Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203867.roa
File:                     AS203867.roa (raw, json)
Hash identifier:          +Wr8GAD9JWLPvVCU88jTXHJ6aI/dRrTt3LdDJhAIgWY=
Subject key identifier:   04:D4:00:99:49:4E:5C:30:2A:CD:85:8C:51:23:D4:12:62:E2:97:9F
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       09E7EC4F32950D6F246237BBE63929EC6C7EA5D1
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203867.roa
Signing time:             Tue 02 Jan 2024 01:44:21 +0000
ROA not before:           Tue 02 Jan 2024 01:39:21 +0000
ROA not after:            Tue 31 Dec 2024 01:44:21 +0000
asID:                     203867
IP address blocks:        2a06:a005:e40::/44 maxlen: 48
                          2a06:a005:1010::/44 maxlen: 48
                          2a06:a005:12a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:e7:ec:4f:32:95:0d:6f:24:62:37:bb:e6:39:29:ec:6c:7e:a5:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan  2 01:39:21 2024 GMT
            Not After : Dec 31 01:44:21 2024 GMT
        Subject: CN=04D40099494E5C302ACD858C5123D41262E2979F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:05:41:33:93:d0:2d:18:ea:2f:60:64:50:68:
                    c5:f5:bd:7f:b2:67:6a:6f:2b:77:b6:3d:ca:26:43:
                    23:31:39:bd:37:40:af:91:40:5d:8b:35:44:c7:10:
                    e2:3b:51:30:b4:89:ac:3a:7c:1d:0e:d5:f4:e4:2b:
                    8c:a9:ad:65:36:82:52:06:38:fa:af:0c:12:3a:e6:
                    13:ee:58:56:34:9c:78:68:05:d1:ad:05:80:41:00:
                    dc:ed:8e:4f:e7:d5:8c:3d:ff:4b:45:34:03:9e:a1:
                    72:58:a5:08:73:c7:da:10:88:b2:cc:af:38:a1:9d:
                    88:f3:be:b9:fe:1b:f5:12:a3:b7:a4:8d:3f:1b:84:
                    d1:07:fb:dc:59:3b:15:f4:44:a3:a2:da:98:b1:e9:
                    7f:71:d0:9e:c3:2d:80:91:c6:db:ce:cb:c1:1a:fe:
                    8f:1d:4b:1b:6a:08:4d:dc:38:b7:90:5a:5a:71:f7:
                    e4:65:e6:38:a9:49:89:53:65:55:67:a9:66:d4:0a:
                    99:13:9f:8c:49:dc:d6:70:e2:b7:1e:29:ea:ad:ca:
                    73:08:0b:c4:55:35:fd:b8:a2:e6:b5:bf:ff:9b:28:
                    39:fc:f1:da:e3:13:93:29:68:b1:d6:ad:b6:04:52:
                    79:cb:11:cc:5d:c2:bf:7b:99:28:4e:d6:a4:3f:e1:
                    e6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:D4:00:99:49:4E:5C:30:2A:CD:85:8C:51:23:D4:12:62:E2:97:9F
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203867.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:e40::/44
                  2a06:a005:1010::/44
                  2a06:a005:12a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         8f:bd:e7:22:7c:90:0e:10:fc:fb:64:a4:91:35:21:57:e8:c9:
         ba:63:9a:30:a0:ca:92:c8:bf:1f:7c:3a:6d:a7:3e:11:8b:a7:
         73:53:83:19:00:a5:d7:8e:be:f9:02:53:e6:51:47:79:3f:7a:
         cf:05:65:61:fd:86:92:19:6e:37:3e:08:48:89:e8:1e:09:5b:
         4c:f7:a3:02:34:83:51:1a:bd:74:ef:b5:57:1c:de:e7:b8:0f:
         73:08:2b:dc:f7:71:fb:71:17:6a:eb:4b:5e:1b:e9:3c:be:ba:
         35:de:39:dc:96:40:cd:b8:2a:1d:af:72:41:29:02:ef:cc:cd:
         99:7c:45:dd:01:c1:7e:c4:23:c2:bf:7d:57:71:30:c5:cb:5f:
         28:75:a1:a8:bc:1c:51:e5:22:82:5e:f0:31:f0:74:90:a7:67:
         67:a3:01:ac:cd:bf:04:71:c5:34:71:c9:f4:47:3c:77:89:1b:
         26:89:5c:34:36:65:e9:5d:25:e0:64:e9:c2:0f:7b:32:e9:9d:
         a8:3b:7f:d5:f7:43:6c:d5:69:0a:ed:8f:c2:43:af:9d:46:58:
         ba:40:a2:0a:87:ea:71:19:b3:6d:87:e7:53:06:6c:66:c4:e2:
         98:bb:61:0f:a9:55:c9:41:df:c4:09:58:d8:72:1a:32:a5:2d:
         f1:9d:1c:79
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUCefsTzKVDW8kYje75jkp7Gx+pdEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMDIwMTM5MjFaFw0yNDEyMzEwMTQ0MjFaMDMxMTAvBgNV
BAMTKDA0RDQwMDk5NDk0RTVDMzAyQUNEODU4QzUxMjNENDEyNjJFMjk3OUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoBUEzk9AtGOovYGRQaMX1vX+y
Z2pvK3e2PcomQyMxOb03QK+RQF2LNUTHEOI7UTC0iaw6fB0O1fTkK4yprWU2glIG
OPqvDBI65hPuWFY0nHhoBdGtBYBBANztjk/n1Yw9/0tFNAOeoXJYpQhzx9oQiLLM
rzihnYjzvrn+G/USo7ekjT8bhNEH+9xZOxX0RKOi2pix6X9x0J7DLYCRxtvOy8Ea
/o8dSxtqCE3cOLeQWlpx9+Rl5jipSYlTZVVnqWbUCpkTn4xJ3NZw4rceKeqtynMI
C8RVNf24oua1v/+bKDn88drjE5MpaLHWrbYEUnnLEcxdwr97mShO1qQ/4eYZAgMB
AAGjggIEMIICADAdBgNVHQ4EFgQUBNQAmUlOXDAqzYWMUSPUEmLil58wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAzODY3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcEKgagBQ5AAwcEKgagBRAQAwcEKgagBRKgMA0GCSqG
SIb3DQEBCwUAA4IBAQCPvecifJAOEPz7ZKSRNSFX6Mm6Y5owoMqSyL8ffDptpz4R
i6dzU4MZAKXXjr75AlPmUUd5P3rPBWVh/YaSGW43PghIiegeCVtM96MCNINRGr10
77VXHN7nuA9zCCvc93H7cRdq60teG+k8vro13jnclkDNuCodr3JBKQLvzM2ZfEXd
AcF+xCPCv31XcTDFy18odaGovBxR5SKCXvAx8HSQp2dnowGszb8EccU0ccn0Rzx3
iRsmiVw0NmXpXSXgZOnCD3sy6Z2oO3/V90Ns1WkK7Y/CQ6+dRli6QKIKh+pxGbNt
h+dTBmxmxOKYu2EPqVXJQd/ECVjYchoypS3xnRx5
-----END CERTIFICATE-----