Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201733.roa
File:                     AS201733.roa (raw, json)
Hash identifier:          br8HGEMZgkgyqUJ+OgSu3c4bVJ+h13L8PCSO/aQzG9A=
Subject key identifier:   08:D3:D3:AB:FD:66:64:37:63:06:D9:F3:0E:72:C9:F2:4D:36:3A:CD
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       1BECE7EA03AE3D9019A3500FE0CFC0097CACA018
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201733.roa
Signing time:             Tue 05 Dec 2023 02:44:16 +0000
ROA not before:           Tue 05 Dec 2023 02:39:16 +0000
ROA not after:            Tue 03 Dec 2024 02:44:16 +0000
asID:                     201733
IP address blocks:        2a06:a005:2360::/44 maxlen: 48
                          2a06:a005:23c0::/44 maxlen: 48
                          2a06:a005:2460::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:ec:e7:ea:03:ae:3d:90:19:a3:50:0f:e0:cf:c0:09:7c:ac:a0:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:16 2023 GMT
            Not After : Dec  3 02:44:16 2024 GMT
        Subject: CN=08D3D3ABFD6664376306D9F30E72C9F24D363ACD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a4:78:ef:3a:64:f3:f9:b3:ee:31:68:59:a3:
                    8f:0a:0d:dd:bf:76:51:82:73:92:6f:3e:b6:b9:b9:
                    51:1c:32:2e:b2:c0:a7:81:ab:a8:f7:13:07:9f:6d:
                    06:d3:53:fa:ae:39:92:55:67:6c:b5:e4:4c:51:f7:
                    32:85:ec:5f:87:0f:69:09:d5:38:86:18:e7:ac:9d:
                    8c:73:da:36:61:94:00:ea:a7:30:04:ee:83:28:3e:
                    aa:e1:73:83:c8:1f:7c:06:cd:cf:10:50:17:2c:fe:
                    ae:ed:58:f1:63:ed:38:6c:52:20:26:7f:2e:8f:89:
                    b2:4a:3f:58:8f:31:9b:27:9a:78:f5:7d:b2:3a:ee:
                    63:45:3b:03:61:ba:0e:67:c2:34:23:7c:71:4c:1b:
                    72:fa:98:15:5d:7e:31:de:22:8e:d1:aa:09:3e:42:
                    bd:2a:02:d2:1c:85:f7:78:2d:2d:a0:c1:b6:7b:fb:
                    3a:1e:5c:df:6e:2f:23:c8:76:4c:31:de:3e:dd:3e:
                    e4:96:d6:d3:39:e4:99:f9:7a:a1:f3:ec:f3:8d:92:
                    2e:01:4e:24:04:95:2e:a8:b9:8b:4e:05:71:9b:92:
                    ac:e8:12:e1:18:50:e8:a4:a6:da:5d:f2:d6:b1:4a:
                    58:ad:76:d8:24:fe:8f:53:e3:77:4f:cf:bc:f0:09:
                    1b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D3:D3:AB:FD:66:64:37:63:06:D9:F3:0E:72:C9:F2:4D:36:3A:CD
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS201733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2360::/44
                  2a06:a005:23c0::/44
                  2a06:a005:2460::/44

    Signature Algorithm: sha256WithRSAEncryption
         4b:c1:ad:66:07:71:4a:4c:87:03:50:98:f8:da:5c:aa:ec:77:
         50:c1:ae:45:06:84:45:69:1f:96:3d:4a:c0:d6:14:fd:d1:78:
         cc:14:68:8a:03:9f:de:32:5b:3b:c4:ff:0e:67:de:a9:f1:3c:
         fe:ab:f3:e5:8a:75:93:d4:51:89:d3:ce:26:79:02:72:78:08:
         b1:ba:4a:d7:6d:7e:f4:36:f8:02:2c:94:07:51:0b:82:5e:b1:
         91:20:56:cf:f9:dd:ee:90:6e:e9:ba:dd:f5:00:52:42:82:3f:
         5d:ea:a7:b1:22:9e:6c:54:d0:32:85:ba:42:7d:bf:60:93:5f:
         0c:c1:f4:a2:a7:96:f1:1f:fd:36:bc:2a:84:13:b3:30:d3:4f:
         0d:92:67:75:85:59:7b:23:31:09:a0:6d:26:18:4e:0a:82:38:
         ea:0a:95:6c:7e:69:23:89:88:e5:a9:40:b6:c5:6d:f6:8c:cd:
         49:35:fc:bf:7e:f7:69:57:37:2e:2b:45:92:6e:b7:8c:b8:1f:
         ce:00:1c:cb:bc:86:ca:90:ce:14:74:96:46:19:3a:04:43:a0:
         36:48:12:ac:7d:55:2a:47:98:39:1e:58:d2:e9:e6:53:d1:5a:
         c6:1d:3f:62:7b:01:2f:cc:39:ed:18:42:60:f9:fc:a4:3c:b8:
         ba:c5:46:ef
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUG+zn6gOuPZAZo1AP4M/ACXysoBgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTZaFw0yNDEyMDMwMjQ0MTZaMDMxMTAvBgNV
BAMTKDA4RDNEM0FCRkQ2NjY0Mzc2MzA2RDlGMzBFNzJDOUYyNEQzNjNBQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2pHjvOmTz+bPuMWhZo48KDd2/
dlGCc5JvPra5uVEcMi6ywKeBq6j3EwefbQbTU/quOZJVZ2y15ExR9zKF7F+HD2kJ
1TiGGOesnYxz2jZhlADqpzAE7oMoPqrhc4PIH3wGzc8QUBcs/q7tWPFj7ThsUiAm
fy6PibJKP1iPMZsnmnj1fbI67mNFOwNhug5nwjQjfHFMG3L6mBVdfjHeIo7Rqgk+
Qr0qAtIchfd4LS2gwbZ7+zoeXN9uLyPIdkwx3j7dPuSW1tM55Jn5eqHz7PONki4B
TiQElS6ouYtOBXGbkqzoEuEYUOikptpd8taxSlitdtgk/o9T43dPz7zwCRuzAgMB
AAGjggIEMIICADAdBgNVHQ4EFgQUCNPTq/1mZDdjBtnzDnLJ8k02Os0wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAxNzMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcEKgagBSNgAwcEKgagBSPAAwcEKgagBSRgMA0GCSqG
SIb3DQEBCwUAA4IBAQBLwa1mB3FKTIcDUJj42lyq7HdQwa5FBoRFaR+WPUrA1hT9
0XjMFGiKA5/eMls7xP8OZ96p8Tz+q/PlinWT1FGJ084meQJyeAixukrXbX70NvgC
LJQHUQuCXrGRIFbP+d3ukG7put31AFJCgj9d6qexIp5sVNAyhbpCfb9gk18MwfSi
p5bxH/02vCqEE7Mw008Nkmd1hVl7IzEJoG0mGE4KgjjqCpVsfmkjiYjlqUC2xW32
jM1JNfy/fvdpVzcuK0WSbreMuB/OABzLvIbKkM4UdJZGGToEQ6A2SBKsfVUqR5g5
HljS6eZT0VrGHT9iewEvzDntGEJg+fykPLi6xUbv
-----END CERTIFICATE-----