Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202197.roa
File:                     AS202197.roa (raw, json)
Hash identifier:          4H3liDMJtaNuECVaS7OXa6yxgNqmuwSL4tOC/2Dre7g=
Subject key identifier:   52:38:9F:17:F9:8F:D3:A2:4F:A3:3E:2C:AD:2A:2E:CC:4B:6B:BF:EC
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       710DF1E1A8AE1437F514BE8BF1F1692425F6A7B9
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202197.roa
Signing time:             Tue 05 Nov 2024 03:40:09 +0000
ROA not before:           Tue 05 Nov 2024 03:35:09 +0000
ROA not after:            Tue 04 Nov 2025 03:40:09 +0000
asID:                     202197
IP address blocks:        2a06:a005:1fc0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:0d:f1:e1:a8:ae:14:37:f5:14:be:8b:f1:f1:69:24:25:f6:a7:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:09 2024 GMT
            Not After : Nov  4 03:40:09 2025 GMT
        Subject: CN=52389F17F98FD3A24FA33E2CAD2A2ECC4B6BBFEC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:43:91:bb:bb:1e:6a:06:7f:b6:81:f1:16:6a:
                    70:c8:c1:77:dc:4e:ee:cb:12:61:cf:2a:b8:5f:58:
                    3d:2e:d1:c3:a8:df:30:c5:75:70:a8:4d:14:dc:39:
                    27:1a:53:53:50:10:ba:e0:c7:fe:35:b3:4f:80:a7:
                    b8:fc:f3:65:e9:3a:68:05:36:ed:7e:f3:e8:96:2f:
                    f1:85:13:7a:7d:0e:a4:d0:3a:07:16:5a:62:00:3d:
                    19:a5:9d:50:ce:19:0b:ed:4f:d5:f8:c5:72:68:19:
                    65:f3:29:a6:17:ab:3c:16:31:8f:fa:3d:c1:67:8a:
                    95:a2:7a:a5:1a:9f:db:ce:cf:46:7e:fe:68:56:09:
                    d8:aa:99:96:0b:4e:b7:df:00:db:8c:a4:26:98:ae:
                    db:f2:5e:67:b8:22:2b:e0:49:87:bf:b1:0f:62:72:
                    7e:ea:e2:d3:64:ef:a9:82:6e:15:79:b4:c6:fb:9a:
                    4a:76:eb:e0:d3:24:e7:2c:3d:53:7f:45:73:66:9e:
                    e1:8c:0f:84:c1:16:07:18:d9:a5:20:86:0b:69:fa:
                    e6:cf:01:38:9c:1a:06:fa:57:d1:67:94:18:ec:12:
                    79:d0:b3:06:b3:45:58:a2:48:83:65:55:2a:b8:bd:
                    f9:0b:9f:a0:07:71:f4:e3:44:f2:1a:6b:44:bd:51:
                    0a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:38:9F:17:F9:8F:D3:A2:4F:A3:3E:2C:AD:2A:2E:CC:4B:6B:BF:EC
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202197.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1fc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         85:b1:1f:3c:04:d8:02:4f:5e:88:d4:c3:15:f5:01:06:0c:2c:
         74:c4:68:2e:89:c1:f7:ff:84:1a:d6:b2:b1:46:df:77:f9:50:
         6c:cd:fe:d7:49:d1:9d:da:9b:ad:10:d8:a7:c5:41:aa:7c:a8:
         8d:2f:c1:d1:51:3e:e0:4e:b6:5f:f1:36:b5:b1:32:84:88:c2:
         3d:a0:3d:60:2d:e8:ed:35:c2:55:80:66:62:97:e9:1a:a1:79:
         58:fd:0c:fd:40:55:38:24:e5:6d:09:1d:7f:d2:8a:a0:a1:d0:
         bc:44:c4:ec:ff:56:fc:e5:3b:9f:ab:e8:2c:ca:81:21:9f:ee:
         00:ce:3d:d7:79:d5:5b:35:14:ee:d0:97:39:c7:31:7b:7c:43:
         84:b5:9a:a2:9d:16:b0:9f:49:8e:4f:3a:a2:e3:77:50:8e:9e:
         f3:68:d0:94:8c:78:a0:be:2e:0a:c2:ad:cf:e8:41:4c:87:3c:
         53:26:30:05:eb:20:ae:4b:f0:28:de:9f:5a:41:98:c1:eb:70:
         0f:31:e0:8a:9f:bf:72:3c:1b:eb:ec:c9:01:5d:24:a9:54:ae:
         6c:33:98:c1:55:d6:76:ec:c6:dc:f2:d2:9f:e4:98:f5:c4:3b:
         72:1f:7b:8d:04:bf:a4:4d:65:c0:2a:04:87:94:5c:a3:a0:27:
         2a:cc:ca:a8
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUcQ3x4aiuFDf1FL6L8fFpJCX2p7kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDlaFw0yNTExMDQwMzQwMDlaMDMxMTAvBgNV
BAMTKDUyMzg5RjE3Rjk4RkQzQTI0RkEzM0UyQ0FEMkEyRUNDNEI2QkJGRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3Q5G7ux5qBn+2gfEWanDIwXfc
Tu7LEmHPKrhfWD0u0cOo3zDFdXCoTRTcOScaU1NQELrgx/41s0+Ap7j882XpOmgF
Nu1+8+iWL/GFE3p9DqTQOgcWWmIAPRmlnVDOGQvtT9X4xXJoGWXzKaYXqzwWMY/6
PcFnipWieqUan9vOz0Z+/mhWCdiqmZYLTrffANuMpCaYrtvyXme4IivgSYe/sQ9i
cn7q4tNk76mCbhV5tMb7mkp26+DTJOcsPVN/RXNmnuGMD4TBFgcY2aUghgtp+ubP
ATicGgb6V9FnlBjsEnnQswazRViiSINlVSq4vfkLn6AHcfTjRPIaa0S9UQqLAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUUjifF/mP06JPoz4srSouzEtrv+wwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAyMTk3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBR/AMA0GCSqGSIb3DQEBCwUAA4IBAQCFsR88
BNgCT16I1MMV9QEGDCx0xGguicH3/4Qa1rKxRt93+VBszf7XSdGd2putENinxUGq
fKiNL8HRUT7gTrZf8Ta1sTKEiMI9oD1gLejtNcJVgGZil+kaoXlY/Qz9QFU4JOVt
CR1/0oqgodC8RMTs/1b85Tufq+gsyoEhn+4Azj3XedVbNRTu0Jc5xzF7fEOEtZqi
nRawn0mOTzqi43dQjp7zaNCUjHigvi4Kwq3P6EFMhzxTJjAF6yCuS/Ao3p9aQZjB
63APMeCKn79yPBvr7MkBXSSpVK5sM5jBVdZ27Mbc8tKf5Jj1xDtyH3uNBL+kTWXA
KgSHlFyjoCcqzMqo
-----END CERTIFICATE-----