Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201242.roa
File:                     AS201242.roa (raw, json)
Hash identifier:          ea2nA4rIsZJXZBFewC6JKkEKenW/i2N8JpcRdY4s2SU=
Subject key identifier:   FF:54:0B:D3:D3:9D:B0:FE:DF:93:AF:E1:7D:F2:AD:2E:5B:83:BC:89
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       32CB62B7A3D9A6FE8FDA58A413E2DEBD9A31B153
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201242.roa
Signing time:             Fri 22 Nov 2024 06:40:12 +0000
ROA not before:           Fri 22 Nov 2024 06:35:12 +0000
ROA not after:            Fri 21 Nov 2025 06:40:12 +0000
asID:                     201242
IP address blocks:        2a06:a005:ba3::/48 maxlen: 48
                          2a06:a005:1084::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:24:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:cb:62:b7:a3:d9:a6:fe:8f:da:58:a4:13:e2:de:bd:9a:31:b1:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov 22 06:35:12 2024 GMT
            Not After : Nov 21 06:40:12 2025 GMT
        Subject: CN=FF540BD3D39DB0FEDF93AFE17DF2AD2E5B83BC89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a8:7b:90:12:ff:d2:69:3f:29:37:52:b0:c8:
                    f8:14:20:ea:eb:c0:9c:06:d6:cc:50:9b:54:d9:0e:
                    3f:b4:5a:ed:54:ee:aa:98:be:9c:cb:82:69:9b:cf:
                    8b:8b:6c:16:1e:81:3b:14:31:75:bb:bd:87:98:bb:
                    3f:1f:d1:93:df:5f:ca:bb:2e:43:5c:ae:23:a0:48:
                    74:0c:eb:8d:ae:bc:c9:70:69:14:52:41:13:eb:44:
                    ed:a6:18:79:05:ce:04:45:f6:3f:c2:b7:c1:be:ec:
                    2b:da:2a:83:d6:45:5a:e7:c9:a6:12:df:4d:ed:3e:
                    f6:5a:c7:3d:29:44:7f:46:63:ab:cb:a6:3a:d0:e1:
                    9d:87:4a:73:55:2f:b4:4c:56:29:d5:f2:b3:e0:a3:
                    85:70:a1:3d:4e:47:1a:bd:6a:19:e6:61:ee:24:e4:
                    87:6a:fd:82:9f:83:04:ba:97:e5:3a:fe:39:14:51:
                    2f:6e:1e:d2:a1:e3:38:59:14:9a:ac:5b:99:e3:43:
                    c1:73:55:74:a6:72:66:38:98:7e:b4:f9:09:e0:48:
                    5a:af:a5:76:28:aa:ec:91:34:60:76:b8:08:90:df:
                    76:13:e5:67:c3:81:84:2e:f6:e1:60:2c:4b:86:99:
                    28:41:bc:7f:51:62:37:51:8c:99:6a:05:27:dd:e7:
                    6a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:54:0B:D3:D3:9D:B0:FE:DF:93:AF:E1:7D:F2:AD:2E:5B:83:BC:89
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201242.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:ba3::/48
                  2a06:a005:1084::/48

    Signature Algorithm: sha256WithRSAEncryption
         d1:b3:13:68:ca:81:1d:e7:06:48:77:b3:a7:43:5d:4b:35:00:
         08:91:58:f0:33:9a:b0:d9:c0:3a:c8:df:58:a4:76:f3:59:16:
         85:b5:53:2c:15:c1:77:39:34:9e:e2:4a:9d:94:f9:2b:14:c0:
         be:c2:38:5d:71:d1:b7:f3:56:a1:2c:5f:6d:0e:bf:e7:78:aa:
         0e:a8:89:95:41:a5:7a:1e:11:7e:4a:8a:c0:2c:32:5a:76:de:
         a1:cc:66:30:95:41:11:d8:b0:81:af:a0:4e:7f:77:68:db:48:
         e5:5b:54:29:44:47:94:9e:ef:19:cb:7d:50:5d:e6:c1:8a:cf:
         1f:91:ec:b6:3c:e2:ef:f6:37:65:82:60:09:07:91:15:7f:c9:
         ba:09:8f:3a:aa:a4:2b:16:6e:ff:7c:76:21:0c:3d:1a:7d:d4:
         99:71:43:9a:10:d1:f3:c4:e7:7d:2e:5d:8c:b2:55:b2:21:ba:
         d9:ac:e5:86:e5:9a:2c:30:5a:26:ac:60:70:4d:e1:23:01:39:
         e7:b6:15:7a:9f:78:20:aa:38:87:90:0f:d5:bf:b5:02:b4:3c:
         63:c2:31:ae:59:ce:c4:ef:bf:b4:ac:7c:e5:17:f2:a0:65:f0:
         27:49:33:d2:20:1a:01:db:4e:10:e7:02:b8:5c:80:61:4c:23:
         7b:ae:05:17
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUMstit6PZpv6P2likE+LevZoxsVMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMjIwNjM1MTJaFw0yNTExMjEwNjQwMTJaMDMxMTAvBgNV
BAMTKEZGNTQwQkQzRDM5REIwRkVERjkzQUZFMTdERjJBRDJFNUI4M0JDODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOqHuQEv/SaT8pN1KwyPgUIOrr
wJwG1sxQm1TZDj+0Wu1U7qqYvpzLgmmbz4uLbBYegTsUMXW7vYeYuz8f0ZPfX8q7
LkNcriOgSHQM642uvMlwaRRSQRPrRO2mGHkFzgRF9j/Ct8G+7CvaKoPWRVrnyaYS
303tPvZaxz0pRH9GY6vLpjrQ4Z2HSnNVL7RMVinV8rPgo4VwoT1ORxq9ahnmYe4k
5Idq/YKfgwS6l+U6/jkUUS9uHtKh4zhZFJqsW5njQ8FzVXSmcmY4mH60+QngSFqv
pXYoquyRNGB2uAiQ33YT5WfDgYQu9uFgLEuGmShBvH9RYjdRjJlqBSfd52p5AgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQU/1QL09OdsP7fk6/hffKtLluDvIkwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAxMjQyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQujAwcAKgagBRCEMA0GCSqGSIb3DQEBCwUA
A4IBAQDRsxNoyoEd5wZId7OnQ11LNQAIkVjwM5qw2cA6yN9YpHbzWRaFtVMsFcF3
OTSe4kqdlPkrFMC+wjhdcdG381ahLF9tDr/neKoOqImVQaV6HhF+SorALDJadt6h
zGYwlUER2LCBr6BOf3do20jlW1QpREeUnu8Zy31QXebBis8fkey2POLv9jdlgmAJ
B5EVf8m6CY86qqQrFm7/fHYhDD0afdSZcUOaENHzxOd9Ll2MslWyIbrZrOWG5Zos
MFomrGBwTeEjATnnthV6n3ggqjiHkA/Vv7UCtDxjwjGuWc7E77+0rHzlF/KgZfAn
STPSIBoB204Q5wK4XIBhTCN7rgUX
-----END CERTIFICATE-----