Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200866.roa
File:                     AS200866.roa (raw, json)
Hash identifier:          ffBXBUnkzrbUSzBIeM0Eu9dVa0PToYpbtijUpfMX9V0=
Subject key identifier:   38:8B:74:52:E1:C5:B8:F6:0A:90:5C:B3:8E:E2:89:20:FB:26:A3:08
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       04CE35480EDFDC2C232BCAD4DC4FEAE7536FAAB0
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200866.roa
Signing time:             Tue 05 Nov 2024 03:40:06 +0000
ROA not before:           Tue 05 Nov 2024 03:35:06 +0000
ROA not after:            Tue 04 Nov 2025 03:40:06 +0000
asID:                     200866
IP address blocks:        2a06:a005:2370::/44 maxlen: 48
                          2a06:a005:26e0::/44 maxlen: 48
                          2a06:a005:26f0::/44 maxlen: 48
                          2a06:a005:2700::/44 maxlen: 48
                          2a06:a005:2710::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:ce:35:48:0e:df:dc:2c:23:2b:ca:d4:dc:4f:ea:e7:53:6f:aa:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:06 2024 GMT
            Not After : Nov  4 03:40:06 2025 GMT
        Subject: CN=388B7452E1C5B8F60A905CB38EE28920FB26A308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:fe:87:b6:58:85:8b:ff:e8:06:81:ea:80:97:
                    05:aa:af:b4:e7:0e:84:b7:c8:12:0e:9b:39:d1:c9:
                    60:74:1c:04:4f:5e:a3:3b:ad:93:20:c6:ad:ec:a2:
                    0a:22:bc:c3:d0:44:5d:50:68:32:cc:e3:81:ed:66:
                    93:30:ec:04:dd:00:40:59:21:f2:36:7d:48:a0:d5:
                    ee:28:2e:ef:a5:04:25:88:0b:e1:be:a9:52:84:18:
                    e1:f6:69:e5:9e:a3:45:63:99:b2:83:03:da:78:e3:
                    f2:ab:64:24:b6:78:a0:4d:c2:a2:98:25:67:42:9a:
                    1c:e0:cc:ba:c3:89:83:55:09:d9:ba:96:fa:81:59:
                    19:d2:4f:3f:86:68:e2:5b:ef:4a:33:5e:6f:e2:c7:
                    98:2e:d1:c2:73:8b:94:64:50:31:5a:69:99:c0:38:
                    75:ae:6c:f8:df:78:75:95:26:97:37:25:29:c9:4e:
                    1e:5e:b4:c4:e0:7e:76:fd:7d:92:02:1a:5a:0b:29:
                    d4:67:95:cc:1b:bf:6c:fc:3b:38:3c:11:1c:43:c0:
                    08:39:e4:94:e7:43:c5:1b:f3:c1:bc:49:a5:c8:8d:
                    8e:7f:3c:50:7e:4d:36:73:74:18:fd:fa:06:b5:0a:
                    ff:e3:32:ee:3c:26:70:0e:5a:fe:ea:16:e5:9f:31:
                    24:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:8B:74:52:E1:C5:B8:F6:0A:90:5C:B3:8E:E2:89:20:FB:26:A3:08
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2370::/44
                  2a06:a005:26e0::-2a06:a005:271f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         19:d9:a6:4f:ba:55:89:78:7f:de:11:da:3b:43:7d:aa:29:08:
         db:f5:3d:70:bb:56:21:f8:2e:69:47:b9:38:97:53:8c:d1:6c:
         3c:da:e3:df:f3:41:85:f5:d0:1c:3d:da:dc:c5:bf:c8:65:0d:
         1d:40:f1:09:ac:fd:02:36:b9:5d:29:2c:ba:31:cc:69:42:a1:
         9e:22:f5:76:d3:19:a4:a8:36:18:15:96:41:d2:87:c8:ac:8b:
         eb:de:7f:06:52:6a:8f:21:b3:9b:aa:28:4b:17:07:bc:a7:ea:
         c6:b9:08:e7:6b:18:4c:ba:32:57:cf:9f:b4:ec:74:47:85:58:
         b0:9f:22:36:39:b8:f3:01:af:a1:4c:46:e2:57:f3:79:9c:d9:
         e4:24:6d:cd:31:7b:94:27:d3:b3:f0:9f:17:22:55:59:cb:ca:
         bc:19:56:09:7e:57:34:6f:82:a2:d6:a6:a9:de:09:ec:d6:2a:
         43:30:3b:17:92:56:ac:77:89:75:b7:2c:42:3c:a1:4a:8f:21:
         4b:5c:95:fd:34:38:04:52:4d:28:23:1a:be:d5:62:ec:32:fa:
         f7:91:ff:c6:53:d9:0a:fe:95:d0:40:46:9b:67:43:98:51:d2:
         b1:b6:a6:98:a9:8b:90:75:b2:65:39:65:a9:e6:d6:8d:e2:41:
         2d:91:55:51
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgIUBM41SA7f3CwjK8rU3E/q51NvqrAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDZaFw0yNTExMDQwMzQwMDZaMDMxMTAvBgNV
BAMTKDM4OEI3NDUyRTFDNUI4RjYwQTkwNUNCMzhFRTI4OTIwRkIyNkEzMDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU/oe2WIWL/+gGgeqAlwWqr7Tn
DoS3yBIOmznRyWB0HARPXqM7rZMgxq3sogoivMPQRF1QaDLM44HtZpMw7ATdAEBZ
IfI2fUig1e4oLu+lBCWIC+G+qVKEGOH2aeWeo0VjmbKDA9p44/KrZCS2eKBNwqKY
JWdCmhzgzLrDiYNVCdm6lvqBWRnSTz+GaOJb70ozXm/ix5gu0cJzi5RkUDFaaZnA
OHWubPjfeHWVJpc3JSnJTh5etMTgfnb9fZICGloLKdRnlcwbv2z8Ozg8ERxDwAg5
5JTnQ8Ub88G8SaXIjY5/PFB+TTZzdBj9+ga1Cv/jMu48JnAOWv7qFuWfMSRNAgMB
AAGjggIGMIICAjAdBgNVHQ4EFgQUOIt0UuHFuPYKkFyzjuKJIPsmowgwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwODY2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEH
AQH/BCcwJTAjBAIAAjAdAwcEKgagBSNwMBIDBwUqBqAFJuADBwUqBqAFJwAwDQYJ
KoZIhvcNAQELBQADggEBABnZpk+6VYl4f94R2jtDfaopCNv1PXC7ViH4LmlHuTiX
U4zRbDza49/zQYX10Bw92tzFv8hlDR1A8Qms/QI2uV0pLLoxzGlCoZ4i9XbTGaSo
NhgVlkHSh8isi+vefwZSao8hs5uqKEsXB7yn6sa5COdrGEy6MlfPn7TsdEeFWLCf
IjY5uPMBr6FMRuJX83mc2eQkbc0xe5Qn07PwnxciVVnLyrwZVgl+VzRvgqLWpqne
CezWKkMwOxeSVqx3iXW3LEI8oUqPIUtclf00OARSTSgjGr7VYuwy+veR/8ZT2Qr+
ldBARptnQ5hR0rG2ppipi5B1smU5Zanm1o3iQS2RVVE=
-----END CERTIFICATE-----