Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201398.roa
File:                     AS201398.roa (raw, json)
Hash identifier:          Lc2FImMyobVfmEuQoCw+IUbqYIlaIqWmfUwpr2gBgSU=
Subject key identifier:   08:BA:29:FC:B5:A8:60:5C:28:BF:CC:EF:4A:A6:BD:17:17:E8:00:07
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       5BFC17DDD061F2083A0A5FD5899F566F9E3CA77D
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201398.roa
Signing time:             Tue 05 Nov 2024 03:40:09 +0000
ROA not before:           Tue 05 Nov 2024 03:35:09 +0000
ROA not after:            Tue 04 Nov 2025 03:40:09 +0000
asID:                     201398
IP address blocks:        2a06:a005:108f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:fc:17:dd:d0:61:f2:08:3a:0a:5f:d5:89:9f:56:6f:9e:3c:a7:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:09 2024 GMT
            Not After : Nov  4 03:40:09 2025 GMT
        Subject: CN=08BA29FCB5A8605C28BFCCEF4AA6BD1717E80007
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:95:e9:fd:90:ea:62:ae:c9:83:ac:5d:fd:13:
                    f3:0f:53:5e:03:e3:b9:88:aa:3a:9a:80:51:5e:96:
                    b6:34:08:2a:a7:45:85:ef:b1:da:0e:70:ed:e5:7a:
                    0a:e6:c6:52:17:c5:1a:4e:c5:70:ea:4d:df:e0:9f:
                    ec:ce:3b:cc:76:09:a2:2f:b0:fb:29:e3:0c:41:f8:
                    4d:70:13:49:0d:33:e2:c2:82:7e:77:96:3f:29:c8:
                    38:59:a3:f3:bc:4a:f2:dc:95:c8:9d:93:1d:60:df:
                    f0:fa:62:02:25:a1:b9:5d:55:6f:40:56:24:0b:6e:
                    7f:45:ba:f8:43:e4:5c:0d:cd:bf:64:e4:88:b6:45:
                    f7:a2:3e:a8:9a:63:5a:c4:f0:4b:04:b2:f7:1b:49:
                    6f:84:39:be:0b:8f:1f:ec:fe:e7:b9:0e:af:1a:ea:
                    80:ff:e8:dc:15:b3:2a:06:84:61:e7:32:af:5e:45:
                    a7:6c:06:ba:26:8a:4f:55:75:31:3e:34:d6:c5:9c:
                    4b:32:d4:65:89:c3:0e:16:9a:9f:ab:35:e6:e2:a8:
                    6c:be:2d:f2:14:12:98:b8:f2:3e:d4:ce:82:0f:69:
                    80:93:22:e5:1d:ca:5f:cb:a4:fa:a3:5e:33:cf:ee:
                    c3:78:34:98:2f:8e:74:86:54:20:0d:2a:1d:d9:e3:
                    5c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:BA:29:FC:B5:A8:60:5C:28:BF:CC:EF:4A:A6:BD:17:17:E8:00:07
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201398.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:108f::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:a0:2b:b8:be:ae:7f:60:2b:3e:b3:54:cd:31:76:44:98:e7:
         34:db:b5:f8:66:62:05:db:33:6d:f3:18:01:80:6b:31:63:72:
         0a:d3:83:3e:a2:34:db:53:e9:84:25:f4:71:37:68:b2:d9:af:
         3a:04:87:f2:e3:ae:29:fd:2f:4d:ce:5e:7f:1b:0e:db:01:dd:
         5a:dd:bc:fc:fa:5f:74:81:60:d8:2e:20:5e:18:d2:19:3d:63:
         0a:06:88:61:b5:b5:ae:2c:75:0f:11:e0:ca:87:2e:ef:14:e4:
         98:74:9f:fc:33:c2:69:a5:25:b0:1e:31:af:7e:05:2c:86:61:
         31:e3:f0:45:c9:e8:d7:8d:21:2f:8d:78:7c:58:99:5b:9b:b1:
         a7:a1:f3:9c:d3:64:e3:3a:2b:18:16:67:f7:4f:13:2d:9a:b3:
         f6:f7:a3:76:7b:d3:11:0d:64:16:59:cb:c4:96:f0:98:ed:f8:
         4d:2b:f2:54:f9:27:60:7d:11:b6:03:67:14:16:4b:31:0a:ec:
         08:dc:12:e0:2c:e7:e5:a5:14:49:a8:ec:a0:13:d1:11:a8:2a:
         23:92:e9:64:51:04:cb:33:c7:ef:a6:69:9a:b4:71:b9:e5:15:
         82:77:13:2f:48:27:2a:51:18:a3:b3:73:b1:7f:d9:a4:ba:b2:
         bb:57:07:f1
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUW/wX3dBh8gg6Cl/ViZ9Wb548p30wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDlaFw0yNTExMDQwMzQwMDlaMDMxMTAvBgNV
BAMTKDA4QkEyOUZDQjVBODYwNUMyOEJGQ0NFRjRBQTZCRDE3MTdFODAwMDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChlen9kOpirsmDrF39E/MPU14D
47mIqjqagFFelrY0CCqnRYXvsdoOcO3legrmxlIXxRpOxXDqTd/gn+zOO8x2CaIv
sPsp4wxB+E1wE0kNM+LCgn53lj8pyDhZo/O8SvLclcidkx1g3/D6YgIlobldVW9A
ViQLbn9FuvhD5FwNzb9k5Ii2RfeiPqiaY1rE8EsEsvcbSW+EOb4Ljx/s/ue5Dq8a
6oD/6NwVsyoGhGHnMq9eRadsBromik9VdTE+NNbFnEsy1GWJww4Wmp+rNebiqGy+
LfIUEpi48j7UzoIPaYCTIuUdyl/LpPqjXjPP7sN4NJgvjnSGVCANKh3Z41wvAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUCLop/LWoYFwov8zvSqa9FxfoAAcwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAxMzk4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBRCPMA0GCSqGSIb3DQEBCwUAA4IBAQCeoCu4
vq5/YCs+s1TNMXZEmOc027X4ZmIF2zNt8xgBgGsxY3IK04M+ojTbU+mEJfRxN2iy
2a86BIfy464p/S9Nzl5/Gw7bAd1a3bz8+l90gWDYLiBeGNIZPWMKBohhtbWuLHUP
EeDKhy7vFOSYdJ/8M8JppSWwHjGvfgUshmEx4/BFyejXjSEvjXh8WJlbm7GnofOc
02TjOisYFmf3TxMtmrP296N2e9MRDWQWWcvElvCY7fhNK/JU+SdgfRG2A2cUFksx
CuwI3BLgLOflpRRJqOygE9ERqCojkulkUQTLM8fvpmmatHG55RWCdxMvSCcqURij
s3Oxf9mkurK7Vwfx
-----END CERTIFICATE-----