Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201504.roa
File:                     AS201504.roa (raw, json)
Hash identifier:          vXifXPwDJqTuCn/IoasD0I5qoA+bKSnoBVdqlQUtxC8=
Subject key identifier:   6F:EC:07:77:70:24:FC:94:BE:21:B5:F3:0E:54:A3:17:7D:D2:AE:94
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       2986F1E2C4D51B0FFC07C4220E0B42A53130B094
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201504.roa
Signing time:             Thu 08 Feb 2024 17:44:24 +0000
ROA not before:           Thu 08 Feb 2024 17:39:24 +0000
ROA not after:            Thu 06 Feb 2025 17:44:24 +0000
asID:                     201504
IP address blocks:        2a06:a005:2ec0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:86:f1:e2:c4:d5:1b:0f:fc:07:c4:22:0e:0b:42:a5:31:30:b0:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Feb  8 17:39:24 2024 GMT
            Not After : Feb  6 17:44:24 2025 GMT
        Subject: CN=6FEC07777024FC94BE21B5F30E54A3177DD2AE94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e7:2c:a2:7c:3b:79:ab:44:5a:67:6c:6c:63:
                    47:9c:16:43:f6:0b:74:71:1b:a9:58:be:0f:48:01:
                    1f:6f:ec:b0:a4:46:89:47:ae:b3:56:79:8b:a5:e4:
                    f6:30:b4:25:36:72:29:00:8e:3e:20:a6:28:37:8f:
                    3a:ed:6b:ad:cc:17:b7:ed:f4:ff:c9:bc:a1:b9:d2:
                    9c:36:5d:85:04:7d:ae:80:00:63:c5:89:65:4b:bc:
                    54:a2:79:d5:fc:12:58:90:06:f0:cf:42:7c:e8:33:
                    f8:7a:25:dd:a4:b3:f9:d0:d1:ac:f0:64:5b:67:90:
                    af:64:34:b8:58:d6:a7:79:69:31:18:54:a2:a4:e0:
                    f3:bf:36:7e:8d:7e:fc:a6:ee:b2:df:3a:40:51:01:
                    51:03:04:d6:d3:2e:fb:4a:61:ba:a9:4c:09:a2:2c:
                    de:3e:ae:24:3f:a9:d9:d6:14:42:83:f6:2c:79:79:
                    ab:bc:61:60:d9:69:b1:4a:70:db:8b:8f:38:36:4d:
                    49:23:8f:fa:63:74:dd:ff:57:39:6c:78:4d:c6:61:
                    2b:ad:04:33:54:d5:b0:84:ba:4d:94:d3:80:03:26:
                    36:3c:c8:3c:91:96:60:14:b8:7b:13:a5:2c:bc:0e:
                    c5:fe:c5:90:aa:61:e1:46:00:20:78:53:12:7f:83:
                    bb:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:EC:07:77:70:24:FC:94:BE:21:B5:F3:0E:54:A3:17:7D:D2:AE:94
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201504.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2ec0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9a:9c:d2:8e:1c:c1:60:00:56:ba:46:f1:50:7f:66:64:df:fc:
         f6:c5:34:64:08:fc:71:c5:63:02:bd:5d:13:5d:7f:bb:98:6e:
         8f:33:db:6e:20:eb:a5:84:30:5d:e5:88:7b:76:74:96:19:f2:
         29:c5:a5:84:ed:ea:96:25:5f:6c:44:75:50:22:c8:1a:57:9b:
         4a:0a:44:53:06:f7:cf:73:2f:8c:fc:d6:6b:d5:29:44:a0:9b:
         3b:37:7d:7b:3b:a0:63:82:4f:dc:95:55:dd:e1:b1:03:df:17:
         ec:c6:a6:81:55:bf:5c:16:4c:75:1e:6c:4a:ed:c6:80:76:fa:
         5a:53:43:68:c0:ef:4f:41:f7:67:d1:ae:0d:12:fd:e9:7c:95:
         71:6a:7b:f8:e9:3f:d0:05:08:7f:12:8b:ef:bb:80:86:25:de:
         8e:dd:46:74:3d:c2:35:bf:1c:78:6c:ff:f1:da:ae:01:ac:f5:
         67:f6:81:96:be:d7:76:30:92:f9:6d:d0:af:e3:3b:90:21:f6:
         f4:1d:b1:96:5d:13:d9:23:67:75:7d:2e:61:90:fa:14:7d:d0:
         11:1a:19:02:39:38:0c:2d:53:1e:c1:94:e0:ac:f0:22:03:a2:
         80:90:b5:95:fc:f2:cc:1f:21:93:e7:10:58:9c:9a:06:be:2d:
         84:ae:b1:75
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUKYbx4sTVGw/8B8QiDgtCpTEwsJQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAyMDgxNzM5MjRaFw0yNTAyMDYxNzQ0MjRaMDMxMTAvBgNV
BAMTKDZGRUMwNzc3NzAyNEZDOTRCRTIxQjVGMzBFNTRBMzE3N0REMkFFOTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA5yyifDt5q0RaZ2xsY0ecFkP2
C3RxG6lYvg9IAR9v7LCkRolHrrNWeYul5PYwtCU2cikAjj4gpig3jzrta63MF7ft
9P/JvKG50pw2XYUEfa6AAGPFiWVLvFSiedX8EliQBvDPQnzoM/h6Jd2ks/nQ0azw
ZFtnkK9kNLhY1qd5aTEYVKKk4PO/Nn6Nfvym7rLfOkBRAVEDBNbTLvtKYbqpTAmi
LN4+riQ/qdnWFEKD9ix5eau8YWDZabFKcNuLjzg2TUkjj/pjdN3/VzlseE3GYSut
BDNU1bCEuk2U04ADJjY8yDyRlmAUuHsTpSy8DsX+xZCqYeFGACB4UxJ/g7tbAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUb+wHd3Ak/JS+IbXzDlSjF33SrpQwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAxNTA0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBS7AMA0GCSqGSIb3DQEBCwUAA4IBAQCanNKO
HMFgAFa6RvFQf2Zk3/z2xTRkCPxxxWMCvV0TXX+7mG6PM9tuIOulhDBd5Yh7dnSW
GfIpxaWE7eqWJV9sRHVQIsgaV5tKCkRTBvfPcy+M/NZr1SlEoJs7N317O6Bjgk/c
lVXd4bED3xfsxqaBVb9cFkx1HmxK7caAdvpaU0NowO9PQfdn0a4NEv3pfJVxanv4
6T/QBQh/Eovvu4CGJd6O3UZ0PcI1vxx4bP/x2q4BrPVn9oGWvtd2MJL5bdCv4zuQ
Ifb0HbGWXRPZI2d1fS5hkPoUfdARGhkCOTgMLVMewZTgrPAiA6KAkLWV/PLMHyGT
5xBYnJoGvi2ErrF1
-----END CERTIFICATE-----