Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202952.roa
File:                     AS202952.roa (raw, json)
Hash identifier:          GZAWeRPGkxuEKimcDRmDUVdJ86wha4NM/NBrANYsSDw=
Subject key identifier:   BB:6E:40:6B:1E:BA:92:BB:43:DD:E2:50:84:2B:5D:76:96:F7:A9:B0
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       79B70A263611337D43983E57D697DD044DA6C1D3
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202952.roa
Signing time:             Tue 05 Dec 2023 02:44:09 +0000
ROA not before:           Tue 05 Dec 2023 02:39:09 +0000
ROA not after:            Tue 03 Dec 2024 02:44:09 +0000
asID:                     202952
IP address blocks:        2a06:a005:1b90::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:b7:0a:26:36:11:33:7d:43:98:3e:57:d6:97:dd:04:4d:a6:c1:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:09 2023 GMT
            Not After : Dec  3 02:44:09 2024 GMT
        Subject: CN=BB6E406B1EBA92BB43DDE250842B5D7696F7A9B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:81:31:1c:a5:26:a4:17:f7:42:77:8e:eb:29:
                    b9:8e:01:8f:be:3d:bc:db:9e:ac:f3:b1:d1:a9:6e:
                    2f:ff:69:a0:a5:98:3d:09:51:90:ce:0b:2f:70:c4:
                    9f:ac:e5:7a:57:91:7f:84:a1:6f:6c:e2:dd:b2:2e:
                    53:0a:00:23:8f:b6:25:a3:15:f2:cd:50:01:7c:b2:
                    a6:91:ef:83:86:0a:0d:46:4f:23:9e:4f:d5:9d:e9:
                    bb:a4:9a:e8:15:3a:7e:64:dd:a4:20:2b:8a:23:35:
                    8e:cd:44:51:31:40:e4:7d:e5:26:62:b1:d4:34:16:
                    d5:2b:e2:3d:9c:18:a2:41:40:0f:5b:59:07:ba:46:
                    e3:9d:58:37:18:d1:c2:30:80:45:15:48:bd:6c:f9:
                    02:76:df:83:28:ff:9d:65:ec:a2:e3:36:6a:c7:a2:
                    e7:c7:2f:52:ba:a1:08:53:99:ff:50:54:85:86:8a:
                    8a:37:cc:45:62:20:bb:da:a8:12:d0:7e:88:4a:06:
                    33:fc:ec:c6:06:5f:59:9a:46:f1:e9:8f:dc:12:85:
                    35:f9:76:a4:9f:09:7e:92:d6:43:89:27:18:07:a1:
                    6c:c5:e0:44:9b:f4:11:5e:2d:a0:be:ed:34:67:cb:
                    e2:c8:36:44:e4:ca:75:5c:c0:38:73:0f:cf:de:b9:
                    d0:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:6E:40:6B:1E:BA:92:BB:43:DD:E2:50:84:2B:5D:76:96:F7:A9:B0
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS202952.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1b90::/44

    Signature Algorithm: sha256WithRSAEncryption
         38:5f:be:1e:03:c5:20:49:02:dc:72:e9:1d:d6:df:59:60:ba:
         0b:20:e2:62:98:e1:d6:7b:c5:56:58:39:b8:a2:a5:e9:62:eb:
         7f:e5:a9:fe:ac:68:09:eb:5b:d5:a2:23:ea:73:d4:3b:06:de:
         4f:d9:7b:85:76:70:65:4c:c8:98:36:41:2a:eb:81:02:3b:30:
         01:ee:fd:ce:22:73:5f:68:08:69:a8:a7:95:83:ea:8f:d3:2f:
         21:0d:c0:eb:ec:31:c1:c4:ab:27:81:9d:f2:e9:57:6b:56:06:
         ac:4f:86:8e:18:cf:ec:c7:cf:9b:93:f7:e9:44:a5:18:92:4e:
         ec:f7:37:2c:3e:ae:37:a9:94:f9:15:58:08:5d:3c:cd:db:d0:
         78:6a:13:39:79:b4:72:95:41:d8:59:be:00:19:dc:18:f6:09:
         ca:17:1a:dd:eb:7e:3a:b7:82:b8:5f:45:a7:30:ab:be:b0:83:
         dd:92:ee:ca:f8:0a:6e:aa:80:0b:b5:08:54:02:ea:d5:8d:58:
         81:1e:c3:f8:ab:02:a9:7e:a6:3e:0e:b7:77:0d:c8:2e:86:b6:
         71:e5:bf:9d:16:fd:01:7f:bc:06:0b:84:b4:dc:d3:fa:9c:8f:
         e9:a5:44:94:e5:9b:68:d1:ea:7e:de:61:83:12:c6:19:83:2b:
         c9:26:c6:9b
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUebcKJjYRM31DmD5X1pfdBE2mwdMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MDlaFw0yNDEyMDMwMjQ0MDlaMDMxMTAvBgNV
BAMTKEJCNkU0MDZCMUVCQTkyQkI0M0RERTI1MDg0MkI1RDc2OTZGN0E5QjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYgTEcpSakF/dCd47rKbmOAY++
PbzbnqzzsdGpbi//aaClmD0JUZDOCy9wxJ+s5XpXkX+EoW9s4t2yLlMKACOPtiWj
FfLNUAF8sqaR74OGCg1GTyOeT9Wd6bukmugVOn5k3aQgK4ojNY7NRFExQOR95SZi
sdQ0FtUr4j2cGKJBQA9bWQe6RuOdWDcY0cIwgEUVSL1s+QJ234Mo/51l7KLjNmrH
oufHL1K6oQhTmf9QVIWGioo3zEViILvaqBLQfohKBjP87MYGX1maRvHpj9wShTX5
dqSfCX6S1kOJJxgHoWzF4ESb9BFeLaC+7TRny+LINkTkynVcwDhzD8/eudBpAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUu25Aax66krtD3eJQhCtddpb3qbAwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAyOTUyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRuQMA0GCSqGSIb3DQEBCwUAA4IBAQA4X74e
A8UgSQLccukd1t9ZYLoLIOJimOHWe8VWWDm4oqXpYut/5an+rGgJ61vVoiPqc9Q7
Bt5P2XuFdnBlTMiYNkEq64ECOzAB7v3OInNfaAhpqKeVg+qP0y8hDcDr7DHBxKsn
gZ3y6VdrVgasT4aOGM/sx8+bk/fpRKUYkk7s9zcsPq43qZT5FVgIXTzN29B4ahM5
ebRylUHYWb4AGdwY9gnKFxrd6346t4K4X0WnMKu+sIPdku7K+ApuqoALtQhUAurV
jViBHsP4qwKpfqY+Drd3DcguhrZx5b+dFv0Bf7wGC4S03NP6nI/ppUSU5Zto0ep+
3mGDEsYZgyvJJsab
-----END CERTIFICATE-----