Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203458.roa
File:                     AS203458.roa (raw, json)
Hash identifier:          MO3NCNOHfgJfX6vE7aXIv+zcm1/ae06B4/oOeBzmE7U=
Subject key identifier:   46:D4:58:DF:0D:00:FA:D7:5D:FF:31:81:79:E1:12:D7:13:43:A3:A7
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       2DF92A189BCBBA2B04D353B5A257DC4901FB197C
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203458.roa
Signing time:             Tue 05 Nov 2024 03:40:05 +0000
ROA not before:           Tue 05 Nov 2024 03:35:05 +0000
ROA not after:            Tue 04 Nov 2025 03:40:05 +0000
asID:                     203458
IP address blocks:        2a06:a005:1871::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:f9:2a:18:9b:cb:ba:2b:04:d3:53:b5:a2:57:dc:49:01:fb:19:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:05 2024 GMT
            Not After : Nov  4 03:40:05 2025 GMT
        Subject: CN=46D458DF0D00FAD75DFF318179E112D71343A3A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:18:b8:ea:e2:ce:f1:52:df:0d:6e:1c:49:7e:
                    ba:14:01:bc:49:15:d2:8c:bd:72:56:f9:6c:fa:0d:
                    5c:a9:49:b4:b4:04:68:f3:6e:2e:63:1b:b5:fe:44:
                    04:c2:bc:77:83:20:18:30:05:42:71:c6:d7:09:8c:
                    5d:b1:3e:99:a6:bc:a6:3c:6e:6e:6e:d9:78:55:4a:
                    35:02:ad:26:93:64:4e:96:de:4c:28:9b:fd:d2:c8:
                    ec:d7:e8:60:9f:24:ff:87:df:4a:a4:fe:3d:b8:1a:
                    ce:9e:ca:27:fe:bd:db:c8:95:a7:7e:0b:bf:f7:18:
                    1b:dc:cf:db:80:55:c4:a6:ce:d1:2d:bd:cd:09:31:
                    3d:3a:e8:9d:0c:40:34:a8:6b:cb:40:4e:68:90:38:
                    16:9f:17:73:0d:0c:64:d5:3b:c0:11:ad:64:ad:9c:
                    e8:ed:55:38:c9:d7:bf:8a:28:2a:cd:64:26:38:ff:
                    fc:6f:21:db:c0:29:d9:a6:db:f4:ee:16:40:db:09:
                    cc:1d:ec:0a:88:66:b6:50:fc:16:08:72:46:5b:55:
                    58:35:33:e8:26:ef:ea:9c:69:1b:8d:61:d6:6c:fa:
                    10:4a:5b:ba:59:c9:6b:7a:85:bc:c4:c3:2f:9b:2c:
                    fb:cd:30:94:d4:51:ae:aa:c4:c8:31:77:8e:2d:81:
                    6b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:D4:58:DF:0D:00:FA:D7:5D:FF:31:81:79:E1:12:D7:13:43:A3:A7
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203458.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1871::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:df:83:a1:ca:b2:ea:d1:8d:25:75:f4:55:7f:8f:15:75:8f:
         e7:c7:cb:64:7e:9d:ce:44:08:57:81:cf:5f:94:cf:c0:b5:e8:
         43:59:c2:f5:eb:37:17:29:22:60:ff:c9:bc:1f:b3:45:2f:46:
         27:3f:cc:ef:e8:35:86:12:9b:57:f5:4b:a1:f4:9e:8f:c7:60:
         05:19:84:8b:f2:50:65:0e:b5:59:ed:45:c1:89:ad:75:58:40:
         7c:9a:b7:22:0d:c7:88:6c:c7:98:d3:9f:78:77:79:16:bd:d8:
         46:44:ad:4d:e0:9b:71:3d:00:5c:49:a4:76:75:eb:d6:79:7a:
         d5:61:8c:d3:20:89:07:2c:32:01:07:a9:1d:39:c8:f8:d1:4b:
         35:50:52:c3:43:61:39:3e:38:b2:af:5e:58:f7:e7:b7:0f:1f:
         4e:26:72:6d:41:58:b1:69:f4:7f:2a:49:44:7a:fd:06:cd:f5:
         29:e6:09:46:94:20:a5:32:64:23:3b:b6:01:a9:40:33:14:7d:
         c2:06:57:5f:fe:49:55:4a:30:92:bc:6f:fc:ae:1c:82:59:96:
         54:9f:03:cf:7b:2b:8b:aa:fb:a7:b4:02:05:53:a0:89:cc:3c:
         b5:6b:73:4f:b8:80:c2:17:4d:6a:29:be:db:04:e9:b5:4c:0c:
         93:4f:53:6f
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIULfkqGJvLuisE01O1olfcSQH7GXwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDVaFw0yNTExMDQwMzQwMDVaMDMxMTAvBgNV
BAMTKDQ2RDQ1OERGMEQwMEZBRDc1REZGMzE4MTc5RTExMkQ3MTM0M0EzQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeGLjq4s7xUt8NbhxJfroUAbxJ
FdKMvXJW+Wz6DVypSbS0BGjzbi5jG7X+RATCvHeDIBgwBUJxxtcJjF2xPpmmvKY8
bm5u2XhVSjUCrSaTZE6W3kwom/3SyOzX6GCfJP+H30qk/j24Gs6eyif+vdvIlad+
C7/3GBvcz9uAVcSmztEtvc0JMT066J0MQDSoa8tATmiQOBafF3MNDGTVO8ARrWSt
nOjtVTjJ17+KKCrNZCY4//xvIdvAKdmm2/TuFkDbCcwd7AqIZrZQ/BYIckZbVVg1
M+gm7+qcaRuNYdZs+hBKW7pZyWt6hbzEwy+bLPvNMJTUUa6qxMgxd44tgWsRAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQURtRY3w0A+tdd/zGBeeES1xNDo6cwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAzNDU4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBRhxMA0GCSqGSIb3DQEBCwUAA4IBAQB834Oh
yrLq0Y0ldfRVf48VdY/nx8tkfp3ORAhXgc9flM/AtehDWcL16zcXKSJg/8m8H7NF
L0YnP8zv6DWGEptX9Uuh9J6Px2AFGYSL8lBlDrVZ7UXBia11WEB8mrciDceIbMeY
0594d3kWvdhGRK1N4JtxPQBcSaR2devWeXrVYYzTIIkHLDIBB6kdOcj40Us1UFLD
Q2E5Pjiyr15Y9+e3Dx9OJnJtQVixafR/KklEev0GzfUp5glGlCClMmQjO7YBqUAz
FH3CBldf/klVSjCSvG/8rhyCWZZUnwPPeyuLqvuntAIFU6CJzDy1a3NPuIDCF01q
Kb7bBOm1TAyTT1Nv
-----END CERTIFICATE-----