Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202627.roa
File:                     AS202627.roa (raw, json)
Hash identifier:          KDb0XKM534JO54OpRLtBPD4X5+DqieVc+pYlOgq3X3U=
Subject key identifier:   74:F4:38:37:7A:CA:AA:AD:43:91:43:21:74:E0:12:3F:23:F1:68:8A
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       2A9DFD659253FD1F2307BA9001C45B4774290D91
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202627.roa
Signing time:             Tue 05 Nov 2024 03:40:03 +0000
ROA not before:           Tue 05 Nov 2024 03:35:03 +0000
ROA not after:            Tue 04 Nov 2025 03:40:03 +0000
asID:                     202627
IP address blocks:        2a06:a005:1f00::/44 maxlen: 48
                          2a06:a005:1f10::/44 maxlen: 48
                          2a06:a005:2330::/44 maxlen: 48
                          2a06:a005:2340::/44 maxlen: 48
                          2a06:a005:2350::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:9d:fd:65:92:53:fd:1f:23:07:ba:90:01:c4:5b:47:74:29:0d:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:03 2024 GMT
            Not After : Nov  4 03:40:03 2025 GMT
        Subject: CN=74F438377ACAAAAD4391432174E0123F23F1688A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:60:35:df:cc:da:42:94:60:31:29:90:74:c1:
                    a1:89:b4:7e:6f:d2:b6:da:33:3d:d5:b2:06:fc:c0:
                    0b:f1:2b:ca:de:61:01:e7:01:06:88:c3:f9:04:fd:
                    1e:45:32:76:74:d5:e6:a4:80:3b:d0:88:d4:64:d6:
                    9b:2b:64:a7:81:93:4a:48:b4:73:a9:1d:59:86:e2:
                    9b:c7:9f:c5:69:8e:16:9a:f8:09:f8:2b:18:b7:63:
                    50:8c:0d:03:f5:15:36:5b:dd:05:14:ec:8b:f5:0a:
                    86:70:89:38:ea:1e:ff:15:85:06:3c:f1:13:37:09:
                    33:1b:cb:27:98:59:94:e2:99:57:d1:57:4a:70:37:
                    15:6f:11:4d:11:37:76:87:f1:11:50:38:76:44:06:
                    03:25:b9:40:00:0b:40:6c:47:2a:a5:45:3c:ea:69:
                    e1:c6:b4:56:ec:f7:59:6d:b3:be:ba:e3:94:f9:d6:
                    dd:9c:3a:13:c9:f3:37:3a:12:ed:c0:ac:ac:68:f8:
                    01:98:3e:e9:96:7b:96:19:9f:e9:db:8b:d7:54:ca:
                    c2:53:8f:89:d0:5e:ce:0e:07:b7:f6:41:69:cb:a5:
                    b1:3e:2e:1c:44:e7:d0:9b:21:de:bb:0f:e9:67:de:
                    81:12:66:95:15:f9:ad:db:40:e1:84:65:74:eb:e0:
                    d5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:F4:38:37:7A:CA:AA:AD:43:91:43:21:74:E0:12:3F:23:F1:68:8A
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202627.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1f00::/43
                  2a06:a005:2330::-2a06:a005:235f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         85:5d:ff:84:25:01:6d:3c:59:24:f5:2b:82:d8:43:f7:4d:93:
         28:34:c3:be:22:21:84:f6:65:5c:81:ff:ce:78:04:10:09:6c:
         3c:e5:52:fe:b5:2e:8d:a2:c7:26:8d:26:db:6e:88:ed:9c:9d:
         ba:47:85:1c:e6:38:bf:6b:d6:d7:cd:a0:6b:a3:69:ee:26:2d:
         3e:73:59:f8:b5:aa:3b:30:e6:43:40:a4:92:55:ee:1f:01:26:
         f3:61:23:4a:a8:c6:76:a1:25:18:ec:84:57:b7:81:cd:18:58:
         c2:7a:33:81:b8:80:f3:00:4a:71:71:26:d3:5e:a7:42:07:23:
         fe:31:48:08:12:65:6e:75:d1:a1:cf:6e:1e:5f:10:53:6b:e2:
         6e:89:0e:bc:13:07:86:63:0e:bc:ee:4b:eb:ec:69:7d:cc:b8:
         5a:82:1e:31:2d:c0:02:fc:59:c5:5a:88:2d:94:5c:35:f0:d4:
         19:e8:b1:9f:47:a6:6c:a9:75:83:6a:bb:c7:02:46:55:0c:34:
         81:ae:97:20:96:c9:36:47:42:a9:e6:97:52:19:07:99:90:c0:
         a8:2f:e2:a7:64:b5:6b:a4:58:9c:ac:f4:a7:78:dc:78:16:24:
         13:3d:40:e3:aa:00:a5:3a:6a:38:99:7d:ea:4f:78:b1:6b:cf:
         e2:90:f3:13
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgIUKp39ZZJT/R8jB7qQAcRbR3QpDZEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDNaFw0yNTExMDQwMzQwMDNaMDMxMTAvBgNV
BAMTKDc0RjQzODM3N0FDQUFBQUQ0MzkxNDMyMTc0RTAxMjNGMjNGMTY4OEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqYDXfzNpClGAxKZB0waGJtH5v
0rbaMz3Vsgb8wAvxK8reYQHnAQaIw/kE/R5FMnZ01eakgDvQiNRk1psrZKeBk0pI
tHOpHVmG4pvHn8Vpjhaa+An4Kxi3Y1CMDQP1FTZb3QUU7Iv1CoZwiTjqHv8VhQY8
8RM3CTMbyyeYWZTimVfRV0pwNxVvEU0RN3aH8RFQOHZEBgMluUAAC0BsRyqlRTzq
aeHGtFbs91lts76645T51t2cOhPJ8zc6Eu3ArKxo+AGYPumWe5YZn+nbi9dUysJT
j4nQXs4OB7f2QWnLpbE+LhxE59CbId67D+ln3oESZpUV+a3bQOGEZXTr4NUtAgMB
AAGjggIGMIICAjAdBgNVHQ4EFgQUdPQ4N3rKqq1DkUMhdOASPyPxaIowHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAyNjI3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEH
AQH/BCcwJTAjBAIAAjAdAwcFKgagBR8AMBIDBwQqBqAFIzADBwUqBqAFI0AwDQYJ
KoZIhvcNAQELBQADggEBAIVd/4QlAW08WST1K4LYQ/dNkyg0w74iIYT2ZVyB/854
BBAJbDzlUv61Lo2ixyaNJttuiO2cnbpHhRzmOL9r1tfNoGujae4mLT5zWfi1qjsw
5kNApJJV7h8BJvNhI0qoxnahJRjshFe3gc0YWMJ6M4G4gPMASnFxJtNep0IHI/4x
SAgSZW510aHPbh5fEFNr4m6JDrwTB4ZjDrzuS+vsaX3MuFqCHjEtwAL8WcVaiC2U
XDXw1BnosZ9HpmypdYNqu8cCRlUMNIGulyCWyTZHQqnml1IZB5mQwKgv4qdktWuk
WJys9Kd43HgWJBM9QOOqAKU6ajiZfepPeLFrz+KQ8xM=
-----END CERTIFICATE-----