Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203236.roa
File:                     AS203236.roa (raw, json)
Hash identifier:          tdALqUTkuyUuQSvj/LfcCg3EPXVsTm1ztRHCBYu7hJo=
Subject key identifier:   E6:2A:CD:6F:83:89:03:CF:B5:09:DB:7E:B9:A5:D9:A5:2C:AA:1C:85
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       1A79906A9C2F5441A20C69FAAE5B015C28D1C2F3
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203236.roa
Signing time:             Fri 05 Jan 2024 13:44:21 +0000
ROA not before:           Fri 05 Jan 2024 13:39:21 +0000
ROA not after:            Fri 03 Jan 2025 13:44:21 +0000
asID:                     203236
IP address blocks:        2a06:a005:486::/48 maxlen: 48
                          2a06:a005:1520::/44 maxlen: 48
                          2a06:a005:1800::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:79:90:6a:9c:2f:54:41:a2:0c:69:fa:ae:5b:01:5c:28:d1:c2:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan  5 13:39:21 2024 GMT
            Not After : Jan  3 13:44:21 2025 GMT
        Subject: CN=E62ACD6F838903CFB509DB7EB9A5D9A52CAA1C85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8e:6a:3a:7c:54:4c:29:0c:63:b8:e8:a0:af:
                    9d:60:5e:8b:fc:19:bb:6f:6f:bb:80:18:7a:f3:d4:
                    6b:7f:4e:f8:65:83:da:1e:e9:6f:99:9e:cf:b6:8e:
                    61:f6:ff:a9:95:2c:3a:24:05:83:39:9c:f8:32:d2:
                    24:c2:ac:2f:76:f7:1f:df:71:a9:ba:b8:24:12:89:
                    55:26:7d:61:d4:98:06:fc:77:74:c5:ae:25:13:fe:
                    b9:9d:62:5b:b8:41:ca:46:bf:d5:32:7b:c8:5f:a0:
                    2c:23:92:69:c8:c7:fa:84:64:43:d2:ac:66:bf:43:
                    c7:cd:fc:f1:5a:ef:cd:12:3d:0c:c4:ee:f6:a6:15:
                    19:06:89:52:37:09:c1:ad:e7:f1:39:16:e3:60:d9:
                    1a:2c:a6:b5:00:b8:be:8e:e4:d6:29:ba:65:79:25:
                    0c:dc:38:ba:58:55:83:cd:42:0c:74:c4:e4:0f:f7:
                    9c:e5:72:ab:3e:da:24:3e:56:c7:05:42:9e:b1:e0:
                    f9:2b:33:2f:02:a0:ac:a0:df:5d:67:30:2b:02:85:
                    17:02:50:c4:e8:6d:6b:4f:f7:4b:00:83:da:42:28:
                    f5:03:35:de:79:64:d5:23:c1:14:96:94:c5:96:b3:
                    dd:08:cd:69:3c:ee:a3:fe:44:1b:95:1e:5a:80:75:
                    16:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:2A:CD:6F:83:89:03:CF:B5:09:DB:7E:B9:A5:D9:A5:2C:AA:1C:85
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:486::/48
                  2a06:a005:1520::/44
                  2a06:a005:1800::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:4e:6c:1a:f7:ab:05:c0:60:96:8f:f2:92:80:36:1f:69:10:
         eb:fa:40:30:6a:9a:e9:3c:87:32:1f:54:0b:dd:83:79:34:81:
         cc:2a:c3:b0:ca:03:ce:18:b4:24:35:ff:02:e4:9b:bb:28:8f:
         39:d9:3c:02:ba:ab:a2:7e:c9:cd:05:a5:8e:05:b6:e0:bd:53:
         fd:b4:30:2f:b1:db:18:40:f9:f9:f5:0d:5a:2e:96:05:04:35:
         a5:af:f6:d8:10:91:17:77:6e:9c:d5:3e:ce:49:cd:64:c0:cf:
         fb:1b:ce:33:5b:27:5a:93:ea:43:1c:29:6a:1d:aa:56:8d:c8:
         d8:2d:6e:a0:6b:6d:d1:c0:ed:58:63:e6:52:cf:df:38:84:e4:
         02:18:18:70:b5:5c:00:1e:1e:ab:82:89:2b:07:51:72:7e:1f:
         96:df:e4:77:df:63:c2:11:0d:4b:03:e8:3f:04:cf:84:21:67:
         4f:da:df:50:34:22:99:85:a2:d7:61:59:1a:15:73:46:42:e6:
         15:6f:f6:9b:85:c6:40:64:ea:2b:11:51:5e:3c:5f:5d:ec:87:
         f3:a0:ec:8f:8e:e1:af:b5:e1:be:d7:7b:63:f6:c8:8a:ff:9d:
         1d:56:a2:e7:5f:00:4f:db:90:c0:f2:48:ff:4c:b2:5e:72:0f:
         2b:cb:8d:43
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUGnmQapwvVEGiDGn6rlsBXCjRwvMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMDUxMzM5MjFaFw0yNTAxMDMxMzQ0MjFaMDMxMTAvBgNV
BAMTKEU2MkFDRDZGODM4OTAzQ0ZCNTA5REI3RUI5QTVEOUE1MkNBQTFDODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUjmo6fFRMKQxjuOigr51gXov8
Gbtvb7uAGHrz1Gt/Tvhlg9oe6W+Zns+2jmH2/6mVLDokBYM5nPgy0iTCrC929x/f
cam6uCQSiVUmfWHUmAb8d3TFriUT/rmdYlu4QcpGv9Uye8hfoCwjkmnIx/qEZEPS
rGa/Q8fN/PFa780SPQzE7vamFRkGiVI3CcGt5/E5FuNg2RosprUAuL6O5NYpumV5
JQzcOLpYVYPNQgx0xOQP95zlcqs+2iQ+VscFQp6x4PkrMy8CoKyg311nMCsChRcC
UMTobWtP90sAg9pCKPUDNd55ZNUjwRSWlMWWs90IzWk87qP+RBuVHlqAdRbbAgMB
AAGjggIEMIICADAdBgNVHQ4EFgQU5irNb4OJA8+1Cdt+uaXZpSyqHIUwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAzMjM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcAKgagBQSGAwcEKgagBRUgAwcAKgagBRgAMA0GCSqG
SIb3DQEBCwUAA4IBAQCoTmwa96sFwGCWj/KSgDYfaRDr+kAwaprpPIcyH1QL3YN5
NIHMKsOwygPOGLQkNf8C5Ju7KI852TwCuquifsnNBaWOBbbgvVP9tDAvsdsYQPn5
9Q1aLpYFBDWlr/bYEJEXd26c1T7OSc1kwM/7G84zWydak+pDHClqHapWjcjYLW6g
a23RwO1YY+ZSz984hOQCGBhwtVwAHh6rgokrB1Fyfh+W3+R332PCEQ1LA+g/BM+E
IWdP2t9QNCKZhaLXYVkaFXNGQuYVb/abhcZAZOorEVFePF9d7IfzoOyPjuGvteG+
13tj9siK/50dVqLnXwBP25DA8kj/TLJecg8ry41D
-----END CERTIFICATE-----