Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201444.roa
File:                     AS201444.roa (raw, json)
Hash identifier:          IID3HS+8YR3lDIiQS+iIokQ2W4n30jsoWx9gNhdNVrY=
Subject key identifier:   B4:87:7D:68:61:9A:D7:A0:BC:29:77:2E:60:1A:54:FE:1E:74:7A:C6
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       3B8D2BF52F2B579BF7ED3D32D23BF892CE295942
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201444.roa
Signing time:             Tue 05 Nov 2024 06:40:12 +0000
ROA not before:           Tue 05 Nov 2024 06:35:12 +0000
ROA not after:            Tue 04 Nov 2025 06:40:12 +0000
asID:                     201444
IP address blocks:        2a06:a005:d44::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:8d:2b:f5:2f:2b:57:9b:f7:ed:3d:32:d2:3b:f8:92:ce:29:59:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 06:35:12 2024 GMT
            Not After : Nov  4 06:40:12 2025 GMT
        Subject: CN=B4877D68619AD7A0BC29772E601A54FE1E747AC6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:90:02:a2:47:8e:28:ed:c1:f0:3a:aa:e5:35:
                    d0:72:ce:ed:2e:e7:39:9d:80:fd:f0:82:3a:3c:2c:
                    57:f5:5c:6d:b0:d9:e4:77:87:49:3e:a4:ef:ab:e1:
                    d2:35:39:71:be:e4:46:78:48:ce:50:3a:34:d2:e4:
                    01:50:5a:87:66:e0:c9:f2:3e:b2:85:6b:7f:2c:e5:
                    59:91:28:ba:5d:ff:b3:5d:bb:f4:de:86:11:f2:1b:
                    ca:12:2b:08:90:00:d4:f4:2a:e0:7f:07:34:86:c1:
                    fb:3f:f9:be:60:96:6c:38:e2:0b:9b:84:01:08:09:
                    0a:c7:85:c5:37:44:a4:ce:69:29:be:80:bb:25:c0:
                    26:fd:d7:bc:34:d5:3d:79:18:27:00:ab:17:8b:5c:
                    05:1b:d9:6e:9a:2b:51:af:ad:8d:5e:f5:31:c4:49:
                    be:c1:bd:da:a7:1f:ce:3e:df:c5:b2:ca:dd:dd:65:
                    6d:97:f0:7c:75:ae:b1:16:07:7d:54:aa:d5:c2:b4:
                    02:6e:0b:03:1c:bb:e1:85:28:c3:3a:40:5a:3a:3a:
                    f1:17:31:76:5b:b4:a2:ef:31:f2:74:0a:97:e3:db:
                    b0:f7:43:fb:51:c6:fa:aa:10:6f:8d:0d:43:cf:92:
                    cf:03:e5:03:ca:72:c3:34:03:ed:bb:3c:ad:fc:a7:
                    fd:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:87:7D:68:61:9A:D7:A0:BC:29:77:2E:60:1A:54:FE:1E:74:7A:C6
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201444.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:d44::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:15:a9:f1:d9:e7:b8:99:03:dc:0a:b3:73:cb:de:dd:8f:64:
         4d:d7:03:56:a6:fd:92:3b:55:5a:ab:c7:ed:dd:fb:f9:4d:ed:
         7f:71:9f:8d:af:94:0c:95:35:c6:aa:f3:48:64:44:64:e3:ce:
         6f:1c:4b:b3:f2:53:43:ba:49:e4:2c:d1:24:b1:91:3b:51:19:
         79:ad:93:d1:89:71:d8:8c:1a:b3:10:c6:32:87:04:53:b7:75:
         6d:28:3e:43:aa:1f:3b:05:fd:2e:38:0b:64:8e:5f:fb:a9:a0:
         6b:b3:fd:8e:eb:1c:88:20:00:f4:10:4e:a1:d6:b8:f2:d1:36:
         e7:27:5e:b4:88:51:cf:0d:e6:fa:b5:71:ab:c6:7f:ea:41:5f:
         0f:f4:0f:c8:f8:cc:95:67:65:f9:18:01:be:a0:52:7b:dc:c4:
         68:ab:07:2c:d4:ca:92:b8:e7:15:54:d8:a6:d8:67:dc:c9:54:
         55:02:42:66:e4:35:37:63:bf:c0:8a:86:21:6b:73:3c:93:07:
         83:c4:06:2c:9c:cf:6a:55:5d:64:70:13:e7:d6:ba:73:f9:34:
         90:64:1b:40:9f:d4:72:27:fd:82:d2:c0:22:e0:88:c7:36:9c:
         58:90:2a:40:da:f1:78:af:a9:57:87:4f:71:55:fe:60:ed:1b:
         31:2d:bd:8c
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUO40r9S8rV5v37T0y0jv4ks4pWUIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwNjM1MTJaFw0yNTExMDQwNjQwMTJaMDMxMTAvBgNV
BAMTKEI0ODc3RDY4NjE5QUQ3QTBCQzI5NzcyRTYwMUE1NEZFMUU3NDdBQzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkAKiR44o7cHwOqrlNdByzu0u
5zmdgP3wgjo8LFf1XG2w2eR3h0k+pO+r4dI1OXG+5EZ4SM5QOjTS5AFQWodm4Mny
PrKFa38s5VmRKLpd/7Ndu/TehhHyG8oSKwiQANT0KuB/BzSGwfs/+b5glmw44gub
hAEICQrHhcU3RKTOaSm+gLslwCb917w01T15GCcAqxeLXAUb2W6aK1GvrY1e9THE
Sb7BvdqnH84+38Wyyt3dZW2X8Hx1rrEWB31UqtXCtAJuCwMcu+GFKMM6QFo6OvEX
MXZbtKLvMfJ0Cpfj27D3Q/tRxvqqEG+NDUPPks8D5QPKcsM0A+27PK38p/1jAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUtId9aGGa16C8KXcuYBpU/h50esYwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAxNDQ0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQ1EMA0GCSqGSIb3DQEBCwUAA4IBAQCyFanx
2ee4mQPcCrNzy97dj2RN1wNWpv2SO1Vaq8ft3fv5Te1/cZ+Nr5QMlTXGqvNIZERk
485vHEuz8lNDuknkLNEksZE7URl5rZPRiXHYjBqzEMYyhwRTt3VtKD5Dqh87Bf0u
OAtkjl/7qaBrs/2O6xyIIAD0EE6h1rjy0TbnJ160iFHPDeb6tXGrxn/qQV8P9A/I
+MyVZ2X5GAG+oFJ73MRoqwcs1MqSuOcVVNim2GfcyVRVAkJm5DU3Y7/AioYha3M8
kweDxAYsnM9qVV1kcBPn1rpz+TSQZBtAn9RyJ/2C0sAi4IjHNpxYkCpA2vF4r6lX
h09xVf5g7RsxLb2M
-----END CERTIFICATE-----