Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200221.roa
File:                     AS200221.roa (raw, json)
Hash identifier:          BLA2+2uBMsAroizVe9ELRyxKcjNSxLX5o6AbCli4N0M=
Subject key identifier:   88:C1:B7:28:76:0A:C4:F2:5C:64:3E:AA:29:0C:86:B0:CE:D0:A3:15
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       4097F7E0DADFC13B0B8B4E740B0AFD7FA74A1FCB
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200221.roa
Signing time:             Wed 27 Dec 2023 17:44:21 +0000
ROA not before:           Wed 27 Dec 2023 17:39:21 +0000
ROA not after:            Wed 25 Dec 2024 17:44:21 +0000
asID:                     200221
IP address blocks:        2a06:a005:1b80::/44 maxlen: 48
                          2a06:a005:2b20::/44 maxlen: 48
                          2a06:a005:2b30::/44 maxlen: 48
                          2a06:a005:2b40::/44 maxlen: 48
                          2a06:a005:2b50::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:97:f7:e0:da:df:c1:3b:0b:8b:4e:74:0b:0a:fd:7f:a7:4a:1f:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec 27 17:39:21 2023 GMT
            Not After : Dec 25 17:44:21 2024 GMT
        Subject: CN=88C1B728760AC4F25C643EAA290C86B0CED0A315
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b3:d4:ea:b6:d2:5a:85:8d:46:cf:2b:14:87:
                    73:ba:c1:48:3b:15:e4:61:d5:73:95:70:e6:cd:6c:
                    b5:42:f3:07:5f:42:e6:1a:39:93:7b:a3:db:c3:2c:
                    fd:ff:0e:79:04:d2:e9:bc:a1:09:fd:04:c6:cd:76:
                    e8:f5:dd:b3:02:2b:11:44:20:f8:6e:88:a7:3b:d0:
                    8d:11:52:29:97:34:07:78:53:cc:8c:8d:63:15:6b:
                    2a:f9:c4:16:81:e9:0f:e9:f0:82:57:cc:6c:fd:46:
                    f8:33:94:70:95:87:9c:64:bc:47:d3:25:26:13:ae:
                    e6:12:3b:75:e8:0e:2d:29:cc:7a:54:23:25:8d:b9:
                    e7:c8:b5:5a:3a:30:c1:03:72:90:80:44:d6:71:44:
                    3e:0f:11:f5:bb:fa:00:8f:fe:3f:5d:eb:b0:7f:ee:
                    43:a0:bd:51:07:3b:52:1a:8b:a5:d8:27:ec:eb:28:
                    ca:af:6f:d9:c8:91:de:08:85:63:ac:f1:53:59:19:
                    e8:e9:78:26:f2:4e:3e:29:88:43:68:07:e7:03:5f:
                    6b:f0:67:67:9c:62:aa:21:b6:fa:8d:68:1d:45:32:
                    aa:1a:71:bc:66:d8:d4:a4:c7:88:52:d4:35:f6:1d:
                    96:4c:b4:02:29:70:c3:ae:8b:15:fe:9a:ae:fb:54:
                    35:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:C1:B7:28:76:0A:C4:F2:5C:64:3E:AA:29:0C:86:B0:CE:D0:A3:15
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200221.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1b80::/44
                  2a06:a005:2b20::-2a06:a005:2b5f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         cd:32:05:c2:cc:9e:ff:e1:e4:38:2f:c5:3a:9f:31:4a:c5:52:
         d0:ff:16:73:83:c0:6a:94:0e:f7:01:e7:3c:07:f4:f2:ca:00:
         91:10:9c:c1:9a:38:d7:4a:fd:c5:9a:6d:a4:70:bc:92:90:f9:
         2f:e4:2d:9b:4a:bd:62:59:67:21:d4:1b:69:11:93:be:72:ac:
         f9:f9:d3:85:e4:b7:b1:c0:5d:48:c2:c2:64:76:44:3c:46:92:
         b2:0e:bb:80:cf:8e:47:36:d2:bb:c9:2f:21:ae:4b:40:4f:80:
         b3:e9:a5:a6:3d:b3:32:a3:fc:60:0f:61:8b:58:01:0e:70:03:
         35:99:31:91:ce:8e:67:29:9c:06:b1:7d:52:4f:3e:cf:2c:23:
         15:a3:69:8a:01:ba:54:be:08:b7:2e:3f:ca:bd:19:03:b6:3a:
         d4:97:1a:41:2f:24:02:cd:79:a1:e6:97:88:fc:d4:7b:6e:f6:
         3b:8d:2f:e9:0c:82:2a:1d:6c:84:72:66:d2:f9:eb:d6:27:ce:
         ac:48:0b:51:92:1f:38:a5:8d:fe:af:ee:4c:5b:ef:44:77:6b:
         fe:76:11:8f:28:07:92:73:af:dc:4e:4b:d0:7d:0c:71:3d:dd:
         9f:41:79:8e:9f:7f:28:d1:3c:2b:9c:32:19:7d:ae:88:3e:c0:
         98:f4:87:2c
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgIUQJf34NrfwTsLi050Cwr9f6dKH8swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMjcxNzM5MjFaFw0yNDEyMjUxNzQ0MjFaMDMxMTAvBgNV
BAMTKDg4QzFCNzI4NzYwQUM0RjI1QzY0M0VBQTI5MEM4NkIwQ0VEMEEzMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/s9TqttJahY1GzysUh3O6wUg7
FeRh1XOVcObNbLVC8wdfQuYaOZN7o9vDLP3/DnkE0um8oQn9BMbNduj13bMCKxFE
IPhuiKc70I0RUimXNAd4U8yMjWMVayr5xBaB6Q/p8IJXzGz9RvgzlHCVh5xkvEfT
JSYTruYSO3XoDi0pzHpUIyWNuefItVo6MMEDcpCARNZxRD4PEfW7+gCP/j9d67B/
7kOgvVEHO1Iai6XYJ+zrKMqvb9nIkd4IhWOs8VNZGejpeCbyTj4piENoB+cDX2vw
Z2ecYqohtvqNaB1FMqoacbxm2NSkx4hS1DX2HZZMtAIpcMOuixX+mq77VDUrAgMB
AAGjggIGMIICAjAdBgNVHQ4EFgQUiMG3KHYKxPJcZD6qKQyGsM7QoxUwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwMjIxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEH
AQH/BCcwJTAjBAIAAjAdAwcEKgagBRuAMBIDBwUqBqAFKyADBwUqBqAFK0AwDQYJ
KoZIhvcNAQELBQADggEBAM0yBcLMnv/h5DgvxTqfMUrFUtD/FnODwGqUDvcB5zwH
9PLKAJEQnMGaONdK/cWabaRwvJKQ+S/kLZtKvWJZZyHUG2kRk75yrPn504Xkt7HA
XUjCwmR2RDxGkrIOu4DPjkc20rvJLyGuS0BPgLPppaY9szKj/GAPYYtYAQ5wAzWZ
MZHOjmcpnAaxfVJPPs8sIxWjaYoBulS+CLcuP8q9GQO2OtSXGkEvJALNeaHml4j8
1Htu9juNL+kMgiodbIRyZtL569YnzqxIC1GSHziljf6v7kxb70R3a/52EY8oB5Jz
r9xOS9B9DHE93Z9BeY6ffyjRPCucMhl9rog+wJj0hyw=
-----END CERTIFICATE-----