Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200965.roa
File:                     AS200965.roa (raw, json)
Hash identifier:          10lebOgnbLaDdlu8Hvy/eSR+Oj0R/6M7MlVvTaUYqVk=
Subject key identifier:   F8:3D:C8:5E:6F:37:13:E1:B4:8B:8B:0F:F4:57:6E:75:0E:D4:D1:15
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       0133C5E34790233B82E7255B8C42DBDC54F587D8
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200965.roa
Signing time:             Tue 05 Nov 2024 03:40:06 +0000
ROA not before:           Tue 05 Nov 2024 03:35:06 +0000
ROA not after:            Tue 04 Nov 2025 03:40:06 +0000
asID:                     200965
IP address blocks:        2a06:a005:24a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:33:c5:e3:47:90:23:3b:82:e7:25:5b:8c:42:db:dc:54:f5:87:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:06 2024 GMT
            Not After : Nov  4 03:40:06 2025 GMT
        Subject: CN=F83DC85E6F3713E1B48B8B0FF4576E750ED4D115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:d4:e7:0b:4f:00:4f:89:01:2c:8d:18:aa:12:
                    dc:cd:38:d8:bb:49:dd:88:c9:67:b0:ae:58:2c:9e:
                    f4:f5:f0:dc:44:f0:4b:3e:70:64:63:c0:9d:89:4c:
                    c4:de:58:a9:e0:66:5b:da:cf:de:20:cd:4a:1e:9a:
                    59:ea:1a:65:5a:4f:43:e1:22:16:fa:c6:90:01:77:
                    6e:31:fc:87:31:b6:02:03:6a:59:13:24:36:99:c8:
                    f3:44:48:65:3d:aa:78:0a:ea:ed:37:5a:99:37:dd:
                    a2:6a:a7:2d:23:68:8f:28:f0:e8:68:15:e4:76:1f:
                    cd:38:de:ea:d6:77:d4:db:aa:c4:da:da:2b:01:92:
                    79:2a:c0:e6:25:3b:e1:6d:aa:a5:9b:f4:18:30:e5:
                    5d:ee:69:b4:49:a9:42:78:bd:00:0b:fb:f8:18:8a:
                    db:76:7d:c1:cc:5e:1f:0b:26:1a:70:af:62:8d:6c:
                    64:ff:a6:bb:7b:a8:50:79:c7:1f:a4:82:9e:90:c4:
                    31:a5:c0:67:3d:13:b9:47:3a:55:e3:cf:67:44:33:
                    67:41:f3:cb:b3:25:18:72:d1:2a:45:32:17:e2:dc:
                    8c:65:11:28:c3:e5:6a:d1:ab:92:32:08:fb:4c:a6:
                    d9:ab:35:90:10:b9:e9:eb:51:83:15:b0:af:19:14:
                    dc:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:3D:C8:5E:6F:37:13:E1:B4:8B:8B:0F:F4:57:6E:75:0E:D4:D1:15
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200965.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:24a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         74:86:96:63:27:3a:52:02:1c:63:18:85:01:3f:0f:c0:4f:3b:
         9a:f0:f7:72:15:2c:2e:24:34:7b:27:56:52:01:39:91:85:10:
         3e:03:0e:bc:4a:bb:2d:ee:5d:da:57:d8:48:65:6c:84:53:96:
         56:26:95:a2:32:aa:cc:df:fb:66:0c:aa:49:dc:76:eb:c4:34:
         68:20:b0:0e:d5:63:8f:6b:90:96:86:a2:35:00:c8:82:24:6c:
         8a:ad:64:1d:bc:6d:5c:28:4c:10:18:1a:33:1d:40:9e:f2:d7:
         1c:1a:d1:05:ff:7e:3f:f5:08:47:b6:35:a7:06:38:ac:c4:fb:
         a7:f2:e1:64:02:e1:4e:fd:eb:13:0c:aa:3a:22:fa:8b:63:73:
         f2:60:e0:93:f4:8c:e0:55:3a:b0:59:84:46:17:1f:d7:25:63:
         94:48:80:75:80:22:2f:cf:fd:41:7d:5a:1e:89:65:45:5b:33:
         69:8e:5c:9f:df:cc:fa:aa:f1:49:d5:8e:a2:a7:bd:46:ad:18:
         81:28:f1:a8:41:e1:2f:ff:1d:e7:48:7a:07:93:10:db:20:df:
         c6:9e:01:3f:3a:c6:00:14:45:47:df:ee:5c:31:6e:10:68:51:
         6f:3f:12:85:c0:5d:ff:c9:28:d3:0a:5d:44:90:7a:1a:78:f5:
         e4:d7:f8:19
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUATPF40eQIzuC5yVbjELb3FT1h9gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDZaFw0yNTExMDQwMzQwMDZaMDMxMTAvBgNV
BAMTKEY4M0RDODVFNkYzNzEzRTFCNDhCOEIwRkY0NTc2RTc1MEVENEQxMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp1OcLTwBPiQEsjRiqEtzNONi7
Sd2IyWewrlgsnvT18NxE8Es+cGRjwJ2JTMTeWKngZlvaz94gzUoemlnqGmVaT0Ph
Ihb6xpABd24x/IcxtgIDalkTJDaZyPNESGU9qngK6u03Wpk33aJqpy0jaI8o8Oho
FeR2H8043urWd9TbqsTa2isBknkqwOYlO+FtqqWb9Bgw5V3uabRJqUJ4vQAL+/gY
itt2fcHMXh8LJhpwr2KNbGT/prt7qFB5xx+kgp6QxDGlwGc9E7lHOlXjz2dEM2dB
88uzJRhy0SpFMhfi3IxlESjD5WrRq5IyCPtMptmrNZAQuenrUYMVsK8ZFNwNAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU+D3IXm83E+G0i4sP9FdudQ7U0RUwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwOTY1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSSgMA0GCSqGSIb3DQEBCwUAA4IBAQB0hpZj
JzpSAhxjGIUBPw/ATzua8PdyFSwuJDR7J1ZSATmRhRA+Aw68Srst7l3aV9hIZWyE
U5ZWJpWiMqrM3/tmDKpJ3HbrxDRoILAO1WOPa5CWhqI1AMiCJGyKrWQdvG1cKEwQ
GBozHUCe8tccGtEF/34/9QhHtjWnBjisxPun8uFkAuFO/esTDKo6IvqLY3PyYOCT
9IzgVTqwWYRGFx/XJWOUSIB1gCIvz/1BfVoeiWVFWzNpjlyf38z6qvFJ1Y6ip71G
rRiBKPGoQeEv/x3nSHoHkxDbIN/GngE/OsYAFEVH3+5cMW4QaFFvPxKFwF3/ySjT
Cl1EkHoaePXk1/gZ
-----END CERTIFICATE-----