Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204406.roa
File:                     AS204406.roa (raw, json)
Hash identifier:          Te4a0lD7tXBZxvJHNdJI0dycLR4EuP/UUSSTcuNCg+8=
Subject key identifier:   68:65:68:ED:FC:E9:DB:C0:0D:BE:8D:26:4E:67:B9:43:E6:CB:59:68
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       4500802C66B3661151F9C112534A0DF46DC1CBCF
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204406.roa
Signing time:             Tue 05 Nov 2024 03:40:03 +0000
ROA not before:           Tue 05 Nov 2024 03:35:03 +0000
ROA not after:            Tue 04 Nov 2025 03:40:03 +0000
asID:                     204406
IP address blocks:        2a06:a005:1660::/44 maxlen: 48
                          2a06:a005:1c90::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:00:80:2c:66:b3:66:11:51:f9:c1:12:53:4a:0d:f4:6d:c1:cb:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:03 2024 GMT
            Not After : Nov  4 03:40:03 2025 GMT
        Subject: CN=686568EDFCE9DBC00DBE8D264E67B943E6CB5968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:85:90:03:2b:79:96:70:e8:ab:49:9f:5d:9e:
                    5e:3e:03:d8:84:e6:f0:41:11:c8:bb:db:ef:44:99:
                    7d:45:d1:96:bd:48:2b:39:6d:77:b6:8e:3e:f8:0d:
                    82:01:74:29:9b:0c:18:b0:3e:c8:e0:28:6a:4c:53:
                    9b:3d:c4:38:6c:36:f5:32:9c:13:a0:d7:a1:4b:25:
                    25:90:08:4e:8f:c2:dd:36:be:b3:a9:3a:d6:1f:26:
                    7d:97:76:4e:f8:e4:96:8e:16:f3:db:02:33:82:5d:
                    52:e8:ec:a9:d7:a5:09:21:35:a2:85:e2:ec:1f:10:
                    97:d7:91:8d:b0:b9:36:03:23:ea:2e:89:1e:29:2e:
                    2e:30:15:a5:c6:7b:fe:00:6d:92:ef:22:ec:1c:3a:
                    cc:38:5c:8c:44:a9:29:12:1f:72:2f:95:8a:3e:9b:
                    94:df:8f:2a:9d:23:69:74:ab:f0:d0:6d:28:c1:db:
                    ba:b2:21:c2:c6:1c:cd:ec:15:43:30:34:60:a5:83:
                    87:8a:bb:e4:ff:dc:dc:66:92:a9:4b:e1:cb:46:a4:
                    d4:27:83:4b:10:fc:2d:d6:6f:69:bc:76:b5:02:04:
                    ce:c4:25:63:61:f3:b9:ca:78:08:2e:6f:c5:42:a5:
                    ed:fa:44:fe:c5:06:b4:62:93:b3:b7:ee:2f:32:d5:
                    75:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:65:68:ED:FC:E9:DB:C0:0D:BE:8D:26:4E:67:B9:43:E6:CB:59:68
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204406.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1660::/44
                  2a06:a005:1c90::/44

    Signature Algorithm: sha256WithRSAEncryption
         88:ba:0a:8e:e4:18:67:88:9a:11:17:20:f6:61:c6:e7:f4:8b:
         ce:c6:e3:0f:7e:49:9c:87:a1:44:a9:2f:11:35:83:92:15:a5:
         6f:38:4d:98:69:17:f5:64:bc:24:cf:3b:13:15:8c:78:f9:a8:
         ac:7f:4e:66:8c:45:ec:3e:15:07:37:97:28:b5:56:54:37:c8:
         90:3f:9c:63:e6:60:01:bc:56:4f:32:93:37:2b:00:84:13:28:
         9b:c2:2e:cc:ab:c8:33:c6:46:0c:e6:c5:12:3b:2b:fa:53:bb:
         a7:eb:00:9d:f7:fd:b2:eb:75:75:f9:94:58:7b:7a:c6:b4:44:
         aa:23:be:6d:7a:47:bc:26:f4:f6:f9:15:6c:00:9f:58:e3:d2:
         db:af:0f:16:45:ca:e0:35:b3:99:41:e6:2f:14:31:22:35:c8:
         af:59:06:64:35:b6:e1:ff:56:46:63:e0:60:bc:13:86:5f:c6:
         16:fd:3e:d3:5c:30:82:01:c2:1a:36:19:1c:0b:f5:fa:51:35:
         0e:38:c8:03:c0:84:c1:5c:ed:56:f9:94:36:a8:97:bf:7c:dd:
         b3:db:fd:2a:30:d2:ca:8e:25:ca:f3:9f:7c:a3:bc:a6:2c:d4:
         af:99:c1:cc:88:8b:c4:8e:96:b6:6b:07:48:96:77:fd:ff:c5:
         f8:fc:dc:ea
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIURQCALGazZhFR+cESU0oN9G3By88wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDNaFw0yNTExMDQwMzQwMDNaMDMxMTAvBgNV
BAMTKDY4NjU2OEVERkNFOURCQzAwREJFOEQyNjRFNjdCOTQzRTZDQjU5NjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+hZADK3mWcOirSZ9dnl4+A9iE
5vBBEci72+9EmX1F0Za9SCs5bXe2jj74DYIBdCmbDBiwPsjgKGpMU5s9xDhsNvUy
nBOg16FLJSWQCE6Pwt02vrOpOtYfJn2Xdk745JaOFvPbAjOCXVLo7KnXpQkhNaKF
4uwfEJfXkY2wuTYDI+ouiR4pLi4wFaXGe/4AbZLvIuwcOsw4XIxEqSkSH3IvlYo+
m5TfjyqdI2l0q/DQbSjB27qyIcLGHM3sFUMwNGClg4eKu+T/3NxmkqlL4ctGpNQn
g0sQ/C3Wb2m8drUCBM7EJWNh87nKeAgub8VCpe36RP7FBrRik7O37i8y1XVnAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUaGVo7fzp28ANvo0mTme5Q+bLWWgwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA0NDA2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcEKgagBRZgAwcEKgagBRyQMA0GCSqGSIb3DQEBCwUA
A4IBAQCIugqO5BhniJoRFyD2Ycbn9IvOxuMPfkmch6FEqS8RNYOSFaVvOE2YaRf1
ZLwkzzsTFYx4+aisf05mjEXsPhUHN5cotVZUN8iQP5xj5mABvFZPMpM3KwCEEyib
wi7Mq8gzxkYM5sUSOyv6U7un6wCd9/2y63V1+ZRYe3rGtESqI75teke8JvT2+RVs
AJ9Y49Lbrw8WRcrgNbOZQeYvFDEiNcivWQZkNbbh/1ZGY+BgvBOGX8YW/T7TXDCC
AcIaNhkcC/X6UTUOOMgDwITBXO1W+ZQ2qJe/fN2z2/0qMNLKjiXK8598o7ymLNSv
mcHMiIvEjpa2awdIlnf9/8X4/Nzq
-----END CERTIFICATE-----