Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202338.roa
File:                     AS202338.roa (raw, json)
Hash identifier:          sUqk7UaVHyjymAfGltSljBGB5b5jPQB4OJ0O5+Ab4Rw=
Subject key identifier:   4D:CE:9D:C1:44:E5:30:E0:EC:63:09:AB:1C:7B:F6:FB:7B:6F:60:7F
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       677B59406564FB4D85469E5967942EF843DE52AD
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202338.roa
Signing time:             Tue 05 Dec 2023 02:44:09 +0000
ROA not before:           Tue 05 Dec 2023 02:39:09 +0000
ROA not after:            Tue 03 Dec 2024 02:44:09 +0000
asID:                     202338
IP address blocks:        2a06:a005:bac::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:7b:59:40:65:64:fb:4d:85:46:9e:59:67:94:2e:f8:43:de:52:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:09 2023 GMT
            Not After : Dec  3 02:44:09 2024 GMT
        Subject: CN=4DCE9DC144E530E0EC6309AB1C7BF6FB7B6F607F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a7:4a:2f:51:63:81:a2:6a:2c:61:df:a1:cc:
                    d3:df:d7:e7:56:ef:01:c7:ba:36:6f:a8:75:39:a1:
                    15:57:98:a4:e9:51:92:0e:52:59:97:93:a9:f5:da:
                    0d:ec:58:21:5f:d4:ad:c9:21:e4:a3:a3:1a:4d:d0:
                    9c:5a:87:26:fc:53:03:9a:b2:10:21:a6:7b:40:2b:
                    b2:2e:6a:16:19:9d:79:a3:68:85:ed:a2:e4:53:4a:
                    16:31:fe:b6:04:98:0b:5f:12:14:c7:f0:cf:81:0c:
                    1a:5b:48:73:07:48:3b:bb:94:24:19:47:d9:93:5d:
                    a5:f3:37:38:7b:58:2f:8b:98:2d:86:73:51:c9:d1:
                    fe:8f:2d:88:ce:cc:4a:34:fb:6e:cc:04:a2:2b:d1:
                    ba:0c:28:ad:9b:0b:ce:12:aa:83:c7:a6:42:3e:c9:
                    54:3f:c6:1b:a8:b1:08:fc:a9:a0:14:9f:9c:31:69:
                    1f:2c:33:97:25:f8:a5:5d:5f:ee:1b:b4:62:68:f1:
                    a3:d1:c6:d5:da:8f:66:17:4b:c7:89:24:09:88:4b:
                    77:81:fb:e0:cf:71:e8:ab:14:68:c5:76:cc:cf:60:
                    12:7f:eb:45:7d:35:ad:5f:26:83:bd:09:fb:3c:44:
                    29:87:0b:cf:73:84:89:ae:07:b6:3d:68:9d:c2:6a:
                    cd:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:CE:9D:C1:44:E5:30:E0:EC:63:09:AB:1C:7B:F6:FB:7B:6F:60:7F
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:bac::/48

    Signature Algorithm: sha256WithRSAEncryption
         c0:0b:43:90:5d:89:45:e4:ab:60:4d:31:c3:f3:84:fa:23:2e:
         d4:e4:f9:dd:6a:c9:b4:c8:1c:6d:fa:e5:05:c6:ae:78:18:3c:
         da:2c:4c:af:05:e4:4b:df:77:b2:e9:21:e4:e7:55:27:38:6a:
         18:ca:ec:57:af:74:89:54:06:3d:72:66:f3:85:e7:68:d7:14:
         72:4c:2d:52:cb:de:01:aa:c5:58:ca:10:c3:5e:ec:9f:3b:7d:
         19:45:f7:54:f4:cd:20:e8:48:29:e0:4b:9d:ba:f9:2e:a3:86:
         cb:f5:b1:6f:74:fa:ea:70:27:17:86:17:ca:54:a9:ed:d8:69:
         8c:7c:be:e1:11:7e:96:d6:f3:b1:76:43:8e:0b:6a:d8:8e:bb:
         e9:28:b6:a8:d8:e1:b0:5c:4e:78:e2:6f:81:ad:b5:8c:b8:f4:
         2e:ee:99:18:bc:0c:2f:0d:cf:ff:cd:40:2a:72:36:64:d0:ff:
         9a:c2:1e:ae:c4:c9:47:70:55:cb:09:49:5e:f2:19:44:74:45:
         d4:11:2f:fe:55:00:a1:69:da:2a:ca:1b:a5:b5:2f:19:59:08:
         f6:f5:51:12:8a:37:86:4f:b0:cd:e7:65:4f:8f:c5:f8:b8:70:
         f2:45:3a:a7:da:5c:5d:60:1e:14:4a:ca:34:65:18:69:12:34:
         bd:85:23:07
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUZ3tZQGVk+02FRp5ZZ5Qu+EPeUq0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MDlaFw0yNDEyMDMwMjQ0MDlaMDMxMTAvBgNV
BAMTKDREQ0U5REMxNDRFNTMwRTBFQzYzMDlBQjFDN0JGNkZCN0I2RjYwN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrp0ovUWOBomosYd+hzNPf1+dW
7wHHujZvqHU5oRVXmKTpUZIOUlmXk6n12g3sWCFf1K3JIeSjoxpN0Jxahyb8UwOa
shAhpntAK7IuahYZnXmjaIXtouRTShYx/rYEmAtfEhTH8M+BDBpbSHMHSDu7lCQZ
R9mTXaXzNzh7WC+LmC2Gc1HJ0f6PLYjOzEo0+27MBKIr0boMKK2bC84SqoPHpkI+
yVQ/xhuosQj8qaAUn5wxaR8sM5cl+KVdX+4btGJo8aPRxtXaj2YXS8eJJAmIS3eB
++DPceirFGjFdszPYBJ/60V9Na1fJoO9Cfs8RCmHC89zhImuB7Y9aJ3Cas2tAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUTc6dwUTlMODsYwmrHHv2+3tvYH8wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAyMzM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQusMA0GCSqGSIb3DQEBCwUAA4IBAQDAC0OQ
XYlF5KtgTTHD84T6Iy7U5Pndasm0yBxt+uUFxq54GDzaLEyvBeRL33ey6SHk51Un
OGoYyuxXr3SJVAY9cmbzhedo1xRyTC1Sy94BqsVYyhDDXuyfO30ZRfdU9M0g6Egp
4Euduvkuo4bL9bFvdPrqcCcXhhfKVKnt2GmMfL7hEX6W1vOxdkOOC2rYjrvpKLao
2OGwXE544m+BrbWMuPQu7pkYvAwvDc//zUAqcjZk0P+awh6uxMlHcFXLCUle8hlE
dEXUES/+VQChadoqyhultS8ZWQj29VESijeGT7DN52VPj8X4uHDyRTqn2lxdYB4U
Sso0ZRhpEjS9hSMH
-----END CERTIFICATE-----