Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202338.roa
File:                     AS202338.roa (raw, json)
Hash identifier:          UAvdBvwNOMADSHnrDhPe9yXWSKGhD8Rh2qyiP4WrAfE=
Subject key identifier:   9A:30:90:F8:EC:41:E5:C7:44:6C:52:B0:11:D2:1F:10:73:D8:98:29
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       2D9B571C1DE8399A2EAF43E353AF56BDD166006E
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202338.roa
Signing time:             Tue 05 Nov 2024 03:40:06 +0000
ROA not before:           Tue 05 Nov 2024 03:35:06 +0000
ROA not after:            Tue 04 Nov 2025 03:40:06 +0000
asID:                     202338
IP address blocks:        2a06:a005:bac::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:9b:57:1c:1d:e8:39:9a:2e:af:43:e3:53:af:56:bd:d1:66:00:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:06 2024 GMT
            Not After : Nov  4 03:40:06 2025 GMT
        Subject: CN=9A3090F8EC41E5C7446C52B011D21F1073D89829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d8:01:55:38:2f:ef:99:28:4e:bc:75:68:1a:
                    16:bf:cf:82:21:53:ac:d3:8d:23:97:d1:75:5e:78:
                    ac:23:c7:bd:8e:c1:0f:5b:38:90:e6:a5:00:ba:3e:
                    65:22:0a:59:c7:43:4a:3f:51:04:1f:a3:82:84:d2:
                    9c:8a:c6:43:93:5e:9d:96:32:9d:f8:38:67:54:a5:
                    04:82:8b:89:1d:3c:01:63:f7:1a:99:a7:30:7e:5d:
                    a0:e0:30:91:90:1e:2d:98:e9:e3:c8:9b:a4:85:48:
                    78:b5:0e:c0:79:8f:da:7a:96:f0:df:35:3a:6d:45:
                    e1:1e:07:1c:b9:c7:4d:85:3c:7c:5e:23:d1:58:f1:
                    d0:c7:35:a1:97:73:a7:91:ba:75:4d:fc:0b:5d:06:
                    38:36:c6:3c:72:c1:18:4d:eb:21:39:e6:9a:fa:80:
                    4c:8a:29:5e:cc:3d:6d:b0:6c:d2:17:97:ad:39:05:
                    f3:27:c4:91:f6:7c:ee:3a:24:ee:6d:0a:95:db:a2:
                    2f:76:42:42:81:d6:05:dd:5e:ed:ad:af:87:a1:6e:
                    64:f3:ce:99:11:ef:93:2c:6b:53:68:0e:c9:40:ac:
                    31:19:7c:c8:0e:d5:b0:a4:c9:6c:ef:f5:49:f1:f1:
                    33:4c:e0:bc:23:ec:fa:48:3c:74:59:09:21:91:af:
                    a6:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:30:90:F8:EC:41:E5:C7:44:6C:52:B0:11:D2:1F:10:73:D8:98:29
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:bac::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:50:81:3b:0a:dc:e6:58:bd:23:3f:b0:76:94:ec:e5:fa:8f:
         ba:4a:5e:50:52:d6:74:c2:47:07:4d:c3:1c:63:a5:0c:d1:c2:
         f8:fd:50:23:42:c5:81:d7:c1:8e:b4:f7:da:a6:3a:61:8b:db:
         b6:3b:cb:5a:6a:e2:63:fe:2c:bc:68:cf:86:15:27:85:24:69:
         2e:25:35:ac:d3:fc:74:b1:ba:4f:b2:d1:3f:63:b0:ac:fd:89:
         99:61:b3:a5:a0:e2:b7:94:01:12:49:a6:0b:0a:95:3c:2a:e0:
         55:50:c1:03:41:4d:8c:84:85:33:36:58:6a:77:f2:bd:f3:4a:
         f1:d5:62:33:11:43:bb:33:7b:68:ac:11:7a:00:4e:48:e9:ee:
         39:46:56:7d:d0:5c:78:58:73:a2:7c:f3:23:43:c6:7a:4c:24:
         b0:49:a7:8d:8d:70:75:68:5a:70:d1:bf:70:cd:30:08:54:65:
         91:bd:f4:c2:f6:fe:43:79:42:fa:7a:f0:29:11:89:6f:07:43:
         c6:4f:51:42:89:c3:84:30:b5:2b:6b:78:8e:23:b9:3a:d0:fc:
         cd:70:cf:fb:a4:76:74:0b:a8:f8:63:9c:bf:ea:87:ed:8b:bb:
         9f:c6:02:93:74:54:aa:4b:35:02:a6:73:e7:e8:03:8c:6a:e3:
         8d:c4:d5:24
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIULZtXHB3oOZour0PjU69WvdFmAG4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDZaFw0yNTExMDQwMzQwMDZaMDMxMTAvBgNV
BAMTKDlBMzA5MEY4RUM0MUU1Qzc0NDZDNTJCMDExRDIxRjEwNzNEODk4MjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv2AFVOC/vmShOvHVoGha/z4Ih
U6zTjSOX0XVeeKwjx72OwQ9bOJDmpQC6PmUiClnHQ0o/UQQfo4KE0pyKxkOTXp2W
Mp34OGdUpQSCi4kdPAFj9xqZpzB+XaDgMJGQHi2Y6ePIm6SFSHi1DsB5j9p6lvDf
NTptReEeBxy5x02FPHxeI9FY8dDHNaGXc6eRunVN/AtdBjg2xjxywRhN6yE55pr6
gEyKKV7MPW2wbNIXl605BfMnxJH2fO46JO5tCpXboi92QkKB1gXdXu2tr4ehbmTz
zpkR75Msa1NoDslArDEZfMgO1bCkyWzv9Unx8TNM4Lwj7PpIPHRZCSGRr6ZlAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUmjCQ+OxB5cdEbFKwEdIfEHPYmCkwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAyMzM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQusMA0GCSqGSIb3DQEBCwUAA4IBAQAYUIE7
CtzmWL0jP7B2lOzl+o+6Sl5QUtZ0wkcHTcMcY6UM0cL4/VAjQsWB18GOtPfapjph
i9u2O8taauJj/iy8aM+GFSeFJGkuJTWs0/x0sbpPstE/Y7Cs/YmZYbOloOK3lAES
SaYLCpU8KuBVUMEDQU2MhIUzNlhqd/K980rx1WIzEUO7M3torBF6AE5I6e45RlZ9
0Fx4WHOifPMjQ8Z6TCSwSaeNjXB1aFpw0b9wzTAIVGWRvfTC9v5DeUL6evApEYlv
B0PGT1FCicOEMLUra3iOI7k60PzNcM/7pHZ0C6j4Y5y/6ofti7ufxgKTdFSqSzUC
pnPn6AOMauONxNUk
-----END CERTIFICATE-----