Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201412.roa
File:                     AS201412.roa (raw, json)
Hash identifier:          pNd2DdA9bH1JVwal+OSXDL4kpNWgp6bL/U0oIsyfotk=
Subject key identifier:   BC:E0:3A:37:11:A0:AA:47:38:93:32:19:94:80:4E:F2:6A:B7:FB:CB
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       6619AC4BF6F61DDEFE47B10FEB891EC180298827
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201412.roa
Signing time:             Thu 28 Dec 2023 18:44:21 +0000
ROA not before:           Thu 28 Dec 2023 18:39:21 +0000
ROA not after:            Thu 26 Dec 2024 18:44:21 +0000
asID:                     201412
IP address blocks:        2a06:a005:2c70::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:19:ac:4b:f6:f6:1d:de:fe:47:b1:0f:eb:89:1e:c1:80:29:88:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec 28 18:39:21 2023 GMT
            Not After : Dec 26 18:44:21 2024 GMT
        Subject: CN=BCE03A3711A0AA473893321994804EF26AB7FBCB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b4:ef:c8:9a:7d:a5:a2:ed:5e:c5:ff:8c:69:
                    8f:b0:80:fe:4e:d8:49:e4:08:76:ab:01:16:91:8d:
                    f3:50:72:a5:b7:ff:c5:a7:1e:a2:80:ea:4d:68:78:
                    b9:f4:d5:2a:01:bb:28:40:d6:59:a6:06:c0:98:33:
                    56:29:c0:97:b8:1b:ff:28:f8:2a:b9:95:0b:59:1c:
                    a8:1b:4d:ca:83:1d:73:a3:4b:02:1a:5a:a3:65:6c:
                    0c:68:8c:5f:c8:54:59:f0:a1:ee:92:71:ba:01:dd:
                    81:e3:7d:83:3b:5b:8e:07:8f:24:66:e2:96:c5:a2:
                    4b:8d:1a:4d:09:1b:d9:81:38:bd:7c:63:8e:ef:2a:
                    2d:d0:ef:b1:6d:c5:8d:79:60:c9:50:15:32:c9:36:
                    5c:96:99:a4:c3:d7:14:20:0d:f5:51:8e:12:ba:f3:
                    e5:43:16:3c:8e:07:ea:a0:15:56:ea:9f:8c:50:83:
                    39:b5:dc:52:35:22:d5:a0:d1:e4:dc:6e:a0:fd:d9:
                    f7:16:52:10:9a:80:19:5b:8f:31:07:0d:cd:2c:d8:
                    ad:c6:1d:b3:63:a8:2a:c3:f2:af:e5:51:99:08:34:
                    82:22:19:60:a4:89:c7:40:b7:11:de:7b:5d:21:60:
                    ad:a1:38:29:ed:28:10:56:e5:98:47:6c:5d:80:87:
                    a3:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:E0:3A:37:11:A0:AA:47:38:93:32:19:94:80:4E:F2:6A:B7:FB:CB
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201412.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2c70::/44

    Signature Algorithm: sha256WithRSAEncryption
         24:68:3b:b1:ad:ff:b7:76:97:ac:92:d3:31:c5:b1:f6:24:47:
         47:12:8e:63:e6:f6:da:fd:48:e3:34:de:fd:81:2d:e0:ca:20:
         b3:12:3b:cb:4f:ad:ba:9a:f2:9e:2c:49:59:72:72:5c:4a:6a:
         50:9d:bd:da:e1:8d:9f:fb:7d:5c:2a:62:b1:78:4f:7a:5e:79:
         1b:cf:f3:54:b9:1c:f2:7d:9e:a2:e5:c6:0a:05:e5:24:75:93:
         ce:e3:ef:7f:10:67:8b:46:8d:7a:db:ba:a1:53:4c:6f:d4:fb:
         d2:24:de:5e:c4:bd:32:c2:28:ed:f6:5c:e0:58:af:37:1c:27:
         41:ec:d8:8c:22:90:18:20:f2:a2:37:a3:95:87:b1:60:29:c3:
         56:73:28:b3:b3:fb:f8:73:ce:e9:6d:63:22:46:21:ef:ce:38:
         c2:09:c9:67:c5:87:b9:7c:36:9a:c1:da:2f:b8:5a:bb:49:31:
         60:0f:f6:a1:78:90:12:65:75:c7:72:e4:2c:95:b2:06:e9:ff:
         9e:de:9b:77:e7:ef:3a:96:ec:13:82:63:f5:f4:8f:0e:46:15:
         0b:bd:29:34:8b:a2:6b:47:94:75:f0:64:3e:a9:27:1f:27:83:
         40:57:bd:8a:40:89:d9:13:99:fb:ba:a9:f4:45:b0:1e:5a:d0:
         80:16:c4:bd
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUZhmsS/b2Hd7+R7EP64kewYApiCcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMjgxODM5MjFaFw0yNDEyMjYxODQ0MjFaMDMxMTAvBgNV
BAMTKEJDRTAzQTM3MTFBMEFBNDczODkzMzIxOTk0ODA0RUYyNkFCN0ZCQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8tO/Imn2lou1exf+MaY+wgP5O
2EnkCHarARaRjfNQcqW3/8WnHqKA6k1oeLn01SoBuyhA1lmmBsCYM1YpwJe4G/8o
+Cq5lQtZHKgbTcqDHXOjSwIaWqNlbAxojF/IVFnwoe6ScboB3YHjfYM7W44HjyRm
4pbFokuNGk0JG9mBOL18Y47vKi3Q77FtxY15YMlQFTLJNlyWmaTD1xQgDfVRjhK6
8+VDFjyOB+qgFVbqn4xQgzm13FI1ItWg0eTcbqD92fcWUhCagBlbjzEHDc0s2K3G
HbNjqCrD8q/lUZkINIIiGWCkicdAtxHee10hYK2hOCntKBBW5ZhHbF2Ah6PnAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUvOA6NxGgqkc4kzIZlIBO8mq3+8swHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAxNDEyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSxwMA0GCSqGSIb3DQEBCwUAA4IBAQAkaDux
rf+3dpesktMxxbH2JEdHEo5j5vba/UjjNN79gS3gyiCzEjvLT626mvKeLElZcnJc
SmpQnb3a4Y2f+31cKmKxeE96Xnkbz/NUuRzyfZ6i5cYKBeUkdZPO4+9/EGeLRo16
27qhU0xv1PvSJN5exL0ywijt9lzgWK83HCdB7NiMIpAYIPKiN6OVh7FgKcNWcyiz
s/v4c87pbWMiRiHvzjjCCclnxYe5fDaawdovuFq7STFgD/aheJASZXXHcuQslbIG
6f+e3pt35+86luwTgmP19I8ORhULvSk0i6JrR5R18GQ+qScfJ4NAV72KQInZE5n7
uqn0RbAeWtCAFsS9
-----END CERTIFICATE-----