Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203873.roa
File:                     AS203873.roa (raw, json)
Hash identifier:          pGlX3XUo0twPd2yh7wmrejRY/1jgRlrgOAsRYX5SZug=
Subject key identifier:   DF:F9:BF:36:61:39:2A:F1:5C:47:B3:65:3C:EC:1F:B5:9C:DB:EB:6E
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       0F7E5E1012E9319778E08C7803D7D8EDE6C90864
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203873.roa
Signing time:             Tue 05 Nov 2024 03:40:08 +0000
ROA not before:           Tue 05 Nov 2024 03:35:08 +0000
ROA not after:            Tue 04 Nov 2025 03:40:08 +0000
asID:                     203873
IP address blocks:        2a06:a005:1280::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:7e:5e:10:12:e9:31:97:78:e0:8c:78:03:d7:d8:ed:e6:c9:08:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:08 2024 GMT
            Not After : Nov  4 03:40:08 2025 GMT
        Subject: CN=DFF9BF3661392AF15C47B3653CEC1FB59CDBEB6E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:86:01:82:6b:4b:d9:d0:0d:d6:c7:77:34:27:
                    5e:59:80:b5:70:88:34:45:c0:72:06:60:80:ff:05:
                    36:fb:fd:24:34:20:00:e0:41:02:0b:2b:e9:81:5e:
                    38:0a:53:bf:d1:51:c9:7e:4c:27:84:0b:83:b6:42:
                    30:d3:0c:1d:43:f0:61:d9:33:83:70:7b:41:16:a8:
                    82:64:f0:5d:61:39:d5:1f:7a:32:d2:e6:02:07:27:
                    d2:26:c5:d9:fb:01:80:87:75:87:ce:c4:e5:4f:06:
                    57:9b:ec:7c:7d:58:da:32:bd:dc:61:6f:bd:1a:b4:
                    fe:6a:a7:a4:5f:ed:4e:44:1e:72:9c:4a:21:f4:44:
                    3f:42:05:c2:3b:3f:64:1c:79:09:62:5e:a6:ae:87:
                    18:94:12:3d:4a:69:1a:26:f5:59:9f:c3:e3:c0:25:
                    aa:46:cc:34:e1:64:30:f6:09:fa:f5:5a:25:c4:31:
                    e2:12:25:e4:31:48:08:01:82:cd:e9:a4:99:42:29:
                    ff:5a:01:70:cf:7c:9c:e1:d4:75:4e:22:88:0b:52:
                    38:ab:79:15:f9:76:07:ab:87:29:84:26:f4:e2:97:
                    db:43:4a:ad:ea:2f:f4:6d:c9:54:ab:8e:76:be:5f:
                    8a:71:97:5d:24:e9:47:b9:c5:56:51:c1:7e:a5:48:
                    1e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:F9:BF:36:61:39:2A:F1:5C:47:B3:65:3C:EC:1F:B5:9C:DB:EB:6E
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203873.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1280::/44

    Signature Algorithm: sha256WithRSAEncryption
         3a:1e:d1:76:3b:29:cd:28:f1:72:41:91:80:67:a5:31:00:57:
         67:1d:49:8c:a6:cd:4c:fd:75:0a:8e:df:ed:90:5a:8c:b6:13:
         03:2d:47:f4:9a:5e:d4:a1:78:b7:16:71:5e:f6:43:d3:ab:fb:
         0a:b5:d8:c9:4f:e6:0b:46:38:74:33:94:62:90:82:88:a6:6e:
         ff:3e:b7:72:80:94:aa:67:9f:83:93:61:38:74:ed:35:df:fd:
         cb:70:0a:71:f5:00:1c:32:59:de:29:94:36:89:d0:96:0f:2e:
         16:a2:d7:7a:b0:2b:f7:09:1e:57:c2:41:26:8b:68:2a:a7:c2:
         62:63:89:d6:0e:42:4c:43:db:72:d9:11:c5:b0:34:65:ae:0c:
         c5:b2:6c:77:57:42:c4:94:03:4b:ad:d8:69:ff:77:31:54:b5:
         ff:78:7f:d1:87:62:c5:af:4f:4b:2e:d6:75:8c:13:6f:3f:ac:
         69:fe:48:ea:2c:95:0a:e3:35:59:ad:71:47:9d:51:78:84:e0:
         6f:56:35:8a:2e:83:50:59:40:09:50:38:53:1c:fb:9d:7a:06:
         2b:8a:e3:09:49:6e:08:7e:2e:27:7e:94:05:ba:4b:c4:40:aa:
         e4:a2:86:69:39:b9:9c:15:d8:50:be:a5:59:d4:45:b2:be:62:
         bb:d2:0f:bf
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUD35eEBLpMZd44Ix4A9fY7ebJCGQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDhaFw0yNTExMDQwMzQwMDhaMDMxMTAvBgNV
BAMTKERGRjlCRjM2NjEzOTJBRjE1QzQ3QjM2NTNDRUMxRkI1OUNEQkVCNkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+hgGCa0vZ0A3Wx3c0J15ZgLVw
iDRFwHIGYID/BTb7/SQ0IADgQQILK+mBXjgKU7/RUcl+TCeEC4O2QjDTDB1D8GHZ
M4Nwe0EWqIJk8F1hOdUfejLS5gIHJ9Imxdn7AYCHdYfOxOVPBleb7Hx9WNoyvdxh
b70atP5qp6Rf7U5EHnKcSiH0RD9CBcI7P2QceQliXqauhxiUEj1KaRom9Vmfw+PA
JapGzDThZDD2Cfr1WiXEMeISJeQxSAgBgs3ppJlCKf9aAXDPfJzh1HVOIogLUjir
eRX5dgerhymEJvTil9tDSq3qL/RtyVSrjna+X4pxl10k6Ue5xVZRwX6lSB6PAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU3/m/NmE5KvFcR7NlPOwftZzb624wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAzODczLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRKAMA0GCSqGSIb3DQEBCwUAA4IBAQA6HtF2
OynNKPFyQZGAZ6UxAFdnHUmMps1M/XUKjt/tkFqMthMDLUf0ml7UoXi3FnFe9kPT
q/sKtdjJT+YLRjh0M5RikIKIpm7/PrdygJSqZ5+Dk2E4dO013/3LcApx9QAcMlne
KZQ2idCWDy4Wotd6sCv3CR5XwkEmi2gqp8JiY4nWDkJMQ9ty2RHFsDRlrgzFsmx3
V0LElANLrdhp/3cxVLX/eH/Rh2LFr09LLtZ1jBNvP6xp/kjqLJUK4zVZrXFHnVF4
hOBvVjWKLoNQWUAJUDhTHPudegYriuMJSW4Ifi4nfpQFukvEQKrkooZpObmcFdhQ
vqVZ1EWyvmK70g+/
-----END CERTIFICATE-----