Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203686.roa
File:                     AS203686.roa (raw, json)
Hash identifier:          2bUhDwfP1Gf/FaUZcXdbLwdW9K67pEkHDyroy8dkALU=
Subject key identifier:   FE:DF:D0:40:F1:B4:9E:D6:AD:66:07:BD:1E:D6:37:A3:02:4E:71:E1
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       0C51E85A6B1B57C4B0D8E6911250ABFD45E28A2B
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203686.roa
Signing time:             Mon 02 Sep 2024 16:00:01 +0000
ROA not before:           Mon 02 Sep 2024 15:55:01 +0000
ROA not after:            Mon 01 Sep 2025 16:00:01 +0000
asID:                     203686
IP address blocks:        2a06:9f44:f120::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:51:e8:5a:6b:1b:57:c4:b0:d8:e6:91:12:50:ab:fd:45:e2:8a:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Sep  2 15:55:01 2024 GMT
            Not After : Sep  1 16:00:01 2025 GMT
        Subject: CN=FEDFD040F1B49ED6AD6607BD1ED637A3024E71E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:73:71:b5:f6:73:bd:05:c6:ef:ca:23:a5:4d:
                    8c:1e:d8:4f:30:52:39:ae:92:a6:f3:d1:70:36:9c:
                    c2:3d:e6:00:cc:27:5c:b6:8a:51:5b:0a:07:58:ed:
                    84:29:a9:c2:10:5d:da:03:81:79:ab:56:1a:3e:04:
                    72:4b:9b:a8:76:bb:ad:d1:37:b6:35:27:cc:1b:aa:
                    ce:f7:37:89:26:c0:c9:24:4c:b6:ae:88:5d:dd:18:
                    8e:5f:f0:96:23:07:7e:ba:c2:09:ed:27:eb:ac:aa:
                    9c:c7:76:cf:6e:d5:2f:2e:7f:c0:a7:59:a6:0c:ba:
                    f5:39:0a:4f:be:c0:06:42:a9:f5:a8:b5:ea:e0:65:
                    05:24:0a:b6:02:ed:dc:e6:17:c2:73:2a:52:49:de:
                    5e:e3:1f:66:60:0a:5d:ec:7d:a0:28:49:4c:ce:80:
                    5a:b5:59:ca:b7:7c:c5:6f:87:19:37:c5:b9:a5:3e:
                    72:e6:7d:a5:59:8b:eb:9b:02:db:bc:18:95:7f:20:
                    48:5b:68:ad:ac:4a:db:c1:64:41:ee:91:8a:37:e8:
                    5d:5c:3f:16:72:9b:8e:c6:84:24:27:c9:bf:eb:94:
                    ea:5f:51:92:b5:58:ea:8e:cf:3e:ba:43:05:b2:7b:
                    cd:73:94:53:88:a4:a3:f6:d7:bd:94:e4:07:b4:0d:
                    32:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:DF:D0:40:F1:B4:9E:D6:AD:66:07:BD:1E:D6:37:A3:02:4E:71:E1
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203686.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9f44:f120::/44

    Signature Algorithm: sha256WithRSAEncryption
         76:47:bf:fb:94:df:f4:f2:45:19:db:64:5f:d7:25:44:20:4a:
         87:bc:03:ce:98:cd:99:67:d2:da:be:fd:23:aa:15:aa:d0:29:
         28:c6:2f:cf:75:ab:68:1b:45:a4:57:45:97:b3:92:65:c9:a1:
         0e:73:48:de:73:60:72:6d:22:89:ef:c0:03:9e:f9:42:dc:b8:
         6b:66:07:3d:7d:c9:44:36:3a:70:be:13:89:00:22:a7:1f:40:
         53:79:eb:a6:bd:e3:4a:92:97:70:8c:03:64:9b:20:58:87:48:
         8d:d2:1a:39:06:a6:d1:10:2c:26:3b:41:45:16:8c:05:f1:0f:
         55:75:41:5a:e2:8a:54:3d:4a:d2:5d:b3:77:70:69:77:c6:99:
         41:b6:56:e5:cb:8a:0c:da:5c:9e:ab:72:fb:e4:31:aa:57:e8:
         0d:7b:46:67:2c:eb:fa:77:77:e7:8f:ee:c7:0e:c5:5e:ed:f6:
         5c:12:6e:31:60:1c:e1:da:9e:d7:43:1d:ed:89:32:c5:b6:6f:
         e0:4e:2f:c1:79:b1:41:81:35:c8:8c:61:a6:2e:a6:43:1a:c4:
         28:58:2b:70:10:32:9c:79:73:e6:80:f9:fb:2f:85:bd:9a:dc:
         c7:9c:05:13:b0:d2:e7:9d:49:b5:c4:9e:eb:7d:e9:4a:26:6b:
         5a:71:e9:c0
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUDFHoWmsbV8Sw2OaRElCr/UXiiiswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA5MDIxNTU1MDFaFw0yNTA5MDExNjAwMDFaMDMxMTAvBgNV
BAMTKEZFREZEMDQwRjFCNDlFRDZBRDY2MDdCRDFFRDYzN0EzMDI0RTcxRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVc3G19nO9BcbvyiOlTYwe2E8w
Ujmukqbz0XA2nMI95gDMJ1y2ilFbCgdY7YQpqcIQXdoDgXmrVho+BHJLm6h2u63R
N7Y1J8wbqs73N4kmwMkkTLauiF3dGI5f8JYjB366wgntJ+usqpzHds9u1S8uf8Cn
WaYMuvU5Ck++wAZCqfWotergZQUkCrYC7dzmF8JzKlJJ3l7jH2ZgCl3sfaAoSUzO
gFq1Wcq3fMVvhxk3xbmlPnLmfaVZi+ubAtu8GJV/IEhbaK2sStvBZEHukYo36F1c
PxZym47GhCQnyb/rlOpfUZK1WOqOzz66QwWye81zlFOIpKP2172U5Ae0DTJrAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU/t/QQPG0ntatZge9HtY3owJOceEwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAzNjg2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgafRPEgMA0GCSqGSIb3DQEBCwUAA4IBAQB2R7/7
lN/08kUZ22Rf1yVEIEqHvAPOmM2ZZ9Lavv0jqhWq0Ckoxi/PdatoG0WkV0WXs5Jl
yaEOc0jec2BybSKJ78ADnvlC3LhrZgc9fclENjpwvhOJACKnH0BTeeumveNKkpdw
jANkmyBYh0iN0ho5BqbRECwmO0FFFowF8Q9VdUFa4opUPUrSXbN3cGl3xplBtlbl
y4oM2lyeq3L75DGqV+gNe0ZnLOv6d3fnj+7HDsVe7fZcEm4xYBzh2p7XQx3tiTLF
tm/gTi/BebFBgTXIjGGmLqZDGsQoWCtwEDKceXPmgPn7L4W9mtzHnAUTsNLnnUm1
xJ7rfelKJmtacenA
-----END CERTIFICATE-----