Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200246.roa
File:                     AS200246.roa (raw, json)
Hash identifier:          u+Lv42J7RynX8IJcII90eVEumib4poioqddsgjypgTA=
Subject key identifier:   03:99:3E:90:7E:FF:E8:D7:49:7F:FF:B3:AF:18:39:16:44:FC:94:6D
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       7EAAAA08053B489B8A526592A19052D892BCA79D
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200246.roa
Signing time:             Thu 07 Dec 2023 01:44:21 +0000
ROA not before:           Thu 07 Dec 2023 01:39:21 +0000
ROA not after:            Thu 05 Dec 2024 01:44:21 +0000
asID:                     200246
IP address blocks:        2a06:a005:20b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:aa:aa:08:05:3b:48:9b:8a:52:65:92:a1:90:52:d8:92:bc:a7:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  7 01:39:21 2023 GMT
            Not After : Dec  5 01:44:21 2024 GMT
        Subject: CN=03993E907EFFE8D7497FFFB3AF18391644FC946D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:05:c4:60:0e:e8:93:f1:06:7b:24:e4:dc:41:
                    aa:5e:b4:51:c0:68:69:30:a0:6e:bd:c4:77:b3:83:
                    17:21:32:aa:87:ee:8a:72:25:02:fe:25:89:7c:84:
                    dd:2c:a7:9a:39:6f:83:ac:37:f4:c8:37:7d:f7:7e:
                    05:9a:6c:a1:5a:56:39:bd:53:a2:a4:5c:81:b7:69:
                    97:be:a6:e7:9a:1e:05:1f:15:5e:e3:5a:c4:50:d4:
                    d1:13:2f:c4:70:10:5c:ff:f0:ca:5a:cc:7c:96:dd:
                    6f:c3:ce:cd:a0:75:2a:a5:f8:69:3f:ea:dd:0f:0d:
                    02:42:30:50:f0:78:31:a7:dd:46:23:2e:f7:fc:bb:
                    d4:ff:55:23:43:ce:51:58:77:2b:e2:00:32:9e:9a:
                    dc:93:2a:37:73:3b:32:04:64:39:23:db:b1:f5:55:
                    49:fb:a7:93:b6:f3:2f:6e:32:53:d5:00:68:de:4e:
                    7b:22:93:0f:67:05:8e:a4:31:d6:1a:3c:9b:e8:da:
                    69:43:e8:fc:4e:27:ff:81:4e:af:77:f9:1d:ec:f8:
                    2a:42:13:4d:fb:38:2c:c7:33:47:0f:e7:54:f4:ab:
                    5f:c1:d8:e7:36:b6:2d:7e:24:8d:d6:15:35:e3:77:
                    77:36:49:f0:10:2e:e7:c8:11:42:41:12:03:84:54:
                    6e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:99:3E:90:7E:FF:E8:D7:49:7F:FF:B3:AF:18:39:16:44:FC:94:6D
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200246.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:20b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         7a:06:13:f7:96:f9:18:b5:f1:13:d4:76:53:e4:38:4d:c5:97:
         df:cb:4b:99:bd:c0:d2:50:08:e1:75:4b:c3:51:c6:05:9a:4c:
         2e:2d:d8:23:c8:01:9c:29:a8:cc:b3:1f:7a:80:19:db:c4:15:
         9f:2a:5a:79:4f:fa:dd:37:b9:da:6f:ff:57:67:ea:fe:58:27:
         03:b6:97:77:4a:75:05:d2:25:1c:85:4c:eb:25:e0:9f:a4:a7:
         fc:e0:86:9e:74:35:dc:16:3f:ed:31:bb:50:03:75:de:ea:d4:
         c2:be:82:87:a6:e5:47:30:24:5d:bc:a1:52:94:3c:2f:73:0c:
         69:0e:22:cd:7e:b9:9d:c2:f7:6e:55:69:af:1c:b5:c5:35:a2:
         01:85:91:ef:e9:81:52:95:96:78:0d:5a:2a:13:f9:83:62:7c:
         91:bc:32:d4:66:4e:7b:e4:2b:59:c6:ea:cf:b4:4c:92:44:2f:
         79:db:3d:55:04:64:00:ac:c6:00:b3:99:88:95:a2:b1:28:f9:
         4f:91:a1:17:58:57:ab:d0:42:ae:c8:04:f5:17:5a:e4:61:58:
         5c:68:2d:b4:84:9d:cf:3b:fa:60:a6:5d:02:85:dc:fc:6a:1e:
         03:18:04:a1:4d:80:96:30:f8:b5:1c:f9:25:77:04:46:55:ce:
         72:76:be:b0
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUfqqqCAU7SJuKUmWSoZBS2JK8p50wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDcwMTM5MjFaFw0yNDEyMDUwMTQ0MjFaMDMxMTAvBgNV
BAMTKDAzOTkzRTkwN0VGRkU4RDc0OTdGRkZCM0FGMTgzOTE2NDRGQzk0NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiBcRgDuiT8QZ7JOTcQapetFHA
aGkwoG69xHezgxchMqqH7opyJQL+JYl8hN0sp5o5b4OsN/TIN333fgWabKFaVjm9
U6KkXIG3aZe+pueaHgUfFV7jWsRQ1NETL8RwEFz/8MpazHyW3W/Dzs2gdSql+Gk/
6t0PDQJCMFDweDGn3UYjLvf8u9T/VSNDzlFYdyviADKemtyTKjdzOzIEZDkj27H1
VUn7p5O28y9uMlPVAGjeTnsikw9nBY6kMdYaPJvo2mlD6PxOJ/+BTq93+R3s+CpC
E037OCzHM0cP51T0q1/B2Oc2ti1+JI3WFTXjd3c2SfAQLufIEUJBEgOEVG5NAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUA5k+kH7/6NdJf/+zrxg5FkT8lG0wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwMjQ2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSCwMA0GCSqGSIb3DQEBCwUAA4IBAQB6BhP3
lvkYtfET1HZT5DhNxZffy0uZvcDSUAjhdUvDUcYFmkwuLdgjyAGcKajMsx96gBnb
xBWfKlp5T/rdN7nab/9XZ+r+WCcDtpd3SnUF0iUchUzrJeCfpKf84IaedDXcFj/t
MbtQA3Xe6tTCvoKHpuVHMCRdvKFSlDwvcwxpDiLNfrmdwvduVWmvHLXFNaIBhZHv
6YFSlZZ4DVoqE/mDYnyRvDLUZk575CtZxurPtEySRC952z1VBGQArMYAs5mIlaKx
KPlPkaEXWFer0EKuyAT1F1rkYVhcaC20hJ3PO/pgpl0Chdz8ah4DGAShTYCWMPi1
HPkldwRGVc5ydr6w
-----END CERTIFICATE-----