Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200809.roa
File:                     AS200809.roa (raw, json)
Hash identifier:          aelC/0/y7lHeEDn7ysDc+SumRal7fZU4iWf1Y6ExAkc=
Subject key identifier:   6D:A2:0D:BC:28:50:4D:CB:E9:06:79:8E:47:F1:23:5B:12:88:41:6C
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       63271EB804581794FC4391AE29CBF43837764FDD
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200809.roa
Signing time:             Tue 05 Nov 2024 03:40:02 +0000
ROA not before:           Tue 05 Nov 2024 03:35:02 +0000
ROA not after:            Tue 04 Nov 2025 03:40:02 +0000
asID:                     200809
IP address blocks:        2a06:a005:2670::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:27:1e:b8:04:58:17:94:fc:43:91:ae:29:cb:f4:38:37:76:4f:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:02 2024 GMT
            Not After : Nov  4 03:40:02 2025 GMT
        Subject: CN=6DA20DBC28504DCBE906798E47F1235B1288416C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:cb:c5:0b:1b:6d:09:c9:be:7a:b1:f8:6c:39:
                    a3:e6:1f:24:fa:0b:88:e1:67:ee:76:4f:f2:d7:5b:
                    67:8a:0a:f6:64:69:3d:3d:69:7c:ed:df:d7:da:21:
                    30:c0:f0:59:7a:21:4a:51:d9:e1:8e:80:79:9d:02:
                    e3:6b:60:eb:08:45:2c:9f:c6:9a:98:40:61:aa:29:
                    76:6f:59:3c:04:3c:bb:75:8b:9d:8a:3d:f2:48:ff:
                    2b:f8:e6:07:c2:5d:cf:10:5a:56:53:4b:be:d3:d7:
                    5e:25:53:85:ef:1a:36:64:4b:20:92:18:c6:3f:63:
                    08:e0:67:be:37:08:77:bf:3f:a8:f9:fe:35:d9:f3:
                    90:56:d8:4f:ee:48:6c:08:ea:1e:be:26:a6:20:9d:
                    09:8d:8d:49:6f:1b:d7:82:24:42:7f:5a:ab:58:68:
                    cb:c7:da:44:e2:75:bc:ff:26:7f:9d:b1:9f:44:8c:
                    f9:b2:d8:4f:a9:74:4b:ea:7c:16:6e:83:dc:63:0a:
                    38:5c:a0:97:40:a0:ac:89:1b:db:f9:4a:2f:ed:62:
                    dd:5e:df:90:0b:c6:3d:f9:1f:35:41:ab:86:c3:9d:
                    c1:aa:43:d3:2e:c5:ae:07:8d:f5:0e:06:36:15:7d:
                    c8:3a:f6:a7:49:83:e0:bb:0d:aa:0c:98:ab:4a:32:
                    a8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:A2:0D:BC:28:50:4D:CB:E9:06:79:8E:47:F1:23:5B:12:88:41:6C
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200809.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2670::/44

    Signature Algorithm: sha256WithRSAEncryption
         d4:55:6a:27:6d:ff:55:92:c5:e9:21:f7:e3:35:f6:41:9a:8b:
         00:2f:db:a5:1a:4f:b0:d3:16:45:14:20:2e:7f:58:88:94:0a:
         7a:38:04:ae:27:31:f9:41:e3:e2:7c:d7:13:07:eb:40:b9:5d:
         f4:4d:14:bc:4f:ef:58:76:4f:cd:82:fd:13:3e:b4:05:20:8c:
         af:d8:b8:cb:64:3b:37:8a:31:d3:c8:bc:1f:10:0e:35:67:20:
         a8:3f:14:29:3f:27:fe:76:7f:06:5d:73:fe:a6:58:ab:0b:0e:
         58:c2:1a:b2:d9:d3:4a:fa:99:ac:64:77:07:82:ff:ef:77:d5:
         cc:8e:cf:c8:ff:0e:ea:51:b1:c5:00:7b:bd:f0:30:f8:59:69:
         28:73:f9:e9:c4:2d:7c:d9:da:24:1d:d7:35:2c:74:16:30:e1:
         8a:0a:54:39:98:75:4a:9a:3b:6a:33:ac:af:e3:96:bb:1d:98:
         05:5d:f1:83:03:8c:3b:0d:94:10:03:43:f7:bf:33:78:cb:08:
         d2:ed:20:02:0f:ac:84:f9:44:74:63:f1:ca:96:f2:c4:bb:99:
         f2:68:d1:7e:f6:f3:3e:2c:88:4b:dd:97:d5:be:fe:a3:a1:51:
         9f:5d:5d:a8:cd:db:b9:d9:db:50:c5:a5:ef:b1:7b:a9:fe:21:
         a3:bc:cc:52
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUYyceuARYF5T8Q5GuKcv0ODd2T90wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDJaFw0yNTExMDQwMzQwMDJaMDMxMTAvBgNV
BAMTKDZEQTIwREJDMjg1MDREQ0JFOTA2Nzk4RTQ3RjEyMzVCMTI4ODQxNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzy8ULG20Jyb56sfhsOaPmHyT6
C4jhZ+52T/LXW2eKCvZkaT09aXzt39faITDA8Fl6IUpR2eGOgHmdAuNrYOsIRSyf
xpqYQGGqKXZvWTwEPLt1i52KPfJI/yv45gfCXc8QWlZTS77T114lU4XvGjZkSyCS
GMY/YwjgZ743CHe/P6j5/jXZ85BW2E/uSGwI6h6+JqYgnQmNjUlvG9eCJEJ/WqtY
aMvH2kTidbz/Jn+dsZ9EjPmy2E+pdEvqfBZug9xjCjhcoJdAoKyJG9v5Si/tYt1e
35ALxj35HzVBq4bDncGqQ9Muxa4HjfUOBjYVfcg69qdJg+C7DaoMmKtKMqjvAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUbaINvChQTcvpBnmOR/EjWxKIQWwwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwODA5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSZwMA0GCSqGSIb3DQEBCwUAA4IBAQDUVWon
bf9VksXpIffjNfZBmosAL9ulGk+w0xZFFCAuf1iIlAp6OASuJzH5QePifNcTB+tA
uV30TRS8T+9Ydk/Ngv0TPrQFIIyv2LjLZDs3ijHTyLwfEA41ZyCoPxQpPyf+dn8G
XXP+plirCw5Ywhqy2dNK+pmsZHcHgv/vd9XMjs/I/w7qUbHFAHu98DD4WWkoc/np
xC182dokHdc1LHQWMOGKClQ5mHVKmjtqM6yv45a7HZgFXfGDA4w7DZQQA0P3vzN4
ywjS7SACD6yE+UR0Y/HKlvLEu5nyaNF+9vM+LIhL3ZfVvv6joVGfXV2ozdu52dtQ
xaXvsXup/iGjvMxS
-----END CERTIFICATE-----