:06:6c:4d:23:81:f5:f8:
                    68:92:f9:9a:4b:26:66:5f:53:e8:0a:09:be:75:d7:
                    93:45:e1:e8:6f:00:de:95:69:88:50:f4:b4:e3:d0:
                    b4:b6:94:53:32:56:a0:70:34:08:15:b1:68:e2:3e:
                    33:f2:6e:bd:a3:9d:c0:61:70:c2:f0:eb:67:5b:6d:
                    b1:3b:1a:65:f4:3f:91:ae:31:2c:3b:91:1b:98:c2:
                    1e:a4:6e:93:05:78:1d:ed:17:3e:4b:43:e8:85:2d:
                    91:43:a7:72:f9:44:62:0b:7d:bb:ef:a2:e5:22:27:
                    81:0a:32:87:25:85:03:4f:f7:c5:31:74:95:d0:05:
                    a3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:CD:9A:77:5D:16:AE:A9:BA:61:D3:5B:2D:01:2B:93:7E:C2:2E:B2
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200158.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1c7d::/48
                  2a06:a005:2be0::/44

    Signature Algorithm: sha256WithRSAEncryption
         2c:a1:af:48:36:36:71:ba:a0:02:8c:ae:db:eb:ec:d8:86:c4:
         47:b9:e3:72:a2:1d:f6:a2:99:93:af:4e:63:38:70:44:eb:0d:
         d9:7e:e2:c4:99:ac:a8:b4:62:0b:26:b5:54:9f:0f:76:be:eb:
         f9:10:74:95:dd:53:5d:86:10:f0:68:9c:88:9c:fc:03:1d:26:
         11:fc:0f:3c:f1:a2:93:e7:46:c6:0c:95:6c:3b:5c:73:c1:26:
         1e:b4:43:0f:f5:e1:8a:2b:13:e4:e9:a8:0e:ee:b9:98:ce:84:
         b2:99:45:5a:a2:9a:09:a9:da:f9:30:98:13:2f:a4:12:89:8c:
         f1:c3:4c:5e:a4:6a:14:e6:18:cc:46:96:19:b5:6b:d8:43:2b:
         ce:27:82:7a:ab:f9:be:30:d4:94:fc:21:39:b5:ce:e7:7e:60:
         21:91:e2:89:6a:5b:d3:7a:92:d6:58:5c:e0:9a:30:6c:e5:88:
         1a:a9:74:4f:b3:4c:b7:2d:4a:08:08:fa:8c:a6:4f:d7:c7:07:
         9b:6a:c6:97:1a:35:58:5b:6b:f8:85:6f:f5:40:84:88:ee:5f:
         6f:a1:98:e8:ec:e3:59:7c:86:0d:77:de:36:76:98:2a:34:cd:
         32:98:dd:96:88:44:48:19:18:d8:15:23:03:4d:10:44:a0:77:
         b6:c8:ce:39
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUWsqfgJgs4aldc5+ZWj3RkFlMgvgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMjkwOTM1MTJaFw0yNTExMjgwOTQwMTJaMDMxMTAvBgNV
BAMTKENBQ0Q5QTc3NUQxNkFFQTlCQTYxRDM1QjJEMDEyQjkzN0VDMjJFQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbhNIpLuVKnbWMUQMdvJpj91nc
BHxBHtlDAyrYo6jH01zmdZ3QjtDDx55qyS9ifT1C+0vbCNVBts4YUKpRftDjmszG
+rBnt9L2GRTKVfB1fw+aJhwE5K0WqlWaPcOUXqS0HeK1O7bLWls6LQs24DOZVrHk
bu2sN7qCiep6BwOYBmxNI4H1+GiS+ZpLJmZfU+gKCb5115NF4ehvAN6VaYhQ9LTj
0LS2lFMyVqBwNAgVsWjiPjPybr2jncBhcMLw62dbbbE7GmX0P5GuMSw7kRuYwh6k
bpMFeB3tFz5LQ+iFLZFDp3L5RGILfbvvouUiJ4EKMoclhQNP98UxdJXQBaONAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUys2ad10Wrqm6YdNbLQErk37CLrIwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwMTU4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBRx9AwcEKgagBSvgMA0GCSqGSIb3DQEBCwUA
A4IBAQAsoa9INjZxuqACjK7b6+zYhsRHueNyoh32opmTr05jOHBE6w3ZfuLEmayo
tGILJrVUnw92vuv5EHSV3VNdhhDwaJyInPwDHSYR/A888aKT50bGDJVsO1xzwSYe
tEMP9eGKKxPk6agO7rmYzoSymUVaopoJqdr5MJgTL6QSiYzxw0xepGoU5hjMRpYZ
tWvYQyvOJ4J6q/m+MNSU/CE5tc7nfmAhkeKJalvTepLWWFzgmjBs5YgaqXRPs0y3
LUoICPqMpk/XxwebasaXGjVYW2v4hW/1QISI7l9voZjo7ONZfIYNd942dpgqNM0y
mN2WiERIGRjYFSMDTRBEoHe2yM45
-----END CERTIFICATE-----