Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202002.roa
File:                     AS202002.roa (raw, json)
Hash identifier:          lYtgq6/DvkbJLrIUbpyi4yfDcTG5S+xw/bSMzREi9dA=
Subject key identifier:   C5:4F:58:7E:4D:A2:E9:9E:FB:0E:AA:0A:75:D7:7D:73:04:EE:F3:CD
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       70E43B6FC174A976D3FFFE9233E2C940FEC8C32A
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202002.roa
Signing time:             Mon 29 Jan 2024 12:44:24 +0000
ROA not before:           Mon 29 Jan 2024 12:39:24 +0000
ROA not after:            Mon 27 Jan 2025 12:44:24 +0000
asID:                     202002
IP address blocks:        2a06:a005:cf0::/44 maxlen: 48
                          2a06:a005:2090::/44 maxlen: 48
                          2a06:a005:2d20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:e4:3b:6f:c1:74:a9:76:d3:ff:fe:92:33:e2:c9:40:fe:c8:c3:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan 29 12:39:24 2024 GMT
            Not After : Jan 27 12:44:24 2025 GMT
        Subject: CN=C54F587E4DA2E99EFB0EAA0A75D77D7304EEF3CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7b:0a:60:ae:6b:dd:87:9e:a5:e2:d3:73:3a:
                    42:10:c4:48:17:2e:c9:ff:c2:b1:68:0d:45:8d:c4:
                    7f:ac:68:e4:e5:b8:44:58:c2:42:db:ae:16:5b:48:
                    98:7e:60:7e:40:cc:76:a4:25:84:da:be:70:74:6e:
                    5a:50:29:b1:d3:23:a0:86:07:62:c9:90:93:24:91:
                    3a:19:b9:34:d4:80:fa:bd:62:01:fd:f6:69:d6:9b:
                    7f:31:9d:82:82:df:c7:8c:84:76:4e:1d:df:1d:5d:
                    60:a4:8b:cc:f4:42:ec:eb:91:4e:43:2f:cf:fc:15:
                    e9:5c:3f:53:3c:29:01:c2:ff:f9:27:9b:86:19:a5:
                    9b:9b:2c:47:35:96:89:e6:d8:29:ba:c6:1b:b1:36:
                    93:65:62:fc:d0:de:4c:f9:a4:e7:ab:6d:98:9b:5c:
                    e6:fb:2e:88:3a:13:f3:da:21:77:8a:35:54:1b:e8:
                    45:eb:73:23:55:fb:02:0e:ce:12:f6:8c:93:c3:bc:
                    7c:02:67:b1:14:73:a6:af:c8:c4:7b:12:ba:e1:cf:
                    18:22:0d:07:fb:bd:fe:83:fe:d1:66:0c:42:35:21:
                    45:ff:c9:c2:02:ca:d7:5c:f4:1d:fa:d9:c9:95:8d:
                    84:12:84:52:2e:c6:5a:5e:14:76:8a:0d:1b:b6:6f:
                    31:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:4F:58:7E:4D:A2:E9:9E:FB:0E:AA:0A:75:D7:7D:73:04:EE:F3:CD
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202002.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:cf0::/44
                  2a06:a005:2090::/44
                  2a06:a005:2d20::/44

    Signature Algorithm: sha256WithRSAEncryption
         92:06:3c:53:6a:77:cc:2c:c6:89:fe:f5:39:90:15:46:8e:41:
         a4:90:70:db:cc:58:ee:d9:8e:cc:1e:80:f6:2e:ed:71:8c:1f:
         d2:df:94:13:9a:cb:f3:a9:78:32:37:0d:08:37:7d:a8:33:e0:
         3c:00:e9:b2:53:79:ea:79:6c:c5:1b:30:23:ae:14:ff:e3:6e:
         41:fd:bd:23:95:17:e2:7f:51:e4:be:6f:94:23:42:a6:e8:2b:
         f6:ef:a9:26:32:e9:d5:73:85:cf:aa:33:6f:b4:69:1a:29:77:
         2e:3d:e9:bc:b9:23:65:55:81:f5:d7:ee:f2:60:4c:fb:6c:c3:
         0a:55:b7:99:b0:5f:a6:a0:94:89:04:de:48:7d:a2:09:90:53:
         a6:ea:18:84:a1:81:f0:d3:16:2d:e1:f1:6b:4f:8c:ba:b0:5b:
         36:5d:53:73:f2:25:9d:34:35:b4:c6:d3:08:21:b1:93:6a:44:
         94:34:4a:4e:ba:d2:31:04:5b:a4:15:69:22:90:70:2b:79:b1:
         49:8d:f6:9c:4f:47:7d:5f:42:4a:e7:5e:a6:06:4f:22:02:b7:
         0a:45:4e:01:ac:cd:29:e5:7f:8c:58:a0:93:50:ea:43:2f:c0:
         2a:40:ff:6c:cd:a8:3c:cf:53:81:c4:43:8d:1e:c9:b7:ec:4e:
         c3:3e:2e:05
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUcOQ7b8F0qXbT//6SM+LJQP7IwyowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMjkxMjM5MjRaFw0yNTAxMjcxMjQ0MjRaMDMxMTAvBgNV
BAMTKEM1NEY1ODdFNERBMkU5OUVGQjBFQUEwQTc1RDc3RDczMDRFRUYzQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiewpgrmvdh56l4tNzOkIQxEgX
Lsn/wrFoDUWNxH+saOTluERYwkLbrhZbSJh+YH5AzHakJYTavnB0blpQKbHTI6CG
B2LJkJMkkToZuTTUgPq9YgH99mnWm38xnYKC38eMhHZOHd8dXWCki8z0QuzrkU5D
L8/8FelcP1M8KQHC//knm4YZpZubLEc1lonm2Cm6xhuxNpNlYvzQ3kz5pOerbZib
XOb7Log6E/PaIXeKNVQb6EXrcyNV+wIOzhL2jJPDvHwCZ7EUc6avyMR7Errhzxgi
DQf7vf6D/tFmDEI1IUX/ycICytdc9B362cmVjYQShFIuxlpeFHaKDRu2bzG/AgMB
AAGjggIEMIICADAdBgNVHQ4EFgQUxU9Yfk2i6Z77DqoKddd9cwTu880wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAyMDAyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcEKgagBQzwAwcEKgagBSCQAwcEKgagBS0gMA0GCSqG
SIb3DQEBCwUAA4IBAQCSBjxTanfMLMaJ/vU5kBVGjkGkkHDbzFju2Y7MHoD2Lu1x
jB/S35QTmsvzqXgyNw0IN32oM+A8AOmyU3nqeWzFGzAjrhT/425B/b0jlRfif1Hk
vm+UI0Km6Cv276kmMunVc4XPqjNvtGkaKXcuPem8uSNlVYH11+7yYEz7bMMKVbeZ
sF+moJSJBN5IfaIJkFOm6hiEoYHw0xYt4fFrT4y6sFs2XVNz8iWdNDW0xtMIIbGT
akSUNEpOutIxBFukFWkikHArebFJjfacT0d9X0JK516mBk8iArcKRU4BrM0p5X+M
WKCTUOpDL8AqQP9szag8z1OBxEONHsm37E7DPi4F
-----END CERTIFICATE-----