Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203655.roa
File:                     AS203655.roa (raw, json)
Hash identifier:          uO4HPFe49si13H5CPzUBCpPtzKEhJLq8agwzA94xpqY=
Subject key identifier:   2B:8A:14:63:BD:67:8A:83:D6:96:FA:3E:E2:32:5D:C1:B5:51:F4:FD
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       4AD30DBD1CE93EBFEC3D425C5ED3892C2B778B58
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203655.roa
Signing time:             Fri 13 Dec 2024 02:56:29 +0000
ROA not before:           Fri 13 Dec 2024 02:51:29 +0000
ROA not after:            Fri 12 Dec 2025 02:56:29 +0000
asID:                     203655
IP address blocks:        2a06:a005:13e0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 15:28:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:d3:0d:bd:1c:e9:3e:bf:ec:3d:42:5c:5e:d3:89:2c:2b:77:8b:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec 13 02:51:29 2024 GMT
            Not After : Dec 12 02:56:29 2025 GMT
        Subject: CN=2B8A1463BD678A83D696FA3EE2325DC1B551F4FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d8:18:1e:db:5b:61:4c:5f:a0:11:ca:2f:a6:
                    44:de:f2:9c:ee:f8:1e:df:96:25:20:8f:12:a8:e1:
                    bc:20:c7:b6:91:4f:73:d8:b2:88:3e:fa:74:cd:a6:
                    51:b7:79:dd:11:4e:c8:71:6e:8b:ad:79:f2:c2:d1:
                    ad:d9:9f:78:05:72:94:dc:8e:1c:a4:e4:2d:eb:c9:
                    da:00:23:ed:7f:ff:85:ec:45:54:47:73:be:6a:c0:
                    04:39:8b:3f:d6:de:eb:7e:7e:cb:0f:18:45:07:ac:
                    6b:72:da:2b:4e:35:a1:1b:5d:93:8d:ba:98:c1:db:
                    42:a5:69:32:96:f7:c0:ad:72:97:a9:10:5a:2c:eb:
                    66:ec:b2:2a:5f:31:4d:3f:6d:9f:1e:48:f6:5b:3e:
                    b4:d8:76:85:42:4e:f6:f0:47:65:7d:d7:24:0d:5c:
                    9d:db:9b:63:0c:67:3c:2c:9d:e6:05:7d:6f:a7:14:
                    c9:5d:5f:8a:45:bb:17:20:c5:e2:47:51:5f:dc:dd:
                    95:cd:25:c0:35:37:8f:86:84:32:7f:44:19:e2:48:
                    62:41:9b:6f:ef:19:64:d7:ee:16:9a:d0:f2:b6:ea:
                    4f:2d:cf:86:80:25:f7:76:e9:98:50:eb:51:51:63:
                    83:2e:d1:6f:f3:73:10:eb:41:e9:ff:78:2a:f1:e5:
                    ae:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:8A:14:63:BD:67:8A:83:D6:96:FA:3E:E2:32:5D:C1:B5:51:F4:FD
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203655.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:13e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         41:9c:e2:f2:a1:ae:45:fc:97:0d:63:59:fc:52:39:6e:6a:b4:
         a7:d2:06:47:05:e7:4a:3e:0c:47:52:9c:55:49:38:31:a4:38:
         43:e2:8d:7d:92:93:69:80:b7:bd:80:06:5e:62:38:bd:ec:b6:
         0d:6c:5a:24:59:d7:ca:0e:5f:0d:92:78:44:b3:66:b8:7b:b0:
         f4:84:ad:b1:aa:f4:fc:2c:f7:c9:a3:4a:64:51:c1:f2:3f:99:
         60:7b:33:00:42:7d:a3:34:bb:f3:c5:0b:d5:55:e7:0c:fd:93:
         9e:3d:6f:53:2f:fd:f7:ef:dd:33:0c:b1:f1:4b:5a:1d:89:3c:
         93:e9:0c:76:77:60:8b:21:b8:34:fd:e3:cd:f8:9c:a6:05:1c:
         43:94:6f:bc:e2:91:5c:b9:37:4e:22:d5:68:29:7a:fa:f1:77:
         82:43:ce:1c:97:41:bb:92:2e:a6:f1:1e:fc:71:a2:56:46:8c:
         75:19:98:89:f9:a3:16:e2:74:12:22:d4:26:36:23:ae:bc:41:
         93:a7:23:61:9c:d1:d9:4a:58:fc:ad:3f:d4:7d:c4:75:29:99:
         d4:38:3e:73:df:2b:45:77:4c:db:8a:eb:a5:be:cd:0f:76:83:
         7f:a2:0f:f6:26:bf:fe:e9:99:fa:ba:58:c9:a2:3c:80:4a:f8:
         c3:7f:54:a6
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUStMNvRzpPr/sPUJcXtOJLCt3i1gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDEyMTMwMjUxMjlaFw0yNTEyMTIwMjU2MjlaMDMxMTAvBgNV
BAMTKDJCOEExNDYzQkQ2NzhBODNENjk2RkEzRUUyMzI1REMxQjU1MUY0RkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr2Bge21thTF+gEcovpkTe8pzu
+B7fliUgjxKo4bwgx7aRT3PYsog++nTNplG3ed0RTshxboutefLC0a3Zn3gFcpTc
jhyk5C3rydoAI+1//4XsRVRHc75qwAQ5iz/W3ut+fssPGEUHrGty2itONaEbXZON
upjB20KlaTKW98CtcpepEFos62bssipfMU0/bZ8eSPZbPrTYdoVCTvbwR2V91yQN
XJ3bm2MMZzwsneYFfW+nFMldX4pFuxcgxeJHUV/c3ZXNJcA1N4+GhDJ/RBniSGJB
m2/vGWTX7haa0PK26k8tz4aAJfd26ZhQ61FRY4Mu0W/zcxDrQen/eCrx5a5tAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUK4oUY71nioPWlvo+4jJdwbVR9P0wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAzNjU1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRPgMA0GCSqGSIb3DQEBCwUAA4IBAQBBnOLy
oa5F/JcNY1n8UjluarSn0gZHBedKPgxHUpxVSTgxpDhD4o19kpNpgLe9gAZeYji9
7LYNbFokWdfKDl8NknhEs2a4e7D0hK2xqvT8LPfJo0pkUcHyP5lgezMAQn2jNLvz
xQvVVecM/ZOePW9TL/33790zDLHxS1odiTyT6Qx2d2CLIbg0/ePN+JymBRxDlG+8
4pFcuTdOItVoKXr68XeCQ84cl0G7ki6m8R78caJWRox1GZiJ+aMW4nQSItQmNiOu
vEGTpyNhnNHZSlj8rT/UfcR1KZnUOD5z3ytFd0zbiuulvs0PdoN/og/2Jr/+6Zn6
uljJojyASvjDf1Sm
-----END CERTIFICATE-----