Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200959.roa
File:                     AS200959.roa (raw, json)
Hash identifier:          NZK/FIFa0gWEGdmqY66vGqYQ+9VEv9ivB1RRDNkNYbk=
Subject key identifier:   4F:F0:37:11:A9:C3:DB:5D:8C:65:D8:CA:08:E8:09:FA:A0:DD:61:35
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       67F8E4B3B4141475C62A3C6301B1C2889EE61AC0
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200959.roa
Signing time:             Mon 02 Dec 2024 17:40:12 +0000
ROA not before:           Mon 02 Dec 2024 17:35:12 +0000
ROA not after:            Mon 01 Dec 2025 17:40:12 +0000
asID:                     200959
IP address blocks:        2a06:a005:e50::/44 maxlen: 48
                          2a06:a005:e70::/44 maxlen: 48
                          2a06:a005:2040::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:24:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:f8:e4:b3:b4:14:14:75:c6:2a:3c:63:01:b1:c2:88:9e:e6:1a:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  2 17:35:12 2024 GMT
            Not After : Dec  1 17:40:12 2025 GMT
        Subject: CN=4FF03711A9C3DB5D8C65D8CA08E809FAA0DD6135
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d8:bb:19:d5:11:01:fd:b5:35:fe:f7:23:00:
                    04:03:12:69:a5:19:27:88:91:1a:e2:22:09:c2:ad:
                    89:10:b7:58:5a:66:e0:cc:65:23:cc:5d:f9:f2:38:
                    1a:4e:8b:64:81:f0:11:40:28:13:1e:b9:16:8d:37:
                    bc:40:9e:49:ee:3a:5d:61:99:ab:94:d7:1e:f2:3f:
                    da:c7:16:5b:55:18:b6:3d:8d:e1:09:b8:2b:3d:57:
                    2c:b6:c7:ba:fa:dd:68:70:d6:bb:84:2a:cc:51:82:
                    72:41:9c:61:cf:1f:86:b8:c9:6e:ad:7c:36:e7:f7:
                    91:2a:99:43:0a:8a:31:e9:5a:ee:b1:22:95:1f:9b:
                    6d:fd:31:9a:34:e5:84:4d:5a:b5:78:f0:68:f6:f4:
                    7b:1e:fb:d7:5c:6b:99:17:c8:fa:1e:f9:b3:47:07:
                    a2:b3:c3:9f:f3:a9:05:a6:35:e5:06:0f:d7:cd:03:
                    f0:3f:c6:fb:ec:6b:85:a2:fa:fb:b2:0c:63:10:ec:
                    f0:59:40:e6:7d:e0:f0:23:d6:93:02:a5:40:25:0d:
                    86:69:ba:fb:57:bb:b6:74:4e:23:28:ef:78:af:31:
                    2b:6c:b0:f4:27:cd:4a:04:80:ce:fd:13:98:b6:8b:
                    71:06:de:00:d1:24:12:dd:e1:ac:8d:40:01:5b:ea:
                    b3:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:F0:37:11:A9:C3:DB:5D:8C:65:D8:CA:08:E8:09:FA:A0:DD:61:35
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200959.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:e50::/44
                  2a06:a005:e70::/44
                  2a06:a005:2040::/44

    Signature Algorithm: sha256WithRSAEncryption
         b6:b6:44:60:14:0d:de:d2:a2:23:77:d5:7e:e4:2b:12:a9:3d:
         36:2b:9d:1a:62:42:41:4f:13:47:96:1a:00:f9:8d:36:07:42:
         d2:0a:1b:e0:1b:81:46:ea:f5:a7:27:7a:96:a9:45:88:a9:1f:
         39:ad:18:ef:00:4d:6f:82:b1:df:e9:97:b6:ef:1b:aa:82:a3:
         ad:27:f2:e5:db:b3:71:ff:ed:06:da:7a:a3:a2:ba:98:82:6b:
         25:73:f8:89:f9:f2:e7:37:7d:93:aa:61:95:fd:e2:40:15:3d:
         6a:df:af:d2:4e:d5:fc:cb:8f:e7:a0:f4:e3:2d:b2:e0:20:74:
         3e:3a:48:70:29:22:01:f5:40:ed:40:43:7e:67:6f:e0:58:2c:
         34:a6:1c:f3:2e:39:c3:5f:24:bc:21:60:4a:0a:ec:e6:2f:a0:
         94:0b:6c:a7:23:ac:b4:c0:c7:fe:d7:34:62:6c:b3:1e:4e:35:
         78:c9:5d:95:79:85:3c:7b:41:e3:71:7b:e5:ed:0f:51:41:ad:
         f2:f7:ba:f4:b1:04:aa:0a:b6:22:49:b6:96:fb:ae:85:b1:ab:
         c8:ca:9b:93:41:17:dd:c5:ca:56:f8:56:7a:73:27:03:60:cd:
         35:e1:69:d9:0d:be:8e:77:f8:40:a9:5c:cb:b0:2f:e6:7e:49:
         20:a2:31:96
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUZ/jks7QUFHXGKjxjAbHCiJ7mGsAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDEyMDIxNzM1MTJaFw0yNTEyMDExNzQwMTJaMDMxMTAvBgNV
BAMTKDRGRjAzNzExQTlDM0RCNUQ4QzY1RDhDQTA4RTgwOUZBQTBERDYxMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA2LsZ1REB/bU1/vcjAAQDEmml
GSeIkRriIgnCrYkQt1haZuDMZSPMXfnyOBpOi2SB8BFAKBMeuRaNN7xAnknuOl1h
mauU1x7yP9rHFltVGLY9jeEJuCs9Vyy2x7r63Whw1ruEKsxRgnJBnGHPH4a4yW6t
fDbn95EqmUMKijHpWu6xIpUfm239MZo05YRNWrV48Gj29Hse+9dca5kXyPoe+bNH
B6Kzw5/zqQWmNeUGD9fNA/A/xvvsa4Wi+vuyDGMQ7PBZQOZ94PAj1pMCpUAlDYZp
uvtXu7Z0TiMo73ivMStssPQnzUoEgM79E5i2i3EG3gDRJBLd4ayNQAFb6rPzAgMB
AAGjggIEMIICADAdBgNVHQ4EFgQUT/A3EanD212MZdjKCOgJ+qDdYTUwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwOTU5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcEKgagBQ5QAwcEKgagBQ5wAwcEKgagBSBAMA0GCSqG
SIb3DQEBCwUAA4IBAQC2tkRgFA3e0qIjd9V+5CsSqT02K50aYkJBTxNHlhoA+Y02
B0LSChvgG4FG6vWnJ3qWqUWIqR85rRjvAE1vgrHf6Ze27xuqgqOtJ/Ll27Nx/+0G
2nqjorqYgmslc/iJ+fLnN32TqmGV/eJAFT1q36/STtX8y4/noPTjLbLgIHQ+Okhw
KSIB9UDtQEN+Z2/gWCw0phzzLjnDXyS8IWBKCuzmL6CUC2ynI6y0wMf+1zRibLMe
TjV4yV2VeYU8e0HjcXvl7Q9RQa3y97r0sQSqCrYiSbaW+66FsavIypuTQRfdxcpW
+FZ6cycDYM014WnZDb6Od/hAqVzLsC/mfkkgojGW
-----END CERTIFICATE-----