Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202888.roa
File:                     AS202888.roa (raw, json)
Hash identifier:          ZFDkvyBumgjX3tHkOysxCkj1w6KCoiD07wg57Nqeexw=
Subject key identifier:   EB:EF:20:C7:9B:B2:4D:80:99:68:5C:5F:13:CB:72:3F:91:A8:44:FA
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       3F9D039883C48DCEA536AB43A61E00A192A4D167
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202888.roa
Signing time:             Tue 05 Dec 2023 02:44:19 +0000
ROA not before:           Tue 05 Dec 2023 02:39:19 +0000
ROA not after:            Tue 03 Dec 2024 02:44:19 +0000
asID:                     202888
IP address blocks:        2a06:a005:1c70::/45 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:9d:03:98:83:c4:8d:ce:a5:36:ab:43:a6:1e:00:a1:92:a4:d1:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:19 2023 GMT
            Not After : Dec  3 02:44:19 2024 GMT
        Subject: CN=EBEF20C79BB24D8099685C5F13CB723F91A844FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ee:d7:43:bd:8e:31:37:af:d8:79:4c:f0:a0:
                    70:e9:b8:db:33:34:04:39:26:6e:74:a0:92:99:95:
                    7d:35:89:7f:66:59:e4:bf:78:af:e0:77:a1:14:1e:
                    1f:1b:c1:f6:3d:44:85:1b:6f:18:fa:17:d9:4c:ba:
                    99:fc:a1:44:61:f6:07:94:f0:ea:61:23:4d:e0:77:
                    5e:e8:e5:8c:90:7b:29:db:0c:de:58:52:7e:4d:7e:
                    2e:7a:05:11:4a:3b:bc:90:ca:74:68:9e:54:eb:a6:
                    c8:74:e1:98:78:46:b0:44:a2:b1:3f:23:cc:60:a2:
                    d4:ee:a8:55:c7:2e:a8:36:ab:60:26:40:0a:df:0d:
                    99:24:b0:24:85:c6:5e:b8:6c:7a:b1:6f:36:ec:d5:
                    35:63:74:c0:43:9b:29:68:c7:b7:3a:f9:fe:08:2b:
                    31:3b:c2:7d:5e:b5:6d:5c:74:f9:fe:3d:d9:51:1c:
                    2f:c6:0a:ab:ef:23:63:0b:72:75:e5:dd:95:fd:a0:
                    74:2a:35:8f:6e:9e:60:77:d6:b0:cd:32:db:6b:65:
                    94:cb:de:26:ce:59:35:f2:bb:bf:e6:eb:b6:2b:61:
                    b8:6c:5a:57:70:11:94:69:fb:e0:40:34:41:aa:02:
                    02:85:81:81:49:09:d4:5f:bf:86:91:dd:3a:b8:d0:
                    f8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:EF:20:C7:9B:B2:4D:80:99:68:5C:5F:13:CB:72:3F:91:A8:44:FA
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202888.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1c70::/45

    Signature Algorithm: sha256WithRSAEncryption
         c3:3f:0e:dd:ba:7f:08:33:ec:3e:06:66:77:df:1f:c0:41:8c:
         c1:1c:8f:f5:f9:cc:0f:85:f2:32:da:d1:d3:27:4b:3c:39:aa:
         d8:56:cf:b5:a8:42:dd:32:5a:fe:3f:91:c8:fa:d1:2f:91:5d:
         24:88:90:b7:4e:de:14:1e:60:a3:f0:3e:7f:e6:d3:bb:b3:8c:
         a8:ed:b6:1f:6a:88:a8:a7:7c:97:15:08:36:42:41:1e:39:68:
         fe:68:fc:32:59:fd:bc:ad:1f:75:c6:9f:f2:c8:27:eb:16:da:
         83:c3:c0:7f:fc:20:25:ab:ad:13:7c:61:3f:dd:9f:10:4f:27:
         88:7d:5b:1c:f1:53:d7:71:21:88:18:cf:8c:a4:3f:55:86:02:
         6d:fc:d0:e7:57:48:81:e0:c4:87:5d:4e:de:61:6b:d3:8e:52:
         0b:e0:11:f8:89:5c:a4:0e:5c:25:37:ab:16:9f:c2:b1:19:cf:
         74:96:65:0c:6d:f0:72:17:0c:28:e0:ad:9a:90:96:8a:f0:88:
         41:8a:5d:b5:05:76:d7:de:13:fd:07:56:93:b6:b3:dd:44:b2:
         d7:9e:af:0b:d9:7d:0b:00:50:bc:ac:a5:02:5f:a1:8b:21:ee:
         cc:cc:0e:c4:53:b9:81:b6:26:03:4d:0f:71:30:91:16:60:fc:
         33:c3:f3:8a
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUP50DmIPEjc6lNqtDph4AoZKk0WcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTlaFw0yNDEyMDMwMjQ0MTlaMDMxMTAvBgNV
BAMTKEVCRUYyMEM3OUJCMjREODA5OTY4NUM1RjEzQ0I3MjNGOTFBODQ0RkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN7tdDvY4xN6/YeUzwoHDpuNsz
NAQ5Jm50oJKZlX01iX9mWeS/eK/gd6EUHh8bwfY9RIUbbxj6F9lMupn8oURh9geU
8OphI03gd17o5YyQeynbDN5YUn5Nfi56BRFKO7yQynRonlTrpsh04Zh4RrBEorE/
I8xgotTuqFXHLqg2q2AmQArfDZkksCSFxl64bHqxbzbs1TVjdMBDmylox7c6+f4I
KzE7wn1etW1cdPn+PdlRHC/GCqvvI2MLcnXl3ZX9oHQqNY9unmB31rDNMttrZZTL
3ibOWTXyu7/m67YrYbhsWldwEZRp++BANEGqAgKFgYFJCdRfv4aR3Tq40PhNAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU6+8gx5uyTYCZaFxfE8tyP5GoRPowHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAyODg4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcDKgagBRxwMA0GCSqGSIb3DQEBCwUAA4IBAQDDPw7d
un8IM+w+BmZ33x/AQYzBHI/1+cwPhfIy2tHTJ0s8OarYVs+1qELdMlr+P5HI+tEv
kV0kiJC3Tt4UHmCj8D5/5tO7s4yo7bYfaoiop3yXFQg2QkEeOWj+aPwyWf28rR91
xp/yyCfrFtqDw8B//CAlq60TfGE/3Z8QTyeIfVsc8VPXcSGIGM+MpD9VhgJt/NDn
V0iB4MSHXU7eYWvTjlIL4BH4iVykDlwlN6sWn8KxGc90lmUMbfByFwwo4K2akJaK
8IhBil21BXbX3hP9B1aTtrPdRLLXnq8L2X0LAFC8rKUCX6GLIe7MzA7EU7mBtiYD
TQ9xMJEWYPwzw/OK
-----END CERTIFICATE-----