Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200895.roa
File:                     AS200895.roa (raw, json)
Hash identifier:          VrN4+G1/xHN5PD9nmlpSWYO98DZjap1fLPpAko6EMvU=
Subject key identifier:   16:41:B6:E7:6D:90:C5:EE:45:89:2D:F8:A1:45:7C:DB:10:04:65:B0
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       52F128E073BB5E218FAAA5277469E671339A7989
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200895.roa
Signing time:             Tue 19 Nov 2024 15:40:12 +0000
ROA not before:           Tue 19 Nov 2024 15:35:12 +0000
ROA not after:            Tue 18 Nov 2025 15:40:12 +0000
asID:                     200895
IP address blocks:        2a06:a005:5a2::/48 maxlen: 48
                          2a06:a005:1890::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:f1:28:e0:73:bb:5e:21:8f:aa:a5:27:74:69:e6:71:33:9a:79:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov 19 15:35:12 2024 GMT
            Not After : Nov 18 15:40:12 2025 GMT
        Subject: CN=1641B6E76D90C5EE45892DF8A1457CDB100465B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5a:3e:99:4d:3b:bb:5d:b0:2e:12:07:f8:2e:
                    39:b8:ae:eb:14:ec:c4:03:cf:8d:61:1b:8d:e7:bd:
                    e8:bc:8d:97:45:2d:62:75:28:6f:07:3a:df:3e:21:
                    6e:80:53:89:2a:9e:af:08:73:c9:53:42:76:26:02:
                    39:ae:93:78:13:2a:69:a5:ad:d0:34:20:ce:da:d4:
                    fa:71:52:a9:cf:b3:99:99:ec:3e:87:30:be:3d:5e:
                    30:0a:76:62:d2:82:40:f2:64:11:7d:ef:ca:02:6c:
                    96:cb:20:15:75:29:ba:1e:17:86:c0:85:a3:3a:2e:
                    bd:61:46:c9:ab:39:c5:40:36:04:7d:f5:dd:74:98:
                    8c:b2:bf:a8:ae:94:2a:c8:b9:f0:21:91:de:e8:91:
                    98:2d:4e:53:95:7a:26:ea:b9:b2:58:66:eb:3e:6c:
                    7a:3e:ff:0a:7b:26:50:8a:cd:dd:b0:a4:cf:80:ff:
                    f7:cc:88:70:0d:58:29:2f:17:4f:7e:9c:ef:5d:8a:
                    fd:0d:e4:bb:6b:38:84:f9:5e:e0:15:f9:09:0c:db:
                    d7:8f:8a:19:69:c3:f7:0a:f7:59:ff:36:c8:83:05:
                    e0:9a:3b:61:ed:34:c1:e7:a0:5d:1a:c3:1b:c7:73:
                    06:6e:53:8b:ed:20:e1:f8:2b:48:e3:49:8b:72:1d:
                    1c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:41:B6:E7:6D:90:C5:EE:45:89:2D:F8:A1:45:7C:DB:10:04:65:B0
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200895.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5a2::/48
                  2a06:a005:1890::/44

    Signature Algorithm: sha256WithRSAEncryption
         a7:09:2a:e6:9f:f8:ca:39:08:9d:c9:8e:13:aa:65:dc:da:6c:
         5e:35:24:ae:1d:bb:04:6b:29:da:a7:3d:e8:2a:64:b5:30:0a:
         e2:e8:96:dd:e7:10:8d:2a:c1:97:7e:1a:08:ba:1c:09:87:ee:
         74:69:4f:ea:64:dd:5d:db:84:a8:06:14:bb:ab:3d:51:02:0b:
         9d:86:99:e6:06:c8:7b:a0:5f:a8:1d:5f:c3:4e:0c:5e:3d:bc:
         2d:ef:c8:18:ce:a6:e2:d2:c6:38:26:e3:73:e0:13:2d:ba:d7:
         02:35:be:5c:eb:05:c8:b6:56:d6:0c:1b:51:32:1e:e5:70:e2:
         5b:cf:39:c4:16:bd:b8:d8:d8:4e:4e:96:c4:99:4c:46:b6:82:
         e5:d9:43:d4:17:75:76:5a:29:a7:1a:a3:1e:5e:0a:8b:6d:65:
         71:6f:97:84:cd:7e:1e:57:c5:dc:7b:43:e8:67:f8:25:65:61:
         af:89:0a:57:76:72:bb:b2:4b:87:ac:6c:ea:3d:bc:c6:08:7d:
         89:a6:d6:75:78:62:4d:37:6d:a4:e7:13:2c:d2:6f:3f:59:87:
         1a:00:2d:d9:46:04:b1:4a:58:83:da:e4:ca:41:c9:94:65:39:
         80:21:d5:3e:86:b9:0d:2d:4f:93:74:33:88:b8:c8:95:f8:70:
         94:04:68:21
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUUvEo4HO7XiGPqqUndGnmcTOaeYkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMTkxNTM1MTJaFw0yNTExMTgxNTQwMTJaMDMxMTAvBgNV
BAMTKDE2NDFCNkU3NkQ5MEM1RUU0NTg5MkRGOEExNDU3Q0RCMTAwNDY1QjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDWj6ZTTu7XbAuEgf4Ljm4rusU
7MQDz41hG43nvei8jZdFLWJ1KG8HOt8+IW6AU4kqnq8Ic8lTQnYmAjmuk3gTKmml
rdA0IM7a1PpxUqnPs5mZ7D6HML49XjAKdmLSgkDyZBF978oCbJbLIBV1KboeF4bA
haM6Lr1hRsmrOcVANgR99d10mIyyv6iulCrIufAhkd7okZgtTlOVeibqubJYZus+
bHo+/wp7JlCKzd2wpM+A//fMiHANWCkvF09+nO9div0N5LtrOIT5XuAV+QkM29eP
ihlpw/cK91n/NsiDBeCaO2HtNMHnoF0awxvHcwZuU4vtIOH4K0jjSYtyHRx9AgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUFkG2522Qxe5FiS34oUV82xAEZbAwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwODk1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQWiAwcEKgagBRiQMA0GCSqGSIb3DQEBCwUA
A4IBAQCnCSrmn/jKOQidyY4TqmXc2mxeNSSuHbsEaynapz3oKmS1MAri6Jbd5xCN
KsGXfhoIuhwJh+50aU/qZN1d24SoBhS7qz1RAgudhpnmBsh7oF+oHV/DTgxePbwt
78gYzqbi0sY4JuNz4BMtutcCNb5c6wXItlbWDBtRMh7lcOJbzznEFr242NhOTpbE
mUxGtoLl2UPUF3V2WimnGqMeXgqLbWVxb5eEzX4eV8Xce0PoZ/glZWGviQpXdnK7
skuHrGzqPbzGCH2JptZ1eGJNN22k5xMs0m8/WYcaAC3ZRgSxSliD2uTKQcmUZTmA
IdU+hrkNLU+TdDOIuMiV+HCUBGgh
-----END CERTIFICATE-----