Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204406.roa
File:                     AS204406.roa (raw, json)
Hash identifier:          yqJY82U9JE0c8yvx3gPqMlkDvSS9FFR2vK2uAEX29ws=
Subject key identifier:   57:07:8B:4B:C4:CA:34:AF:3E:80:CB:CA:85:14:8D:01:39:88:7B:8E
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       38805F66ADE5CD1AADDEDD47C7818BDA56F72376
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204406.roa
Signing time:             Tue 05 Dec 2023 02:44:11 +0000
ROA not before:           Tue 05 Dec 2023 02:39:11 +0000
ROA not after:            Tue 03 Dec 2024 02:44:11 +0000
asID:                     204406
IP address blocks:        2a06:a005:1660::/44 maxlen: 48
                          2a06:a005:1c90::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:80:5f:66:ad:e5:cd:1a:ad:de:dd:47:c7:81:8b:da:56:f7:23:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:11 2023 GMT
            Not After : Dec  3 02:44:11 2024 GMT
        Subject: CN=57078B4BC4CA34AF3E80CBCA85148D0139887B8E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3d:76:3f:ac:14:5c:e0:72:44:55:bc:ae:58:
                    a6:a4:86:5d:3f:dc:44:b3:ed:9e:01:26:0c:a2:7e:
                    26:7c:e7:5c:5a:5b:00:5f:6a:af:9d:24:19:a7:ff:
                    44:29:7c:9b:3d:c5:bb:74:33:8f:c1:66:e0:94:27:
                    44:32:4a:62:7a:d1:00:85:40:91:25:2e:ae:36:99:
                    3d:3b:22:da:3a:32:39:88:65:eb:87:6f:75:08:f0:
                    6b:25:ad:3f:b9:75:4f:cd:8a:5a:be:30:3f:d9:d3:
                    ed:cf:c7:7b:17:f8:3d:4a:0f:4d:aa:c6:c9:ba:3a:
                    e9:44:ed:92:b1:67:34:2f:bc:56:7d:65:4c:13:8c:
                    91:e3:b0:34:a3:03:1e:d9:ac:8a:b7:db:72:90:bb:
                    e9:f7:0a:a6:3a:e3:aa:69:76:c0:67:e3:82:ec:42:
                    9a:37:9a:3d:64:d9:4b:fb:81:82:77:fc:09:d1:3c:
                    f5:c4:78:b4:6d:d2:cf:f8:31:9d:7e:c4:4f:c6:39:
                    24:01:fc:5c:e4:20:12:28:11:c8:b7:65:b6:2c:7b:
                    1c:c6:88:3c:7a:b3:b6:1b:eb:38:e8:8d:67:fc:e8:
                    5c:12:91:ed:05:6d:50:a3:14:eb:9a:0d:dc:e0:78:
                    6a:c0:71:40:80:8c:99:7c:f9:10:f0:d1:76:37:3b:
                    b5:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:07:8B:4B:C4:CA:34:AF:3E:80:CB:CA:85:14:8D:01:39:88:7B:8E
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204406.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1660::/44
                  2a06:a005:1c90::/44

    Signature Algorithm: sha256WithRSAEncryption
         15:8e:70:f8:c5:92:99:87:4a:87:00:d6:52:e6:03:94:1e:6b:
         9b:28:f1:1b:89:ed:60:87:16:48:4a:83:0e:eb:a5:ef:ba:30:
         4e:ac:01:5f:f7:e9:5b:d0:c2:c4:c4:9d:c0:b9:f9:a3:aa:d1:
         77:4a:03:3d:72:a9:fa:e4:34:6c:5d:b5:f8:6e:1c:60:f3:3f:
         c7:6e:b5:72:db:4e:69:a6:11:9a:02:6b:d6:bb:2d:e3:c7:59:
         9f:58:1f:5d:57:9b:03:b6:0c:ad:3e:c2:b5:67:a6:e4:71:1c:
         fc:5f:37:cf:83:5a:3b:da:f2:0c:a0:2e:e4:33:ac:34:bd:b0:
         dd:d9:f6:55:95:3e:5c:36:d5:92:6c:d8:3a:63:6e:2c:fb:50:
         1d:f6:65:29:2f:81:7e:02:c2:2c:79:96:8c:72:a2:84:97:1f:
         cb:7e:12:65:18:78:11:a3:d1:65:7e:2b:71:36:eb:15:14:9b:
         41:2f:1e:35:9c:ae:55:7c:6c:07:af:05:d6:ef:7b:91:c4:e0:
         fd:a6:57:2f:20:0a:e9:52:c5:13:73:ba:d5:ae:98:b6:28:af:
         85:90:c2:d0:e5:a1:4f:4a:dd:84:26:03:4c:09:92:b7:08:5d:
         9d:c7:1d:45:28:77:d7:3d:7a:90:cf:6b:be:f5:f0:f4:93:c3:
         16:4a:f8:25
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUOIBfZq3lzRqt3t1Hx4GL2lb3I3YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTFaFw0yNDEyMDMwMjQ0MTFaMDMxMTAvBgNV
BAMTKDU3MDc4QjRCQzRDQTM0QUYzRTgwQ0JDQTg1MTQ4RDAxMzk4ODdCOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqPXY/rBRc4HJEVbyuWKakhl0/
3ESz7Z4BJgyifiZ851xaWwBfaq+dJBmn/0QpfJs9xbt0M4/BZuCUJ0QySmJ60QCF
QJElLq42mT07Ito6MjmIZeuHb3UI8GslrT+5dU/Nilq+MD/Z0+3Px3sX+D1KD02q
xsm6OulE7ZKxZzQvvFZ9ZUwTjJHjsDSjAx7ZrIq323KQu+n3CqY646ppdsBn44Ls
Qpo3mj1k2Uv7gYJ3/AnRPPXEeLRt0s/4MZ1+xE/GOSQB/FzkIBIoEci3ZbYsexzG
iDx6s7Yb6zjojWf86FwSke0FbVCjFOuaDdzgeGrAcUCAjJl8+RDw0XY3O7VHAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUVweLS8TKNK8+gMvKhRSNATmIe44wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA0NDA2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcEKgagBRZgAwcEKgagBRyQMA0GCSqGSIb3DQEBCwUA
A4IBAQAVjnD4xZKZh0qHANZS5gOUHmubKPEbie1ghxZISoMO66XvujBOrAFf9+lb
0MLExJ3AufmjqtF3SgM9cqn65DRsXbX4bhxg8z/HbrVy205pphGaAmvWuy3jx1mf
WB9dV5sDtgytPsK1Z6bkcRz8XzfPg1o72vIMoC7kM6w0vbDd2fZVlT5cNtWSbNg6
Y24s+1Ad9mUpL4F+AsIseZaMcqKElx/LfhJlGHgRo9FlfitxNusVFJtBLx41nK5V
fGwHrwXW73uRxOD9plcvIArpUsUTc7rVrpi2KK+FkMLQ5aFPSt2EJgNMCZK3CF2d
xx1FKHfXPXqQz2u+9fD0k8MWSvgl
-----END CERTIFICATE-----