Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200795.roa
File:                     AS200795.roa (raw, json)
Hash identifier:          dSeOSl+DcQxnVGgAJ/ey/ThpdYm8p7nvHV25aCus2BM=
Subject key identifier:   C3:8D:03:62:83:6F:C2:CD:A2:EA:65:A5:26:C9:1D:71:4B:87:F9:87
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       72CC914EC5D46237DA82A94771EFA712CB2B88FC
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200795.roa
Signing time:             Mon 12 Feb 2024 01:44:24 +0000
ROA not before:           Mon 12 Feb 2024 01:39:24 +0000
ROA not after:            Mon 10 Feb 2025 01:44:24 +0000
asID:                     200795
IP address blocks:        2a06:a005:2f00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:cc:91:4e:c5:d4:62:37:da:82:a9:47:71:ef:a7:12:cb:2b:88:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Feb 12 01:39:24 2024 GMT
            Not After : Feb 10 01:44:24 2025 GMT
        Subject: CN=C38D0362836FC2CDA2EA65A526C91D714B87F987
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:63:af:c8:05:f0:95:84:f5:98:08:b4:f3:c4:
                    db:32:87:2a:df:4c:f3:b0:07:25:74:df:19:22:3e:
                    89:e0:2f:05:3d:a9:b2:2e:34:19:43:67:ba:74:77:
                    fb:2b:1f:6d:e5:56:b4:56:92:91:11:ef:be:34:12:
                    52:f8:d3:ee:79:98:0f:8d:c8:e7:7c:5a:6b:6b:d5:
                    8a:13:3b:29:44:56:87:7c:68:16:01:c3:43:45:40:
                    64:24:28:36:b9:a0:c9:9c:7c:0c:4d:e0:a5:35:10:
                    ca:54:22:44:79:a6:26:a0:54:5a:42:f8:e0:85:46:
                    86:dc:3e:48:81:32:2d:6d:be:b8:4c:7c:20:ed:c1:
                    c5:cd:b6:b4:6e:1f:33:a3:fa:ef:eb:c7:8f:ee:23:
                    9d:e4:4b:2e:2c:93:19:37:e1:ef:00:0d:6d:57:02:
                    b6:5a:b0:71:32:7f:a9:ef:13:89:cb:bb:15:47:e7:
                    ae:8a:66:9e:6a:fc:56:49:d6:2a:08:2d:65:19:2b:
                    1a:88:23:3a:07:fb:51:25:d0:f3:0f:f4:33:ec:f5:
                    2e:30:28:0b:3e:b1:d2:d6:0c:7b:3b:36:aa:88:c4:
                    c6:47:30:fd:02:eb:e2:62:b1:68:27:79:9f:ee:3d:
                    e5:a9:0c:9f:70:b0:7a:81:96:91:6c:f7:4f:57:07:
                    80:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:8D:03:62:83:6F:C2:CD:A2:EA:65:A5:26:C9:1D:71:4B:87:F9:87
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200795.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2f00::/44

    Signature Algorithm: sha256WithRSAEncryption
         22:c5:83:f4:46:cb:43:e8:57:5f:54:e2:7f:e7:79:cc:32:65:
         2e:bc:8c:e8:f5:e3:95:d7:d3:91:a2:82:d1:9a:3b:58:cb:66:
         23:6a:d4:be:1c:ba:40:99:96:f8:8b:de:b2:de:c2:58:b7:4a:
         51:16:f1:90:3d:20:83:34:d0:31:d5:f3:1c:6c:ce:06:c0:e3:
         07:7a:6c:9b:f1:e9:56:3b:98:b4:43:94:ca:b8:5e:54:c4:bd:
         7b:7e:68:7d:57:48:30:8c:15:02:d2:00:c8:fd:c0:8d:2b:13:
         1e:4c:5e:5b:e2:d3:db:cf:cc:56:f4:5e:3d:5f:8f:52:a1:8f:
         3b:51:ae:96:73:88:c3:ae:a4:62:f4:9e:8a:2a:50:d2:7e:d0:
         1b:1c:43:f1:98:11:25:d3:48:f9:40:4a:00:0f:f5:8a:29:6e:
         ef:e2:dc:33:b8:cc:5b:71:60:85:27:c2:e2:e5:bc:2c:8d:dd:
         fc:c9:17:45:e6:d1:31:98:a9:ee:cf:98:8c:e8:b1:ec:c3:22:
         24:07:d2:2b:97:6f:1e:6a:91:9b:bc:99:2e:9b:66:ec:9c:e0:
         9e:81:74:60:9e:6a:48:4c:4f:71:5b:74:99:21:94:9c:79:3e:
         20:2e:cc:f8:b7:71:10:6f:93:cf:d4:d0:d6:1e:e5:bc:3b:76:
         35:01:d0:a6
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUcsyRTsXUYjfagqlHce+nEssriPwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAyMTIwMTM5MjRaFw0yNTAyMTAwMTQ0MjRaMDMxMTAvBgNV
BAMTKEMzOEQwMzYyODM2RkMyQ0RBMkVBNjVBNTI2QzkxRDcxNEI4N0Y5ODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7Y6/IBfCVhPWYCLTzxNsyhyrf
TPOwByV03xkiPongLwU9qbIuNBlDZ7p0d/srH23lVrRWkpER7740ElL40+55mA+N
yOd8Wmtr1YoTOylEVod8aBYBw0NFQGQkKDa5oMmcfAxN4KU1EMpUIkR5piagVFpC
+OCFRobcPkiBMi1tvrhMfCDtwcXNtrRuHzOj+u/rx4/uI53kSy4skxk34e8ADW1X
ArZasHEyf6nvE4nLuxVH566KZp5q/FZJ1ioILWUZKxqIIzoH+1El0PMP9DPs9S4w
KAs+sdLWDHs7NqqIxMZHMP0C6+JisWgneZ/uPeWpDJ9wsHqBlpFs909XB4DhAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUw40DYoNvws2i6mWlJskdcUuH+YcwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwNzk1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBS8AMA0GCSqGSIb3DQEBCwUAA4IBAQAixYP0
RstD6FdfVOJ/53nMMmUuvIzo9eOV19ORooLRmjtYy2YjatS+HLpAmZb4i96y3sJY
t0pRFvGQPSCDNNAx1fMcbM4GwOMHemyb8elWO5i0Q5TKuF5UxL17fmh9V0gwjBUC
0gDI/cCNKxMeTF5b4tPbz8xW9F49X49SoY87Ua6Wc4jDrqRi9J6KKlDSftAbHEPx
mBEl00j5QEoAD/WKKW7v4twzuMxbcWCFJ8Li5bwsjd38yRdF5tExmKnuz5iM6LHs
wyIkB9Irl28eapGbvJkum2bsnOCegXRgnmpITE9xW3SZIZSceT4gLsz4t3EQb5PP
1NDWHuW8O3Y1AdCm
-----END CERTIFICATE-----