Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200545.roa
File:                     AS200545.roa (raw, json)
Hash identifier:          S3l2ZcWmXJvxIe/Ra/MmgkJbeglvLCfy9aCjxCwrHiI=
Subject key identifier:   D9:FA:59:BC:3F:13:4C:32:88:EF:77:D0:DC:24:34:F9:7C:8F:DA:ED
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       2DE0C6B0EAB898C56CA4D56102A129C3209C2E8E
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200545.roa
Signing time:             Mon 01 Jan 2024 08:44:21 +0000
ROA not before:           Mon 01 Jan 2024 08:39:21 +0000
ROA not after:            Mon 30 Dec 2024 08:44:21 +0000
asID:                     200545
IP address blocks:        2a06:a005:dc0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:e0:c6:b0:ea:b8:98:c5:6c:a4:d5:61:02:a1:29:c3:20:9c:2e:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan  1 08:39:21 2024 GMT
            Not After : Dec 30 08:44:21 2024 GMT
        Subject: CN=D9FA59BC3F134C3288EF77D0DC2434F97C8FDAED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:cd:c6:39:bd:2a:5d:4b:01:8a:a6:04:c9:1c:
                    c7:d3:f3:3c:65:ea:bb:2f:f1:8f:97:62:26:33:4a:
                    13:10:99:37:1e:dc:81:d9:b1:04:24:de:49:ef:dc:
                    5f:4e:68:e6:3f:81:a4:7f:1a:73:3a:06:47:1f:68:
                    c2:ea:db:a4:65:43:ad:b7:0b:4b:1c:e7:a7:cd:e1:
                    62:e5:f7:b6:66:8d:43:f5:0f:25:e4:1d:7c:58:25:
                    e4:eb:d6:73:53:49:a2:5d:5b:3f:50:9d:21:d5:08:
                    bb:1e:4b:2b:20:8c:a2:63:d5:5c:a5:09:dd:d0:c8:
                    f4:1e:23:2a:38:3c:c4:b8:df:d2:f5:3d:9b:e9:9e:
                    62:31:32:4e:9c:76:00:3c:ba:09:b6:0a:8b:f2:28:
                    4c:5d:92:06:86:a5:e4:56:12:7e:f3:c1:78:66:01:
                    62:c9:59:3e:16:69:67:c6:48:36:69:49:85:8f:6a:
                    31:5d:28:fd:bd:de:60:5d:c5:09:2e:f0:d2:62:40:
                    03:0d:43:4e:e5:15:80:18:ad:77:c0:a3:f7:9e:21:
                    33:1e:59:ef:a0:12:17:fc:7d:8d:ef:c1:ef:a8:b4:
                    c9:c3:a9:e3:9f:7d:6f:eb:da:f3:fa:3f:f2:dc:52:
                    dc:b5:a1:89:18:e7:9a:37:53:50:7b:63:3c:37:96:
                    b5:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:FA:59:BC:3F:13:4C:32:88:EF:77:D0:DC:24:34:F9:7C:8F:DA:ED
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200545.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:dc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         97:3f:b5:c4:4b:6d:74:3c:2d:92:f9:5a:2f:af:07:61:27:56:
         c8:66:23:83:69:a6:b3:e4:b9:25:25:09:f6:72:c8:c7:ab:1b:
         ee:c6:8e:cd:23:42:dc:c4:0b:ac:f0:e9:a2:3c:5b:ab:99:32:
         b4:a1:bf:aa:c8:28:26:4b:84:e1:5b:83:c7:7e:e4:be:05:98:
         ad:5d:4b:2e:17:d3:72:c2:4e:56:94:79:f6:33:c1:c3:25:e1:
         34:10:86:12:b7:82:91:aa:e9:08:58:8e:93:33:88:55:7e:00:
         36:ec:1c:17:25:c8:bc:97:25:79:87:24:b5:f8:4c:3f:4b:a6:
         16:89:21:bd:39:8b:46:28:db:24:d1:56:18:89:ba:23:25:7c:
         18:47:0f:ce:26:a5:c6:d0:f1:dd:4a:f8:c0:f3:2e:1e:a2:4a:
         4d:b9:68:3b:59:b2:0d:dc:c9:1e:e6:59:11:e2:bd:b5:9b:2e:
         c2:d2:94:c3:f6:5b:a4:3e:6c:ec:19:b7:3d:d0:ee:b4:44:f1:
         a8:7c:0d:01:b0:06:f7:44:89:9d:1e:65:86:da:43:f2:4d:0d:
         a1:d8:b6:b9:d9:85:c2:0e:18:29:77:f3:1c:b0:d1:8b:9d:25:
         0c:51:1c:87:fa:8a:9e:3f:c4:71:13:aa:1b:6f:7b:aa:22:07:
         fa:30:27:ae
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIULeDGsOq4mMVspNVhAqEpwyCcLo4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMDEwODM5MjFaFw0yNDEyMzAwODQ0MjFaMDMxMTAvBgNV
BAMTKEQ5RkE1OUJDM0YxMzRDMzI4OEVGNzdEMERDMjQzNEY5N0M4RkRBRUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvzcY5vSpdSwGKpgTJHMfT8zxl
6rsv8Y+XYiYzShMQmTce3IHZsQQk3knv3F9OaOY/gaR/GnM6BkcfaMLq26RlQ623
C0sc56fN4WLl97ZmjUP1DyXkHXxYJeTr1nNTSaJdWz9QnSHVCLseSysgjKJj1Vyl
Cd3QyPQeIyo4PMS439L1PZvpnmIxMk6cdgA8ugm2CovyKExdkgaGpeRWEn7zwXhm
AWLJWT4WaWfGSDZpSYWPajFdKP293mBdxQku8NJiQAMNQ07lFYAYrXfAo/eeITMe
We+gEhf8fY3vwe+otMnDqeOffW/r2vP6P/LcUty1oYkY55o3U1B7Yzw3lrUhAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU2fpZvD8TTDKI73fQ3CQ0+XyP2u0wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwNTQ1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQ3AMA0GCSqGSIb3DQEBCwUAA4IBAQCXP7XE
S210PC2S+VovrwdhJ1bIZiODaaaz5LklJQn2csjHqxvuxo7NI0LcxAus8OmiPFur
mTK0ob+qyCgmS4ThW4PHfuS+BZitXUsuF9Nywk5WlHn2M8HDJeE0EIYSt4KRqukI
WI6TM4hVfgA27BwXJci8lyV5hyS1+Ew/S6YWiSG9OYtGKNsk0VYYibojJXwYRw/O
JqXG0PHdSvjA8y4eokpNuWg7WbIN3Mke5lkR4r21my7C0pTD9lukPmzsGbc90O60
RPGofA0BsAb3RImdHmWG2kPyTQ2h2La52YXCDhgpd/McsNGLnSUMURyH+oqeP8Rx
E6obb3uqIgf6MCeu
-----END CERTIFICATE-----