Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200872.roa
File:                     AS200872.roa (raw, json)
Hash identifier:          LOo+PlLfxFxpIxNxqRxcc40cXKbXt3ROkBT4TSvXpmo=
Subject key identifier:   32:56:29:A2:CE:78:C6:23:00:27:0A:C9:41:C9:5F:B8:37:78:C3:41
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       799ED996FD7EABABEC111ADA311CD1AE993FD1F6
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200872.roa
Signing time:             Tue 05 Nov 2024 03:40:10 +0000
ROA not before:           Tue 05 Nov 2024 03:35:10 +0000
ROA not after:            Tue 04 Nov 2025 03:40:10 +0000
asID:                     200872
IP address blocks:        2a06:a005:24f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:9e:d9:96:fd:7e:ab:ab:ec:11:1a:da:31:1c:d1:ae:99:3f:d1:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:10 2024 GMT
            Not After : Nov  4 03:40:10 2025 GMT
        Subject: CN=325629A2CE78C62300270AC941C95FB83778C341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d5:1c:97:4e:ea:da:69:fa:e0:51:16:ee:de:
                    9a:0d:97:32:8c:0f:04:9f:44:59:2f:ff:73:c0:6a:
                    8b:dd:a0:ee:8a:2f:49:ea:cf:ea:b5:fb:12:68:d5:
                    4e:bb:8d:90:cb:2c:fb:48:3c:13:92:68:11:da:8d:
                    03:96:64:7a:fc:2b:da:7e:65:0f:fa:4a:09:c1:5b:
                    56:9e:bf:c7:d5:62:93:9f:7b:1f:87:0a:ec:d3:99:
                    6b:51:c7:43:64:4b:19:05:96:4d:61:97:c2:38:2b:
                    02:2b:1e:dc:13:6f:a2:c1:e4:73:73:45:cf:eb:af:
                    12:2b:f8:07:f1:73:a9:02:96:88:25:85:97:f7:19:
                    63:4a:a8:18:fe:89:aa:92:c8:36:c1:a6:c4:80:68:
                    93:a4:ca:f0:d4:e8:6d:8a:ee:4c:e5:f1:f5:36:5e:
                    cd:5e:36:28:09:9e:2d:6e:fe:7c:cd:8b:f0:eb:70:
                    e3:52:6e:6b:f8:cb:4a:07:41:f6:56:8c:26:88:39:
                    67:13:f8:b8:7b:24:11:0f:31:76:3c:cd:b5:99:01:
                    38:52:17:d2:5d:d5:a0:a4:d8:3b:c5:d0:0b:ee:f1:
                    9c:0c:12:ea:05:90:2d:80:9c:d0:b2:6b:ba:a2:37:
                    4b:4d:09:02:8a:2b:60:58:f3:25:01:88:b9:30:38:
                    bb:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:56:29:A2:CE:78:C6:23:00:27:0A:C9:41:C9:5F:B8:37:78:C3:41
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200872.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:24f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9c:59:d9:76:29:8e:3c:e3:f0:4c:c1:6b:c0:9e:d4:61:28:99:
         4e:b3:af:92:06:52:90:e0:f7:0e:ae:10:0b:ea:d1:b5:6f:31:
         ce:df:b0:6f:d4:64:8c:af:ac:ea:33:29:01:57:6b:02:eb:d5:
         a0:e3:23:05:6b:5e:36:37:e5:02:ea:93:8e:41:38:a3:ce:05:
         6b:61:b2:42:0c:fe:cd:c3:3e:d8:ef:a8:84:32:8c:a5:f3:48:
         00:c5:11:8e:9d:91:b8:5e:b8:8f:c0:c3:cb:74:34:56:0a:47:
         45:53:2b:77:60:46:7e:7d:44:39:34:1e:9b:f9:25:43:6e:64:
         91:8d:d6:a1:8e:f7:2a:c7:4c:aa:b5:e5:83:3d:9b:bf:5b:99:
         40:aa:a2:8f:c6:4e:15:45:b4:9f:53:d0:06:8e:51:a1:be:48:
         05:6a:49:af:fe:18:bd:4e:f8:b6:06:87:dc:2e:d7:8d:bf:d0:
         73:0e:3f:f1:4b:1d:72:0d:92:ea:bf:b9:24:e4:38:ef:dd:ab:
         6c:84:b0:e9:0e:de:72:7b:3d:b9:1e:b0:01:00:48:02:2b:dd:
         7d:c5:db:00:0d:16:a2:e6:b9:c3:bf:90:84:93:0d:58:ce:4a:
         0e:38:0b:fd:a3:d8:30:2f:9d:a0:3c:c3:ce:8f:5b:0f:60:89:
         c0:0b:b8:db
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUeZ7Zlv1+q6vsERraMRzRrpk/0fYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MTBaFw0yNTExMDQwMzQwMTBaMDMxMTAvBgNV
BAMTKDMyNTYyOUEyQ0U3OEM2MjMwMDI3MEFDOTQxQzk1RkI4Mzc3OEMzNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo1RyXTuraafrgURbu3poNlzKM
DwSfRFkv/3PAaovdoO6KL0nqz+q1+xJo1U67jZDLLPtIPBOSaBHajQOWZHr8K9p+
ZQ/6SgnBW1aev8fVYpOfex+HCuzTmWtRx0NkSxkFlk1hl8I4KwIrHtwTb6LB5HNz
Rc/rrxIr+Afxc6kCloglhZf3GWNKqBj+iaqSyDbBpsSAaJOkyvDU6G2K7kzl8fU2
Xs1eNigJni1u/nzNi/DrcONSbmv4y0oHQfZWjCaIOWcT+Lh7JBEPMXY8zbWZAThS
F9Jd1aCk2DvF0Avu8ZwMEuoFkC2AnNCya7qiN0tNCQKKK2BY8yUBiLkwOLs/AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUMlYpos54xiMAJwrJQclfuDd4w0EwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwODcyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSTwMA0GCSqGSIb3DQEBCwUAA4IBAQCcWdl2
KY484/BMwWvAntRhKJlOs6+SBlKQ4PcOrhAL6tG1bzHO37Bv1GSMr6zqMykBV2sC
69Wg4yMFa142N+UC6pOOQTijzgVrYbJCDP7Nwz7Y76iEMoyl80gAxRGOnZG4XriP
wMPLdDRWCkdFUyt3YEZ+fUQ5NB6b+SVDbmSRjdahjvcqx0yqteWDPZu/W5lAqqKP
xk4VRbSfU9AGjlGhvkgFakmv/hi9Tvi2BofcLteNv9BzDj/xSx1yDZLqv7kk5Djv
3atshLDpDt5yez25HrABAEgCK919xdsADRai5rnDv5CEkw1YzkoOOAv9o9gwL52g
PMPOj1sPYInAC7jb
-----END CERTIFICATE-----