Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203145.roa
File:                     AS203145.roa (raw, json)
Hash identifier:          k1UkOuV3SdIZy624uXD81nOGqI037zQz8LOKMamkbNo=
Subject key identifier:   DD:A3:F7:87:00:15:40:D1:6A:5B:DE:17:4D:35:78:C7:44:CF:DA:63
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       69104587D7647FCA042E7CFA0CC999040662DA86
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203145.roa
Signing time:             Tue 05 Dec 2023 02:44:17 +0000
ROA not before:           Tue 05 Dec 2023 02:39:17 +0000
ROA not after:            Tue 03 Dec 2024 02:44:17 +0000
asID:                     203145
IP address blocks:        2a06:a005:a0f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:10:45:87:d7:64:7f:ca:04:2e:7c:fa:0c:c9:99:04:06:62:da:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:17 2023 GMT
            Not After : Dec  3 02:44:17 2024 GMT
        Subject: CN=DDA3F787001540D16A5BDE174D3578C744CFDA63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ae:4d:6f:86:00:b6:f0:b3:58:7b:6b:45:fb:
                    73:ff:f4:db:4e:51:20:55:11:75:4b:a1:c5:b4:23:
                    58:c0:9c:e1:7d:0f:61:45:e1:d2:a1:a2:3a:4d:99:
                    32:48:d3:86:10:90:68:d9:3d:3b:fb:4b:89:95:06:
                    72:85:df:3b:29:e4:1c:f5:cc:ae:22:c3:af:3e:0c:
                    ad:f0:d0:ef:d6:2b:a6:bf:94:1a:03:75:c4:2e:ac:
                    68:c4:13:04:b4:be:8d:5b:a6:c7:85:21:2f:56:2b:
                    7e:eb:04:79:19:68:0d:ee:e2:2e:7b:33:52:4e:5c:
                    73:65:99:17:99:42:11:59:ec:79:75:4a:a8:05:12:
                    51:38:71:62:ea:c2:10:e6:4f:c0:bb:41:87:b5:57:
                    5f:e4:30:6d:d9:80:da:cf:77:e4:d6:81:46:e6:4e:
                    99:4d:b0:00:85:70:13:9d:66:0a:fa:b5:62:0b:cd:
                    55:51:4a:cf:d9:fa:5a:90:0e:9b:9d:bf:ff:68:e3:
                    61:c6:d9:e2:f8:a3:eb:53:db:d9:7c:be:45:19:90:
                    60:e5:97:f1:69:ae:c8:87:54:a8:d6:6a:e1:23:f8:
                    4e:42:6a:7e:ee:68:d0:c7:5e:38:6d:75:6b:32:7c:
                    48:26:c6:ff:d9:81:ec:c8:82:05:14:02:6a:1e:f4:
                    ac:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:A3:F7:87:00:15:40:D1:6A:5B:DE:17:4D:35:78:C7:44:CF:DA:63
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203145.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:a0f::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:2a:44:69:f5:d6:c9:36:8c:99:1f:62:6b:58:35:36:bc:b0:
         52:3e:8e:f1:45:a9:91:a3:88:39:fe:3e:10:6f:12:4c:ca:c2:
         d5:8b:63:8a:7e:54:fd:74:e8:d4:69:9c:f6:4d:3b:0c:fb:5d:
         cf:da:a9:04:1c:a3:ce:84:82:c3:7b:d6:97:01:81:d2:d0:e8:
         9e:a2:f0:39:0b:9f:44:a4:64:82:e3:04:b2:db:1e:b3:5f:02:
         d2:de:5b:49:a5:e4:fd:56:77:bc:19:c5:c7:02:a8:dd:3f:98:
         80:c8:47:62:0e:86:e1:6b:16:9c:e8:c7:3d:be:7a:0c:8e:01:
         e2:79:d3:60:82:46:0b:c3:31:8a:05:f5:3e:11:14:e5:9a:33:
         5d:c9:75:9f:df:9b:d5:aa:16:6f:a3:ff:2b:26:b4:43:73:4d:
         f2:56:0e:c7:cb:45:5c:a0:6d:40:b7:89:55:bc:ce:71:f6:da:
         3a:20:6d:8d:e5:7c:66:9e:27:0a:33:6b:79:fc:a1:93:c4:f4:
         ff:fe:e8:c0:75:52:fb:51:cb:86:3e:0b:77:b1:98:78:cc:e2:
         1f:4c:62:9e:af:d7:fe:2f:be:25:58:c4:6b:e6:01:9f:05:b4:
         30:f6:53:9a:a9:c2:1c:2d:e6:dd:f4:c0:6d:d6:93:3b:81:bb:
         08:9a:17:21
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUaRBFh9dkf8oELnz6DMmZBAZi2oYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTdaFw0yNDEyMDMwMjQ0MTdaMDMxMTAvBgNV
BAMTKEREQTNGNzg3MDAxNTQwRDE2QTVCREUxNzREMzU3OEM3NDRDRkRBNjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4rk1vhgC28LNYe2tF+3P/9NtO
USBVEXVLocW0I1jAnOF9D2FF4dKhojpNmTJI04YQkGjZPTv7S4mVBnKF3zsp5Bz1
zK4iw68+DK3w0O/WK6a/lBoDdcQurGjEEwS0vo1bpseFIS9WK37rBHkZaA3u4i57
M1JOXHNlmReZQhFZ7Hl1SqgFElE4cWLqwhDmT8C7QYe1V1/kMG3ZgNrPd+TWgUbm
TplNsACFcBOdZgr6tWILzVVRSs/Z+lqQDpudv/9o42HG2eL4o+tT29l8vkUZkGDl
l/FprsiHVKjWauEj+E5Can7uaNDHXjhtdWsyfEgmxv/ZgezIggUUAmoe9KwjAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU3aP3hwAVQNFqW94XTTV4x0TP2mMwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAzMTQ1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQoPMA0GCSqGSIb3DQEBCwUAA4IBAQByKkRp
9dbJNoyZH2JrWDU2vLBSPo7xRamRo4g5/j4QbxJMysLVi2OKflT9dOjUaZz2TTsM
+13P2qkEHKPOhILDe9aXAYHS0OieovA5C59EpGSC4wSy2x6zXwLS3ltJpeT9Vne8
GcXHAqjdP5iAyEdiDobhaxac6Mc9vnoMjgHiedNggkYLwzGKBfU+ERTlmjNdyXWf
35vVqhZvo/8rJrRDc03yVg7Hy0VcoG1At4lVvM5x9to6IG2N5XxmnicKM2t5/KGT
xPT//ujAdVL7UcuGPgt3sZh4zOIfTGKer9f+L74lWMRr5gGfBbQw9lOaqcIcLebd
9MBt1pM7gbsImhch
-----END CERTIFICATE-----