Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203852.roa
File:                     AS203852.roa (raw, json)
Hash identifier:          OURdiBYbRnyxcIE4sVw42K5hxyOPHK4qbCyIbSIUiVA=
Subject key identifier:   88:4B:B8:32:5E:D9:0A:92:48:65:60:67:D9:B3:E4:CA:97:F6:3B:92
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       01137DCAA4FA05305C21911365BA9CB37FD81484
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203852.roa
Signing time:             Mon 25 Nov 2024 04:40:12 +0000
ROA not before:           Mon 25 Nov 2024 04:35:12 +0000
ROA not after:            Mon 24 Nov 2025 04:40:12 +0000
asID:                     203852
IP address blocks:        2a06:a005:1910::/44 maxlen: 48
                          2a06:a005:21a0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 15:28:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:13:7d:ca:a4:fa:05:30:5c:21:91:13:65:ba:9c:b3:7f:d8:14:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov 25 04:35:12 2024 GMT
            Not After : Nov 24 04:40:12 2025 GMT
        Subject: CN=884BB8325ED90A9248656067D9B3E4CA97F63B92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:3c:e7:a3:a0:9b:9e:cd:6d:30:43:24:a3:dd:
                    52:d9:72:32:bc:15:d1:4f:18:00:ab:de:40:a5:5f:
                    8a:d4:4e:b0:62:8e:42:37:46:43:dc:3f:53:d9:a0:
                    0b:3a:52:9c:f2:81:63:1b:69:e1:03:99:9d:22:85:
                    ba:54:49:c6:3a:0a:26:15:1f:52:5c:ef:57:f8:15:
                    75:d1:b4:f1:e7:19:57:1d:31:8b:b8:ee:b0:c6:aa:
                    83:8a:89:64:51:d4:1e:56:1f:50:e3:b2:c2:cd:a9:
                    2d:54:ca:84:50:85:45:d6:d5:ff:d6:d5:3e:c5:14:
                    c8:d6:fa:3a:70:77:d7:5c:e7:4b:13:fd:48:54:bc:
                    2b:64:0d:dd:4b:bd:4d:50:76:6b:9e:5d:5d:79:b6:
                    cb:6a:98:b5:dd:1a:21:0e:8c:85:7d:3a:4e:c2:59:
                    67:3a:f6:81:f5:cb:49:a3:69:05:48:2c:ac:5d:68:
                    e3:6c:8e:bd:c1:bc:00:bb:f2:26:af:9a:b0:e1:0c:
                    85:07:85:5f:f6:6f:ea:59:32:85:4a:78:ae:ce:d4:
                    75:5a:62:ab:68:01:0a:93:4f:a3:fc:8f:b3:a4:5a:
                    8c:17:8f:a0:ee:80:56:cf:e5:0e:e8:5d:c6:bd:09:
                    d8:e5:46:7d:d4:a6:04:fa:6f:a2:00:59:30:c2:73:
                    d2:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:4B:B8:32:5E:D9:0A:92:48:65:60:67:D9:B3:E4:CA:97:F6:3B:92
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203852.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1910::/44
                  2a06:a005:21a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         0b:79:db:9f:ec:70:85:90:8e:7c:6a:6c:1d:e0:e1:ab:a6:d9:
         2b:ec:0b:2d:82:e0:77:1f:3b:1f:99:34:06:5d:6f:64:38:68:
         a1:b6:7b:01:71:36:5e:a4:71:a5:33:8b:04:49:dd:ad:ea:6c:
         ca:93:28:e9:ea:dc:d9:6f:50:fe:0b:82:d4:d6:cc:d6:eb:85:
         18:79:d0:fd:5a:1d:29:01:19:8a:66:d2:ef:5b:af:f4:0d:60:
         6a:a6:43:4b:97:22:6c:f5:14:1f:a1:d5:3f:62:2e:53:47:fd:
         fe:97:55:14:5e:2f:96:f5:61:81:ee:0f:02:1a:c8:a4:e4:40:
         30:b8:61:98:2a:d8:7d:0e:27:08:fe:fe:c2:3c:79:d0:20:55:
         cc:c6:b8:7c:b8:7a:a8:75:5b:34:6e:f1:15:cb:27:08:40:27:
         fd:78:13:b4:ce:9a:5e:ab:b3:32:4f:39:88:78:02:5b:8a:2b:
         c2:c9:bf:d8:dc:d5:22:3a:2c:16:d3:87:91:b6:d6:34:db:6e:
         3a:8f:84:56:c2:7a:f0:e3:05:6b:6d:21:44:86:00:dc:eb:31:
         fb:ff:0a:c8:17:7a:24:2f:8a:96:6b:c2:55:33:d4:78:ad:0a:
         50:be:49:25:54:fe:82:7c:5e:63:7f:2a:81:36:17:13:5c:a3:
         0e:97:3f:1a
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUARN9yqT6BTBcIZETZbqcs3/YFIQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMjUwNDM1MTJaFw0yNTExMjQwNDQwMTJaMDMxMTAvBgNV
BAMTKDg4NEJCODMyNUVEOTBBOTI0ODY1NjA2N0Q5QjNFNENBOTdGNjNCOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVPOejoJuezW0wQySj3VLZcjK8
FdFPGACr3kClX4rUTrBijkI3RkPcP1PZoAs6UpzygWMbaeEDmZ0ihbpUScY6CiYV
H1Jc71f4FXXRtPHnGVcdMYu47rDGqoOKiWRR1B5WH1DjssLNqS1UyoRQhUXW1f/W
1T7FFMjW+jpwd9dc50sT/UhUvCtkDd1LvU1QdmueXV15tstqmLXdGiEOjIV9Ok7C
WWc69oH1y0mjaQVILKxdaONsjr3BvAC78iavmrDhDIUHhV/2b+pZMoVKeK7O1HVa
YqtoAQqTT6P8j7OkWowXj6DugFbP5Q7oXca9CdjlRn3UpgT6b6IAWTDCc9JPAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUiEu4Ml7ZCpJIZWBn2bPkypf2O5IwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAzODUyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcEKgagBRkQAwcEKgagBSGgMA0GCSqGSIb3DQEBCwUA
A4IBAQALeduf7HCFkI58amwd4OGrptkr7AstguB3HzsfmTQGXW9kOGihtnsBcTZe
pHGlM4sESd2t6mzKkyjp6tzZb1D+C4LU1szW64UYedD9Wh0pARmKZtLvW6/0DWBq
pkNLlyJs9RQfodU/Yi5TR/3+l1UUXi+W9WGB7g8CGsik5EAwuGGYKth9DicI/v7C
PHnQIFXMxrh8uHqodVs0bvEVyycIQCf9eBO0zppeq7MyTzmIeAJbiivCyb/Y3NUi
OiwW04eRttY02246j4RWwnrw4wVrbSFEhgDc6zH7/wrIF3okL4qWa8JVM9R4rQpQ
vkklVP6CfF5jfyqBNhcTXKMOlz8a
-----END CERTIFICATE-----