Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204374.roa
File:                     AS204374.roa (raw, json)
Hash identifier:          HN6fkZGldN4ekYahgNivUeW/IHfGauHTnJEuEOYqIao=
Subject key identifier:   D4:65:39:EB:4D:A4:30:09:EC:55:12:F9:CA:69:A6:E8:06:E7:03:D4
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       355E032F7E17F178640502AD1B55A80C372D5778
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204374.roa
Signing time:             Tue 05 Dec 2023 02:44:11 +0000
ROA not before:           Tue 05 Dec 2023 02:39:11 +0000
ROA not after:            Tue 03 Dec 2024 02:44:11 +0000
asID:                     204374
IP address blocks:        2a06:a005:5a7::/48 maxlen: 48
                          2a06:a005:85f::/48 maxlen: 48
                          2a06:a005:1090::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:5e:03:2f:7e:17:f1:78:64:05:02:ad:1b:55:a8:0c:37:2d:57:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:11 2023 GMT
            Not After : Dec  3 02:44:11 2024 GMT
        Subject: CN=D46539EB4DA43009EC5512F9CA69A6E806E703D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d7:c6:06:95:20:62:25:c7:c3:65:07:ad:3c:
                    46:ab:59:fd:2c:33:6b:c4:67:73:f4:5f:fa:22:ca:
                    45:8d:e5:40:7a:1c:2a:fc:d4:50:05:c3:88:3e:6f:
                    99:9a:5e:13:58:a0:d6:83:0d:66:71:03:a8:cd:e7:
                    66:8a:4d:b1:5c:10:3d:ee:d5:7f:c1:2d:bf:14:2b:
                    89:f0:2c:63:40:4b:15:bd:e5:65:80:c5:08:ad:7e:
                    38:de:1e:cc:8c:75:1b:fe:e5:a2:61:5e:4d:85:7c:
                    90:4d:bc:ea:8b:61:6a:b7:3e:03:e1:d9:47:79:b1:
                    db:a4:f0:30:eb:a7:85:14:29:7a:32:14:ad:ee:2d:
                    3d:d7:66:09:9d:b5:aa:a8:c7:4c:61:60:66:bc:19:
                    e6:1f:8f:5c:ec:dc:30:67:77:86:d3:dd:a8:be:62:
                    31:fa:72:4a:81:25:c4:a1:23:22:d1:14:59:85:01:
                    64:73:a3:c8:ec:e5:06:77:b7:10:10:42:91:fc:b8:
                    a2:27:02:10:71:c8:ac:cc:2c:56:2a:b1:db:87:57:
                    37:b0:6a:d4:e2:3f:6c:f4:dd:19:3a:35:6c:c4:bd:
                    b2:dc:a1:de:28:e4:4a:67:e8:4d:ea:ac:74:9f:1b:
                    9a:ad:eb:81:0e:ef:c9:15:b3:8d:8e:7f:d2:f4:5c:
                    58:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:65:39:EB:4D:A4:30:09:EC:55:12:F9:CA:69:A6:E8:06:E7:03:D4
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5a7::/48
                  2a06:a005:85f::/48
                  2a06:a005:1090::/44

    Signature Algorithm: sha256WithRSAEncryption
         58:d4:a9:32:c8:ba:36:65:af:9b:30:f2:50:a9:14:ad:7b:a1:
         5b:a5:85:cf:5e:1d:68:a1:37:97:bf:f8:6f:40:fb:f8:31:67:
         92:45:d3:74:e8:f9:b6:ec:60:35:db:d2:36:da:58:e1:13:a5:
         eb:e6:0e:c2:50:c7:94:f8:c9:72:03:2a:4f:de:70:5c:d7:d8:
         e2:70:5b:25:dd:31:ff:2e:bc:92:43:e3:67:ae:8c:06:30:96:
         d3:db:cf:61:89:d7:0f:dd:6b:87:12:ff:ba:b8:48:b2:fd:9e:
         15:49:43:14:bf:0f:3d:c6:37:3f:4e:0d:a3:3f:77:19:81:de:
         85:c9:99:30:52:ec:07:67:05:98:9b:98:1c:6c:84:2b:61:30:
         24:f2:3d:e6:03:ac:d4:89:ef:c3:6f:cc:44:e4:bf:d1:28:ac:
         83:3c:a2:fb:03:85:0f:ce:5e:6b:7e:5b:eb:2c:f4:ad:c8:0f:
         3d:ed:20:75:a3:52:1f:b0:e9:30:52:3d:bc:4e:1f:94:7a:b9:
         19:8e:57:03:5f:5c:85:24:57:c3:51:da:35:a1:b4:1b:c3:85:
         ba:c9:bf:d4:10:eb:16:9f:55:44:c6:d3:8b:b3:d1:05:7d:48:
         1e:f7:16:46:f3:e0:1f:31:ae:a9:df:70:b6:d9:90:b3:ad:f8:
         de:50:c6:5e
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUNV4DL34X8XhkBQKtG1WoDDctV3gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTFaFw0yNDEyMDMwMjQ0MTFaMDMxMTAvBgNV
BAMTKEQ0NjUzOUVCNERBNDMwMDlFQzU1MTJGOUNBNjlBNkU4MDZFNzAzRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv18YGlSBiJcfDZQetPEarWf0s
M2vEZ3P0X/oiykWN5UB6HCr81FAFw4g+b5maXhNYoNaDDWZxA6jN52aKTbFcED3u
1X/BLb8UK4nwLGNASxW95WWAxQitfjjeHsyMdRv+5aJhXk2FfJBNvOqLYWq3PgPh
2Ud5sduk8DDrp4UUKXoyFK3uLT3XZgmdtaqox0xhYGa8GeYfj1zs3DBnd4bT3ai+
YjH6ckqBJcShIyLRFFmFAWRzo8js5QZ3txAQQpH8uKInAhBxyKzMLFYqsduHVzew
atTiP2z03Rk6NWzEvbLcod4o5Epn6E3qrHSfG5qt64EO78kVs42Of9L0XFi1AgMB
AAGjggIEMIICADAdBgNVHQ4EFgQU1GU5602kMAnsVRL5ymmm6AbnA9QwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA0Mzc0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcAKgagBQWnAwcAKgagBQhfAwcEKgagBRCQMA0GCSqG
SIb3DQEBCwUAA4IBAQBY1KkyyLo2Za+bMPJQqRSte6FbpYXPXh1ooTeXv/hvQPv4
MWeSRdN06Pm27GA129I22ljhE6Xr5g7CUMeU+MlyAypP3nBc19jicFsl3TH/LryS
Q+NnrowGMJbT289hidcP3WuHEv+6uEiy/Z4VSUMUvw89xjc/Tg2jP3cZgd6FyZkw
UuwHZwWYm5gcbIQrYTAk8j3mA6zUie/Db8xE5L/RKKyDPKL7A4UPzl5rflvrLPSt
yA897SB1o1IfsOkwUj28Th+UerkZjlcDX1yFJFfDUdo1obQbw4W6yb/UEOsWn1VE
xtOLs9EFfUge9xZG8+AfMa6p33C22ZCzrfjeUMZe
-----END CERTIFICATE-----