Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200885.roa
File:                     AS200885.roa (raw, json)
Hash identifier:          Lwmm3aKwz7UnkCn5o5tFAmLZTD/WiEWPtUnFnDDhnZY=
Subject key identifier:   7F:2F:3E:70:7F:77:AB:71:F0:52:CC:45:EA:39:4C:62:F1:44:20:28
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       10E03C6E78C861DF1E0AFCB59BD9468ABD4139A1
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200885.roa
Signing time:             Tue 05 Dec 2023 02:44:09 +0000
ROA not before:           Tue 05 Dec 2023 02:39:09 +0000
ROA not after:            Tue 03 Dec 2024 02:44:09 +0000
asID:                     200885
IP address blocks:        2a06:a005:5::/48 maxlen: 48
                          2a06:a005:26d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:e0:3c:6e:78:c8:61:df:1e:0a:fc:b5:9b:d9:46:8a:bd:41:39:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:09 2023 GMT
            Not After : Dec  3 02:44:09 2024 GMT
        Subject: CN=7F2F3E707F77AB71F052CC45EA394C62F1442028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:2a:9b:5b:c9:5b:98:ec:a2:4d:97:4d:a5:40:
                    b0:6a:e2:cf:5a:17:5e:c6:a4:ad:9b:3a:0d:8a:b9:
                    1b:44:e1:5e:fc:75:f5:6c:0a:12:37:a1:72:90:c1:
                    75:97:4c:1d:c4:54:ed:3b:c0:68:74:d7:92:97:05:
                    b0:ba:20:19:76:ef:3e:2b:cb:20:a5:4d:95:6f:9f:
                    f8:f3:75:ba:69:33:32:fc:fb:10:38:20:d7:76:1d:
                    4d:20:3d:56:0e:f6:9d:26:47:1c:fe:32:8f:87:90:
                    bf:bb:ef:52:97:2e:dd:e3:db:71:f2:80:33:65:ce:
                    09:89:5c:1e:a8:29:01:14:b6:34:69:36:93:fc:eb:
                    f1:43:63:d7:33:f2:56:49:37:09:77:96:b7:cc:99:
                    e8:de:d2:22:68:44:dc:3e:f4:af:8f:f3:ce:c3:dd:
                    e2:0f:99:2d:12:66:00:ca:ac:d4:b7:8e:76:a3:01:
                    71:e8:d4:ee:86:11:e9:8c:c4:d5:25:15:47:82:93:
                    2c:8d:5b:be:12:e6:80:8f:de:ab:7d:c2:87:2e:03:
                    00:82:9d:bb:10:34:98:8c:ee:7b:2f:6d:f7:0d:4d:
                    28:d7:05:08:19:a2:5e:38:bc:74:94:79:29:7b:4f:
                    e5:75:c8:e5:84:50:76:2f:e5:62:80:60:62:9f:26:
                    11:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:2F:3E:70:7F:77:AB:71:F0:52:CC:45:EA:39:4C:62:F1:44:20:28
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200885.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5::/48
                  2a06:a005:26d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         97:37:5b:fb:d1:ae:fb:3a:f6:18:6f:61:27:9f:b8:1b:08:ea:
         f4:a3:d2:a2:77:50:14:3b:84:be:1c:4a:f0:6e:1b:f0:81:99:
         6f:e3:86:83:1d:71:7f:06:ba:9a:f9:0c:7c:70:68:28:d5:70:
         72:f6:8c:c2:36:ef:a9:91:bc:79:fc:29:fa:5e:69:2d:d1:c2:
         9b:a6:c6:91:63:be:82:e7:b9:8b:36:33:00:e2:ee:55:ee:b2:
         4b:22:03:19:9e:45:e0:5c:77:8c:40:24:a7:27:2a:bc:94:30:
         63:80:d5:15:90:2b:ea:3c:ab:e9:16:11:2d:27:f3:05:aa:b9:
         35:4b:a8:b0:7a:29:b7:bd:95:da:a2:b3:09:68:6e:42:48:e3:
         89:1e:3d:5f:9c:29:d4:75:b2:a0:0e:6e:91:fa:f6:93:06:6e:
         04:13:75:89:0d:09:b3:d8:e5:96:1d:0b:67:9b:ed:c9:06:43:
         23:2b:0c:e1:74:d0:33:25:b8:fd:51:d3:1b:3d:9d:bd:32:32:
         14:4e:2c:f3:4d:9f:10:e1:1c:9d:e8:23:e9:f8:3e:ed:58:9a:
         04:c6:65:86:82:c5:ce:e1:ae:89:c4:46:b1:2f:5b:fc:91:1c:
         16:b0:b5:a2:5e:e4:bf:a3:71:6e:87:71:0c:e8:5a:68:2f:36:
         f8:86:28:72
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUEOA8bnjIYd8eCvy1m9lGir1BOaEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MDlaFw0yNDEyMDMwMjQ0MDlaMDMxMTAvBgNV
BAMTKDdGMkYzRTcwN0Y3N0FCNzFGMDUyQ0M0NUVBMzk0QzYyRjE0NDIwMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCKptbyVuY7KJNl02lQLBq4s9a
F17GpK2bOg2KuRtE4V78dfVsChI3oXKQwXWXTB3EVO07wGh015KXBbC6IBl27z4r
yyClTZVvn/jzdbppMzL8+xA4INd2HU0gPVYO9p0mRxz+Mo+HkL+771KXLt3j23Hy
gDNlzgmJXB6oKQEUtjRpNpP86/FDY9cz8lZJNwl3lrfMmeje0iJoRNw+9K+P887D
3eIPmS0SZgDKrNS3jnajAXHo1O6GEemMxNUlFUeCkyyNW74S5oCP3qt9wocuAwCC
nbsQNJiM7nsvbfcNTSjXBQgZol44vHSUeSl7T+V1yOWEUHYv5WKAYGKfJhHzAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUfy8+cH93q3HwUsxF6jlMYvFEICgwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwODg1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQAFAwcEKgagBSbQMA0GCSqGSIb3DQEBCwUA
A4IBAQCXN1v70a77OvYYb2Enn7gbCOr0o9Kid1AUO4S+HErwbhvwgZlv44aDHXF/
Brqa+Qx8cGgo1XBy9ozCNu+pkbx5/Cn6Xmkt0cKbpsaRY76C57mLNjMA4u5V7rJL
IgMZnkXgXHeMQCSnJyq8lDBjgNUVkCvqPKvpFhEtJ/MFqrk1S6iweim3vZXaorMJ
aG5CSOOJHj1fnCnUdbKgDm6R+vaTBm4EE3WJDQmz2OWWHQtnm+3JBkMjKwzhdNAz
Jbj9UdMbPZ29MjIUTizzTZ8Q4Ryd6CPp+D7tWJoExmWGgsXO4a6JxEaxL1v8kRwW
sLWiXuS/o3Fuh3EM6FpoLzb4hihy
-----END CERTIFICATE-----