Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202827.roa
File:                     AS202827.roa (raw, json)
Hash identifier:          25pDm2/RExHJo6ROhgJf7xNdNwdUpWzKd3CdEp5XlRg=
Subject key identifier:   21:4D:EA:02:72:3E:17:BA:F6:EB:E7:0E:29:D6:45:E9:4C:A9:A0:51
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       2BAB7F61AFDCA362992B3B5A52BD1D9B147F3E84
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202827.roa
Signing time:             Tue 05 Nov 2024 03:40:03 +0000
ROA not before:           Tue 05 Nov 2024 03:35:03 +0000
ROA not after:            Tue 04 Nov 2025 03:40:03 +0000
asID:                     202827
IP address blocks:        2a06:a005:1bc0::/44 maxlen: 48
                          2a06:a005:1e30::/44 maxlen: 48
                          2a06:a005:1e40::/44 maxlen: 48
                          2a06:a005:1e50::/44 maxlen: 48
                          2a06:a005:1e60::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:ab:7f:61:af:dc:a3:62:99:2b:3b:5a:52:bd:1d:9b:14:7f:3e:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:03 2024 GMT
            Not After : Nov  4 03:40:03 2025 GMT
        Subject: CN=214DEA02723E17BAF6EBE70E29D645E94CA9A051
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ab:c4:e9:24:c1:20:ef:72:b1:12:0d:70:f0:
                    24:dd:38:b9:40:4a:66:80:93:d1:cc:d8:9f:a7:d3:
                    83:66:ba:c1:9b:02:bc:3b:c0:7e:18:4b:4d:8f:76:
                    8e:6f:d8:21:75:d6:3b:9b:c7:30:c0:5a:d1:03:09:
                    9a:18:2a:2d:f0:1d:1e:22:3b:f2:76:95:a8:75:2b:
                    4f:5a:5a:a3:71:79:b0:4f:ad:e5:cd:a1:5c:84:77:
                    aa:15:33:46:4a:b7:a4:d2:00:f6:e3:0e:54:12:3f:
                    e6:98:06:cb:30:74:7d:04:b2:5b:27:14:01:c5:0f:
                    f6:aa:36:82:76:1d:db:ba:b9:c7:68:8a:20:0a:d1:
                    2f:28:c8:39:ab:6c:a7:a1:a8:87:a5:d9:fd:5e:92:
                    e0:b0:6d:93:cb:35:da:c7:e0:ae:d2:45:df:9d:f7:
                    5f:3a:74:c6:8f:ad:e1:9b:25:d9:9b:ee:6a:c4:c8:
                    c1:b2:ca:c9:57:cb:bc:b3:e6:ba:e5:3e:29:46:ce:
                    3a:11:00:76:8b:5b:a4:04:11:d6:49:3b:03:0b:a9:
                    d2:69:a1:bf:28:56:a9:41:46:73:6a:55:bd:1f:12:
                    eb:03:7b:cd:dd:86:0d:84:a9:63:9d:37:30:80:e6:
                    e1:68:1f:ed:75:ed:3c:0a:82:37:6c:e4:07:5a:00:
                    f1:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:4D:EA:02:72:3E:17:BA:F6:EB:E7:0E:29:D6:45:E9:4C:A9:A0:51
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202827.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1bc0::/44
                  2a06:a005:1e30::-2a06:a005:1e6f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         90:4a:6e:29:58:78:96:3e:29:d4:7d:e5:77:25:52:c7:3e:dc:
         81:df:f9:24:37:0a:ae:c5:40:bb:15:e0:b2:1f:66:8e:23:49:
         a2:83:3b:2e:d4:fe:76:77:7d:ec:b0:11:ce:e7:1f:01:2d:3f:
         f9:67:13:7d:76:0b:8a:ac:1c:0b:f8:32:12:a5:62:c9:df:42:
         b7:57:ad:ac:be:85:47:a3:d7:3e:15:56:4c:95:b3:6e:fe:1f:
         11:b5:bf:f7:8b:1c:51:9a:e5:a6:ea:27:f6:ba:1e:c0:1e:c0:
         c3:1d:e9:d3:39:2f:46:e9:1a:22:6c:99:d4:f7:1f:2c:e0:19:
         32:84:ce:ff:25:1e:91:38:da:9c:2b:00:cd:ab:40:b1:c0:c9:
         6e:de:6f:3f:3a:de:a2:59:8b:5e:35:25:6f:17:e3:6b:23:7e:
         9e:f3:c8:fc:12:f1:da:92:a3:ee:97:7a:07:31:ea:43:de:3c:
         83:46:ae:cf:ab:98:d2:3e:03:aa:12:ab:7a:92:2b:c8:a9:49:
         17:c1:4e:5b:fb:46:22:e3:ba:bd:4c:40:42:61:c5:55:bc:a4:
         dc:69:3d:bf:a3:21:29:53:ea:0c:5a:7e:e7:9a:01:be:bc:a8:
         00:ce:db:c9:f9:1d:68:8f:5a:55:52:dd:b1:28:16:b5:11:27:
         47:63:87:3e
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgIUK6t/Ya/co2KZKztaUr0dmxR/PoQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDNaFw0yNTExMDQwMzQwMDNaMDMxMTAvBgNV
BAMTKDIxNERFQTAyNzIzRTE3QkFGNkVCRTcwRTI5RDY0NUU5NENBOUEwNTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqq8TpJMEg73KxEg1w8CTdOLlA
SmaAk9HM2J+n04NmusGbArw7wH4YS02Pdo5v2CF11jubxzDAWtEDCZoYKi3wHR4i
O/J2lah1K09aWqNxebBPreXNoVyEd6oVM0ZKt6TSAPbjDlQSP+aYBsswdH0Eslsn
FAHFD/aqNoJ2Hdu6ucdoiiAK0S8oyDmrbKehqIel2f1ekuCwbZPLNdrH4K7SRd+d
9186dMaPreGbJdmb7mrEyMGyyslXy7yz5rrlPilGzjoRAHaLW6QEEdZJOwMLqdJp
ob8oVqlBRnNqVb0fEusDe83dhg2EqWOdNzCA5uFoH+117TwKgjds5AdaAPG3AgMB
AAGjggIGMIICAjAdBgNVHQ4EFgQUIU3qAnI+F7r26+cOKdZF6UypoFEwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAyODI3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEH
AQH/BCcwJTAjBAIAAjAdAwcEKgagBRvAMBIDBwQqBqAFHjADBwQqBqAFHmAwDQYJ
KoZIhvcNAQELBQADggEBAJBKbilYeJY+KdR95XclUsc+3IHf+SQ3Cq7FQLsV4LIf
Zo4jSaKDOy7U/nZ3feywEc7nHwEtP/lnE312C4qsHAv4MhKlYsnfQrdXray+hUej
1z4VVkyVs27+HxG1v/eLHFGa5abqJ/a6HsAewMMd6dM5L0bpGiJsmdT3HyzgGTKE
zv8lHpE42pwrAM2rQLHAyW7ebz863qJZi141JW8X42sjfp7zyPwS8dqSo+6Xegcx
6kPePINGrs+rmNI+A6oSq3qSK8ipSRfBTlv7RiLjur1MQEJhxVW8pNxpPb+jISlT
6gxafueaAb68qADO28n5HWiPWlVS3bEoFrURJ0djhz4=
-----END CERTIFICATE-----