Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202340.roa
File:                     AS202340.roa (raw, json)
Hash identifier:          U5t4TukfBkrd5chgM49UQJe//FW1IY7dX06dszw/RCU=
Subject key identifier:   BC:AD:00:46:58:5C:AF:63:C3:28:57:4A:1D:DC:C8:C3:BE:15:C2:57
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       07C5F5FF790D228B7E6DC6C88A0B182809F34AF6
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202340.roa
Signing time:             Tue 05 Nov 2024 03:40:06 +0000
ROA not before:           Tue 05 Nov 2024 03:35:06 +0000
ROA not after:            Tue 04 Nov 2025 03:40:06 +0000
asID:                     202340
IP address blocks:        2a06:a005:45c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:c5:f5:ff:79:0d:22:8b:7e:6d:c6:c8:8a:0b:18:28:09:f3:4a:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:06 2024 GMT
            Not After : Nov  4 03:40:06 2025 GMT
        Subject: CN=BCAD0046585CAF63C328574A1DDCC8C3BE15C257
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d8:ac:41:2d:bc:ce:a1:ec:bf:f6:5a:c4:0f:
                    cb:6b:80:88:fb:43:12:95:8a:3f:b6:d8:9d:89:29:
                    51:91:77:72:f6:0e:2a:dc:39:58:ba:a4:ce:da:68:
                    ea:68:02:b6:0c:fc:ff:9e:34:6e:82:16:cb:94:55:
                    bd:bd:21:60:f0:88:ff:9a:97:0d:3c:5d:c5:e2:8e:
                    6e:f5:36:7b:b9:45:6d:71:8e:4a:82:ff:d1:48:68:
                    51:63:b3:5f:77:b5:44:c5:6e:0e:a6:bb:fd:86:f9:
                    2a:16:b4:33:c6:74:9e:34:6b:d3:6a:a6:c4:d4:c7:
                    b6:64:5f:7a:60:4a:a3:09:95:c2:3d:fe:00:ce:25:
                    66:11:66:13:34:77:c0:a0:46:88:3b:7d:40:24:b7:
                    e5:45:74:0c:ae:19:7c:32:e6:57:fb:81:85:86:6e:
                    06:6b:26:6c:ee:36:ea:5c:a5:37:76:90:56:bc:c1:
                    c6:06:5f:0e:93:57:9b:24:37:a5:a8:d4:90:d4:81:
                    74:3e:a2:c3:1d:28:e2:2a:9c:31:63:4b:99:f6:74:
                    c3:c3:53:ef:71:1a:fd:85:39:c4:40:16:b1:04:04:
                    5f:59:17:ab:45:c6:65:9a:96:9b:fd:87:61:52:86:
                    77:52:95:90:79:f4:b7:df:c6:74:d7:b5:c3:dc:ec:
                    fe:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:AD:00:46:58:5C:AF:63:C3:28:57:4A:1D:DC:C8:C3:BE:15:C2:57
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202340.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:45c::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:5c:a2:aa:08:ff:3c:6c:21:5c:42:0e:c3:76:0e:b6:6e:45:
         09:fb:10:dd:57:1e:ad:7d:f5:af:93:47:9d:77:e5:cc:79:1f:
         84:c7:43:5c:60:8e:c4:7e:86:1c:1e:53:3c:5c:3e:d6:27:a7:
         37:73:1a:b6:a8:f6:ad:4f:b7:a7:24:53:69:d2:15:18:ae:ff:
         97:c5:2c:7d:c7:b1:91:43:f8:3c:58:6a:89:cb:4c:05:72:69:
         f1:0c:52:37:bb:7f:4c:b8:bf:d2:a8:a1:a3:67:57:5b:6d:f7:
         31:81:06:dc:d9:95:67:ed:d6:0c:c7:1a:b8:35:4b:05:c4:b3:
         bf:9f:af:6a:8d:a9:89:e1:6d:ed:b5:77:25:5e:d4:09:69:78:
         bd:f6:d4:93:0f:28:e7:47:79:04:60:c5:2e:a1:e7:7a:62:03:
         82:c6:f3:8f:1f:f5:71:ac:ce:d4:c2:d4:0a:e6:e8:f1:5f:86:
         b5:a6:db:25:b3:57:9a:57:c9:56:2a:28:e4:b7:c1:f6:58:f5:
         bc:ba:01:24:b3:5e:dc:aa:70:82:80:62:01:46:d7:87:73:bb:
         c2:2a:a0:c0:67:57:5f:2b:9b:d3:62:a5:6c:aa:35:30:40:98:
         0a:69:be:7a:ae:fd:01:81:d7:76:d7:f6:dd:5e:da:63:45:5e:
         4b:46:b2:40
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUB8X1/3kNIot+bcbIigsYKAnzSvYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDZaFw0yNTExMDQwMzQwMDZaMDMxMTAvBgNV
BAMTKEJDQUQwMDQ2NTg1Q0FGNjNDMzI4NTc0QTFERENDOEMzQkUxNUMyNTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR2KxBLbzOoey/9lrED8trgIj7
QxKVij+22J2JKVGRd3L2DircOVi6pM7aaOpoArYM/P+eNG6CFsuUVb29IWDwiP+a
lw08XcXijm71Nnu5RW1xjkqC/9FIaFFjs193tUTFbg6mu/2G+SoWtDPGdJ40a9Nq
psTUx7ZkX3pgSqMJlcI9/gDOJWYRZhM0d8CgRog7fUAkt+VFdAyuGXwy5lf7gYWG
bgZrJmzuNupcpTd2kFa8wcYGXw6TV5skN6Wo1JDUgXQ+osMdKOIqnDFjS5n2dMPD
U+9xGv2FOcRAFrEEBF9ZF6tFxmWalpv9h2FShndSlZB59LffxnTXtcPc7P6XAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUvK0ARlhcr2PDKFdKHdzIw74VwlcwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAyMzQwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQRcMA0GCSqGSIb3DQEBCwUAA4IBAQA7XKKq
CP88bCFcQg7Ddg62bkUJ+xDdVx6tffWvk0edd+XMeR+Ex0NcYI7EfoYcHlM8XD7W
J6c3cxq2qPatT7enJFNp0hUYrv+XxSx9x7GRQ/g8WGqJy0wFcmnxDFI3u39MuL/S
qKGjZ1dbbfcxgQbc2ZVn7dYMxxq4NUsFxLO/n69qjamJ4W3ttXclXtQJaXi99tST
DyjnR3kEYMUuoed6YgOCxvOPH/VxrM7UwtQK5ujxX4a1ptsls1eaV8lWKijkt8H2
WPW8ugEks17cqnCCgGIBRteHc7vCKqDAZ1dfK5vTYqVsqjUwQJgKab56rv0Bgdd2
1/bdXtpjRV5LRrJA
-----END CERTIFICATE-----