Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200227.roa
File:                     AS200227.roa (raw, json)
Hash identifier:          vljLQvdJPF8aQrYrXVr5p44+S++E7tFDvCjybG9IDe8=
Subject key identifier:   63:B5:87:A0:5E:FB:CF:F4:E5:92:5B:36:15:42:E7:BE:18:B8:66:ED
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       0AEE3F42F9C33227B92780C4D18AE3DEB859DBA3
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200227.roa
Signing time:             Sun 02 Feb 2025 06:40:16 +0000
ROA not before:           Sun 02 Feb 2025 06:35:16 +0000
ROA not after:            Sun 01 Feb 2026 06:40:16 +0000
asID:                     200227
IP address blocks:        2a06:a005:5a5::/48 maxlen: 48
                          2a06:a005:b64::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 11:21:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:ee:3f:42:f9:c3:32:27:b9:27:80:c4:d1:8a:e3:de:b8:59:db:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Feb  2 06:35:16 2025 GMT
            Not After : Feb  1 06:40:16 2026 GMT
        Subject: CN=63B587A05EFBCFF4E5925B361542E7BE18B866ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:8e:20:7d:1a:30:79:1f:6e:7b:17:e9:ec:c7:
                    6d:2e:88:25:c8:5a:5a:ae:37:67:fb:a5:9d:4e:33:
                    ec:ae:42:1e:8e:89:88:0b:bb:eb:bb:0d:f8:f5:a0:
                    0f:95:05:ba:71:4c:0b:d3:fb:ae:e7:98:31:42:10:
                    94:1c:7c:81:59:61:50:14:31:a7:6b:3c:63:81:e4:
                    25:72:3d:83:4d:7b:02:29:6c:61:6a:03:28:54:d4:
                    a5:21:ba:bd:d2:08:40:d7:eb:b8:15:80:2f:5a:2e:
                    b7:2a:48:f5:9c:e7:bf:35:18:0a:88:9e:17:87:12:
                    8f:30:45:47:7c:b5:7b:6a:9c:06:1e:4b:ca:b4:92:
                    f4:ec:65:61:c3:64:2b:3f:1c:19:bb:9c:a2:59:2a:
                    2b:7a:62:c7:4b:63:94:4a:94:2c:52:86:da:09:d3:
                    31:db:12:60:71:46:ec:31:f0:64:e3:a8:7e:43:0f:
                    97:94:1a:9c:12:45:8b:7e:29:fb:19:a1:54:9d:67:
                    f2:43:17:d9:25:aa:30:5f:58:24:0b:be:e1:55:f7:
                    b7:81:ec:07:63:14:49:28:4d:c3:49:a9:69:9b:cb:
                    09:4e:b9:02:c6:5c:0d:bc:74:d3:4b:2a:4e:1e:3b:
                    2b:86:78:bc:66:75:a5:e1:ac:1f:69:2d:fc:a4:0d:
                    57:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:B5:87:A0:5E:FB:CF:F4:E5:92:5B:36:15:42:E7:BE:18:B8:66:ED
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200227.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5a5::/48
                  2a06:a005:b64::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:10:e3:4f:43:e2:7a:07:d0:5c:f8:94:dd:15:38:dd:b6:bb:
         da:2c:51:b2:b9:2d:10:16:55:87:ad:fe:e0:63:43:9b:f2:c8:
         15:19:7e:8c:c1:65:4e:ca:ab:4d:05:f8:eb:a5:d0:c9:f9:b8:
         c2:e5:cf:74:3d:fa:7b:30:21:d3:c6:52:68:28:e0:e5:37:3f:
         f2:ea:92:3c:c2:d2:cc:9e:c0:3c:43:e0:63:a3:47:4d:9a:87:
         f2:c8:53:81:e5:4f:ac:6d:9e:42:7d:6e:94:e8:b2:e2:41:df:
         3c:30:f8:8e:dd:b2:70:10:2f:6a:5f:43:00:8b:70:92:bf:3b:
         e1:fd:d1:09:b3:04:04:74:2a:b7:26:b4:fe:82:c4:6d:19:c0:
         26:91:c9:b7:eb:95:18:3f:c9:1f:ea:71:59:69:2f:77:40:18:
         0b:fe:a3:ca:7f:9c:0a:cc:a6:1d:2f:82:81:0a:f1:e4:85:74:
         4f:a6:7d:af:a6:63:89:e5:86:e6:d4:31:f0:6c:9e:5c:07:00:
         da:1c:29:75:36:06:fd:32:45:c9:2c:3d:1d:7e:fc:d2:88:18:
         bb:ba:b4:cf:8e:7f:3c:93:17:82:55:2e:a5:66:69:ca:3f:c8:
         c0:75:6f:6d:5a:ab:fb:1f:5d:46:fa:cc:2b:04:f4:f5:f5:f3:
         3f:12:5f:c7
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUCu4/QvnDMie5J4DE0Yrj3rhZ26MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNTAyMDIwNjM1MTZaFw0yNjAyMDEwNjQwMTZaMDMxMTAvBgNV
BAMTKDYzQjU4N0EwNUVGQkNGRjRFNTkyNUIzNjE1NDJFN0JFMThCODY2RUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEjiB9GjB5H257F+nsx20uiCXI
WlquN2f7pZ1OM+yuQh6OiYgLu+u7Dfj1oA+VBbpxTAvT+67nmDFCEJQcfIFZYVAU
MadrPGOB5CVyPYNNewIpbGFqAyhU1KUhur3SCEDX67gVgC9aLrcqSPWc5781GAqI
nheHEo8wRUd8tXtqnAYeS8q0kvTsZWHDZCs/HBm7nKJZKit6YsdLY5RKlCxShtoJ
0zHbEmBxRuwx8GTjqH5DD5eUGpwSRYt+KfsZoVSdZ/JDF9klqjBfWCQLvuFV97eB
7AdjFEkoTcNJqWmbywlOuQLGXA28dNNLKk4eOyuGeLxmdaXhrB9pLfykDVc5AgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUY7WHoF77z/Tlkls2FULnvhi4Zu0wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwMjI3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQWlAwcAKgagBQtkMA0GCSqGSIb3DQEBCwUA
A4IBAQAwEONPQ+J6B9Bc+JTdFTjdtrvaLFGyuS0QFlWHrf7gY0Ob8sgVGX6MwWVO
yqtNBfjrpdDJ+bjC5c90Pfp7MCHTxlJoKODlNz/y6pI8wtLMnsA8Q+Bjo0dNmofy
yFOB5U+sbZ5CfW6U6LLiQd88MPiO3bJwEC9qX0MAi3CSvzvh/dEJswQEdCq3JrT+
gsRtGcAmkcm365UYP8kf6nFZaS93QBgL/qPKf5wKzKYdL4KBCvHkhXRPpn2vpmOJ
5Ybm1DHwbJ5cBwDaHCl1Ngb9MkXJLD0dfvzSiBi7urTPjn88kxeCVS6lZmnKP8jA
dW9tWqv7H11G+swrBPT19fM/El/H
-----END CERTIFICATE-----