Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203323.roa
File:                     AS203323.roa (raw, json)
Hash identifier:          NYdOHt8Lnt3oJV6VbTz5/B+BLT8JMBQoiKDbCr6HB4Y=
Subject key identifier:   73:AA:6E:D7:4E:0A:3A:20:66:42:E9:2B:45:34:12:BC:3F:77:80:75
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       36D37CE730EBD9D78F395556D5FCCAA4AB15B5AA
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203323.roa
Signing time:             Tue 05 Dec 2023 02:44:19 +0000
ROA not before:           Tue 05 Dec 2023 02:39:19 +0000
ROA not after:            Tue 03 Dec 2024 02:44:19 +0000
asID:                     203323
IP address blocks:        2a06:a005:21c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Apr 2024 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:d3:7c:e7:30:eb:d9:d7:8f:39:55:56:d5:fc:ca:a4:ab:15:b5:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:19 2023 GMT
            Not After : Dec  3 02:44:19 2024 GMT
        Subject: CN=73AA6ED74E0A3A206642E92B453412BC3F778075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:c1:cf:d0:84:87:08:d8:d6:d6:ad:3a:38:fd:
                    70:a6:ad:66:e2:de:47:76:88:ff:fb:a3:8d:5e:d2:
                    26:9c:cc:42:14:9c:e4:f3:e9:96:67:47:9f:0b:a4:
                    ae:28:66:95:82:eb:29:9c:3f:19:d4:a9:a7:01:e8:
                    fa:f6:4d:28:aa:ab:fb:08:06:cd:d2:d8:88:64:98:
                    d2:d7:ef:f0:14:d0:a8:2b:a9:e7:93:4d:d8:21:64:
                    03:08:6b:c1:12:49:0e:1b:cf:c7:5f:d2:96:16:3b:
                    b4:99:cc:7e:03:f5:e6:8c:75:5f:83:5a:2c:05:49:
                    f0:9f:d4:5f:cb:47:96:81:6b:cd:6b:2c:d9:4c:f4:
                    4e:d8:b9:8e:c1:ea:67:dd:b8:7a:78:23:25:ca:7b:
                    bd:37:77:df:90:13:5a:4c:f8:dc:e7:e0:30:e2:e5:
                    b2:2b:f3:e7:a9:94:8c:89:e6:68:db:10:2a:fb:16:
                    b6:8b:b3:79:c2:5e:5f:92:ff:2c:58:50:f9:2b:1a:
                    8a:16:98:69:df:17:22:96:a3:d7:95:96:0e:11:13:
                    96:3f:25:36:83:fe:eb:06:b3:e4:0b:33:aa:ca:8f:
                    d1:8b:87:9c:31:fc:39:55:06:b2:09:64:92:29:33:
                    b6:09:05:8c:63:2f:d8:09:21:2a:82:ff:80:b2:2b:
                    b5:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:AA:6E:D7:4E:0A:3A:20:66:42:E9:2B:45:34:12:BC:3F:77:80:75
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203323.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:21c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         64:15:b7:99:82:ea:5a:e8:f5:36:51:75:8b:e8:05:39:1e:af:
         de:64:22:8c:7d:02:ef:c1:1d:ea:7a:05:ad:1b:2b:4e:7a:39:
         09:2f:a4:26:cb:bf:9b:7f:2b:5a:be:ee:b5:51:e5:36:6a:ad:
         9a:46:e9:44:00:9b:ca:a9:f2:66:b2:9c:17:ee:bf:cc:a8:ca:
         06:20:83:32:a8:ac:c2:ae:60:5f:cd:de:02:a6:3d:14:3a:c1:
         8f:a5:e1:29:d4:7f:2f:46:37:f5:89:cc:c3:b9:07:c2:d5:54:
         5e:7b:49:8d:03:85:8d:57:14:54:09:99:2b:31:c4:56:a0:f0:
         3f:0e:a1:a5:87:67:7c:94:06:ed:59:43:f0:03:0d:bb:b7:bf:
         65:77:4d:51:b2:e4:72:21:ce:b7:b7:80:71:e4:b0:f6:cd:5e:
         2a:9c:0c:f6:61:e5:9f:94:d7:c9:5b:39:66:8f:ad:38:ff:05:
         43:1f:c2:cc:52:a6:75:b4:66:b5:60:53:ca:56:69:b5:e9:b7:
         7a:93:18:63:68:7e:38:d4:b2:3a:73:8a:9a:84:99:87:f5:df:
         3f:d7:9b:3c:92:00:26:f8:77:0b:c6:4e:0f:cc:73:63:91:bb:
         d3:38:19:08:41:d1:75:bf:7d:d3:57:b0:bf:b5:79:d5:6f:ac:
         47:29:07:58
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUNtN85zDr2dePOVVW1fzKpKsVtaowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTlaFw0yNDEyMDMwMjQ0MTlaMDMxMTAvBgNV
BAMTKDczQUE2RUQ3NEUwQTNBMjA2NjQyRTkyQjQ1MzQxMkJDM0Y3NzgwNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0wc/QhIcI2NbWrTo4/XCmrWbi
3kd2iP/7o41e0iaczEIUnOTz6ZZnR58LpK4oZpWC6ymcPxnUqacB6Pr2TSiqq/sI
Bs3S2IhkmNLX7/AU0KgrqeeTTdghZAMIa8ESSQ4bz8df0pYWO7SZzH4D9eaMdV+D
WiwFSfCf1F/LR5aBa81rLNlM9E7YuY7B6mfduHp4IyXKe703d9+QE1pM+Nzn4DDi
5bIr8+eplIyJ5mjbECr7FraLs3nCXl+S/yxYUPkrGooWmGnfFyKWo9eVlg4RE5Y/
JTaD/usGs+QLM6rKj9GLh5wx/DlVBrIJZJIpM7YJBYxjL9gJISqC/4CyK7UpAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUc6pu104KOiBmQukrRTQSvD93gHUwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAzMzIzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSHAMA0GCSqGSIb3DQEBCwUAA4IBAQBkFbeZ
gupa6PU2UXWL6AU5Hq/eZCKMfQLvwR3qegWtGytOejkJL6Qmy7+bfytavu61UeU2
aq2aRulEAJvKqfJmspwX7r/MqMoGIIMyqKzCrmBfzd4Cpj0UOsGPpeEp1H8vRjf1
iczDuQfC1VRee0mNA4WNVxRUCZkrMcRWoPA/DqGlh2d8lAbtWUPwAw27t79ld01R
suRyIc63t4Bx5LD2zV4qnAz2YeWflNfJWzlmj604/wVDH8LMUqZ1tGa1YFPKVmm1
6bd6kxhjaH441LI6c4qahJmH9d8/15s8kgAm+HcLxk4PzHNjkbvTOBkIQdF1v33T
V7C/tXnVb6xHKQdY
-----END CERTIFICATE-----