Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200954.roa
File:                     AS200954.roa (raw, json)
Hash identifier:          uL+zNqWDJM+N47k1aN3YxSsqRuD7rdtaHAXOaSRvWbA=
Subject key identifier:   C2:4D:BE:C9:0F:73:C3:B5:E6:DC:BD:48:2C:B2:55:68:6D:9F:E9:C7
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       260933640550F7CEE577EF78CE17652A3725E0BE
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200954.roa
Signing time:             Thu 04 Jan 2024 10:44:21 +0000
ROA not before:           Thu 04 Jan 2024 10:39:21 +0000
ROA not after:            Thu 02 Jan 2025 10:44:21 +0000
asID:                     200954
IP address blocks:        2a06:a005:2100::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:09:33:64:05:50:f7:ce:e5:77:ef:78:ce:17:65:2a:37:25:e0:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan  4 10:39:21 2024 GMT
            Not After : Jan  2 10:44:21 2025 GMT
        Subject: CN=C24DBEC90F73C3B5E6DCBD482CB255686D9FE9C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f1:65:c6:bf:ef:73:f0:e3:2c:a8:27:e8:d9:
                    43:08:6e:f0:89:aa:ef:71:9b:ff:c5:27:84:8f:fe:
                    58:61:d8:b6:94:7e:0a:dc:28:63:67:d3:4b:e1:a1:
                    c5:8d:a8:45:3a:fe:36:4e:72:d3:86:15:5e:f5:a2:
                    f3:08:7e:cb:c7:c2:81:0f:98:d1:4a:07:75:1b:4c:
                    3d:ad:e3:5e:c7:cc:57:71:42:3f:8b:f8:3f:0d:7a:
                    94:ac:70:90:d7:87:34:1e:59:d9:32:e5:a5:24:69:
                    cd:f6:fe:66:da:63:5d:3c:5b:30:42:f0:21:13:5a:
                    35:c0:dc:9d:87:c3:89:a9:8a:61:82:18:68:98:e8:
                    16:68:48:68:4b:f0:be:5d:c5:33:cd:97:c5:76:a4:
                    c5:83:02:49:aa:b0:5b:69:4f:37:31:d2:48:21:7b:
                    a6:b4:97:e0:ae:8b:69:f4:7d:86:ee:26:09:d8:64:
                    10:52:4d:7b:5e:7d:cb:65:19:6e:50:cd:1c:b3:57:
                    66:99:93:37:c3:bb:eb:8c:2d:38:e1:e1:4e:38:b7:
                    e9:50:3a:30:af:89:5d:55:c6:0a:37:02:a7:d4:3b:
                    8e:5f:e9:5d:54:1c:e2:39:d0:da:ae:47:a8:dd:a4:
                    2c:89:7d:34:9f:52:12:77:8f:c5:e7:0b:8a:7e:ed:
                    c2:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:4D:BE:C9:0F:73:C3:B5:E6:DC:BD:48:2C:B2:55:68:6D:9F:E9:C7
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200954.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2100::/44

    Signature Algorithm: sha256WithRSAEncryption
         6b:93:73:0d:e2:bd:cf:e8:e5:30:92:40:6d:48:34:14:33:4b:
         77:a0:b0:2c:4e:2b:4f:37:22:95:8b:f0:ff:6e:79:b4:d4:8d:
         e4:76:4f:be:66:52:28:e2:6d:f1:a6:38:67:04:19:a6:a6:ee:
         d1:a7:54:6a:a6:8b:5a:d4:12:a3:71:f1:38:3a:a4:9f:44:ca:
         37:c4:a2:0e:31:47:71:ac:76:92:e8:aa:c8:22:c4:0b:be:12:
         68:a2:f7:9c:f0:58:8b:64:1f:a3:2c:46:b0:85:e7:80:cf:cf:
         f3:0d:62:18:1e:31:37:e5:94:25:d1:55:df:6d:c3:eb:7e:36:
         ac:16:fd:e5:28:6d:ac:a6:ff:66:cb:2d:cc:80:42:88:66:22:
         aa:22:24:47:6a:14:f2:63:74:67:10:4c:25:51:3b:7b:3d:2a:
         a7:ea:a5:ff:1e:96:1a:d5:57:24:0f:b0:02:71:ac:f2:70:7e:
         f2:92:ba:b7:1e:a1:69:93:c1:df:aa:b8:b8:af:ee:87:75:3b:
         70:08:c7:00:a9:51:b6:65:46:d3:b7:81:7f:28:7d:ca:2f:51:
         4f:48:6c:d8:c0:b8:12:9b:a8:3a:67:fd:81:f2:2d:a9:87:5a:
         9b:94:f4:24:9f:ed:cb:7c:85:70:fc:d2:80:f9:f1:d7:a6:5d:
         ae:07:64:66
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUJgkzZAVQ987ld+94zhdlKjcl4L4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMDQxMDM5MjFaFw0yNTAxMDIxMDQ0MjFaMDMxMTAvBgNV
BAMTKEMyNERCRUM5MEY3M0MzQjVFNkRDQkQ0ODJDQjI1NTY4NkQ5RkU5QzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC48WXGv+9z8OMsqCfo2UMIbvCJ
qu9xm//FJ4SP/lhh2LaUfgrcKGNn00vhocWNqEU6/jZOctOGFV71ovMIfsvHwoEP
mNFKB3UbTD2t417HzFdxQj+L+D8NepSscJDXhzQeWdky5aUkac32/mbaY108WzBC
8CETWjXA3J2Hw4mpimGCGGiY6BZoSGhL8L5dxTPNl8V2pMWDAkmqsFtpTzcx0kgh
e6a0l+Cui2n0fYbuJgnYZBBSTXtefctlGW5QzRyzV2aZkzfDu+uMLTjh4U44t+lQ
OjCviV1Vxgo3AqfUO45f6V1UHOI50NquR6jdpCyJfTSfUhJ3j8XnC4p+7cL/AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUwk2+yQ9zw7Xm3L1ILLJVaG2f6ccwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwOTU0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSEAMA0GCSqGSIb3DQEBCwUAA4IBAQBrk3MN
4r3P6OUwkkBtSDQUM0t3oLAsTitPNyKVi/D/bnm01I3kdk++ZlIo4m3xpjhnBBmm
pu7Rp1Rqpota1BKjcfE4OqSfRMo3xKIOMUdxrHaS6KrIIsQLvhJoovec8FiLZB+j
LEawheeAz8/zDWIYHjE35ZQl0VXfbcPrfjasFv3lKG2spv9myy3MgEKIZiKqIiRH
ahTyY3RnEEwlUTt7PSqn6qX/HpYa1VckD7ACcazycH7ykrq3HqFpk8Hfqri4r+6H
dTtwCMcAqVG2ZUbTt4F/KH3KL1FPSGzYwLgSm6g6Z/2B8i2ph1qblPQkn+3LfIVw
/NKA+fHXpl2uB2Rm
-----END CERTIFICATE-----