Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203453.roa
File:                     AS203453.roa (raw, json)
Hash identifier:          eFgjhAbVLzHwTXDEO4PNql6VO14sbjegAd2e45OsPnc=
Subject key identifier:   A3:7D:9F:79:AF:53:FC:B1:F3:E7:F1:DC:59:38:72:DA:D6:BD:FB:51
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       35418AC7E6AE7DD92898B8E0ED69947DCC10D322
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203453.roa
Signing time:             Tue 05 Dec 2023 02:44:10 +0000
ROA not before:           Tue 05 Dec 2023 02:39:10 +0000
ROA not after:            Tue 03 Dec 2024 02:44:10 +0000
asID:                     203453
IP address blocks:        2a06:a005:108e::/48 maxlen: 48
                          2a06:a005:150d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:41:8a:c7:e6:ae:7d:d9:28:98:b8:e0:ed:69:94:7d:cc:10:d3:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:10 2023 GMT
            Not After : Dec  3 02:44:10 2024 GMT
        Subject: CN=A37D9F79AF53FCB1F3E7F1DC593872DAD6BDFB51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:39:ee:73:06:1c:80:04:99:21:15:a9:68:83:
                    ff:13:5f:3f:e8:89:8c:a2:66:79:b2:d8:40:8a:33:
                    9f:35:51:14:0c:c1:87:9d:9f:e0:51:80:18:07:3c:
                    fb:c1:b8:8d:32:4c:5e:bd:1c:3d:61:ec:e9:53:a9:
                    e3:83:06:55:8c:05:75:a6:5c:da:1f:62:56:aa:97:
                    39:fc:7e:ac:51:07:e2:39:30:a6:2e:82:f5:f6:2a:
                    ec:e6:ad:2b:27:37:91:37:ed:19:7e:16:e1:10:63:
                    9c:b0:cc:a2:96:42:92:36:67:24:bc:4b:34:a7:f4:
                    58:d6:6d:24:f5:73:cf:20:3f:99:3d:e0:8d:c1:d1:
                    a2:07:60:90:e2:c3:cf:52:6f:21:bd:5a:da:e2:e5:
                    c1:5c:57:fe:2b:b9:0c:dc:1a:94:f9:42:b0:cb:4e:
                    81:04:89:92:2c:fc:27:84:22:94:77:98:79:03:ac:
                    71:2b:f1:eb:f7:80:8c:14:0a:1b:82:3a:83:69:31:
                    ca:89:7f:ab:4c:1f:95:72:4f:11:5f:8c:a6:d1:25:
                    15:44:1d:10:43:3d:43:6a:8e:77:fb:ef:75:b6:53:
                    22:24:cc:55:7e:7b:15:14:be:4b:6b:aa:49:19:c6:
                    68:e5:f8:e2:bd:8e:7a:cf:63:78:89:49:f7:2f:84:
                    9d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:7D:9F:79:AF:53:FC:B1:F3:E7:F1:DC:59:38:72:DA:D6:BD:FB:51
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203453.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:108e::/48
                  2a06:a005:150d::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:f1:27:b4:95:a4:1f:71:ae:16:9c:76:72:c9:29:98:13:94:
         88:c1:3e:0e:fc:2f:12:ec:04:dd:b0:f5:3a:b6:a9:85:3f:17:
         63:91:d0:60:91:44:d5:65:6e:6a:00:ab:77:e0:bc:43:42:8f:
         1a:ab:de:69:fa:06:0d:70:a5:77:ec:92:ce:4b:6a:62:78:a1:
         5e:75:4a:ed:88:d2:95:e5:e8:57:fa:8e:64:ed:a4:f8:5e:1f:
         16:ef:60:16:60:f7:23:cc:2d:75:82:23:3a:51:75:5b:2c:f6:
         13:2c:a3:14:58:d9:a0:e9:36:0f:e2:a1:9a:bc:d3:21:5f:b8:
         c9:89:03:60:78:6d:7c:1d:96:f1:51:02:f9:48:1b:54:f3:3c:
         71:09:8d:84:4a:5a:7f:a2:d6:4a:09:12:18:d0:4c:39:cc:31:
         6a:ab:b0:13:af:89:69:6f:72:6c:8d:bf:6e:4c:61:93:d1:14:
         7f:6f:f1:23:03:19:06:43:9d:19:5f:a6:29:ba:ce:e3:a6:5a:
         0d:2b:58:68:8a:f2:05:c2:59:89:27:cb:cc:54:e4:d3:ed:1a:
         af:6c:45:ea:3f:ba:38:57:26:b7:54:31:95:ab:02:b1:dd:f4:
         e9:ce:70:25:bc:75:7f:5d:dd:a1:9f:ad:57:f8:35:ec:92:25:
         85:82:22:cb
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUNUGKx+aufdkomLjg7WmUfcwQ0yIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTBaFw0yNDEyMDMwMjQ0MTBaMDMxMTAvBgNV
BAMTKEEzN0Q5Rjc5QUY1M0ZDQjFGM0U3RjFEQzU5Mzg3MkRBRDZCREZCNTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCOe5zBhyABJkhFalog/8TXz/o
iYyiZnmy2ECKM581URQMwYedn+BRgBgHPPvBuI0yTF69HD1h7OlTqeODBlWMBXWm
XNofYlaqlzn8fqxRB+I5MKYugvX2KuzmrSsnN5E37Rl+FuEQY5ywzKKWQpI2ZyS8
SzSn9FjWbST1c88gP5k94I3B0aIHYJDiw89SbyG9Wtri5cFcV/4ruQzcGpT5QrDL
ToEEiZIs/CeEIpR3mHkDrHEr8ev3gIwUChuCOoNpMcqJf6tMH5VyTxFfjKbRJRVE
HRBDPUNqjnf773W2UyIkzFV+exUUvktrqkkZxmjl+OK9jnrPY3iJSfcvhJ2XAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUo32fea9T/LHz5/HcWThy2ta9+1EwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAzNDUzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBRCOAwcAKgagBRUNMA0GCSqGSIb3DQEBCwUA
A4IBAQA98Se0laQfca4WnHZyySmYE5SIwT4O/C8S7ATdsPU6tqmFPxdjkdBgkUTV
ZW5qAKt34LxDQo8aq95p+gYNcKV37JLOS2pieKFedUrtiNKV5ehX+o5k7aT4Xh8W
72AWYPcjzC11giM6UXVbLPYTLKMUWNmg6TYP4qGavNMhX7jJiQNgeG18HZbxUQL5
SBtU8zxxCY2ESlp/otZKCRIY0Ew5zDFqq7ATr4lpb3Jsjb9uTGGT0RR/b/EjAxkG
Q50ZX6Ypus7jploNK1hoivIFwlmJJ8vMVOTT7RqvbEXqP7o4Vya3VDGVqwKx3fTp
znAlvHV/Xd2hn61X+DXskiWFgiLL
-----END CERTIFICATE-----