Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204508.roa
File:                     AS204508.roa (raw, json)
Hash identifier:          spmFZm6fOESSy59v4+I12viLdgcIwdKGmHk0qjHsoCo=
Subject key identifier:   2B:E5:E1:CB:D7:58:3A:4A:79:37:0C:A4:2A:2F:3A:6D:63:6E:BE:5A
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       20E39FDA668637EBCFE9C8006392D0596D72F862
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204508.roa
Signing time:             Wed 24 Jan 2024 17:44:24 +0000
ROA not before:           Wed 24 Jan 2024 17:39:24 +0000
ROA not after:            Wed 22 Jan 2025 17:44:24 +0000
asID:                     204508
IP address blocks:        2a06:a005:5f2::/48 maxlen: 48
                          2a06:a005:5fa::/47 maxlen: 48
                          2a06:a005:d29::/48 maxlen: 48
                          2a06:a005:f50::/44 maxlen: 48
                          2a06:a005:1930::/44 maxlen: 48
                          2a06:a005:2690::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:e3:9f:da:66:86:37:eb:cf:e9:c8:00:63:92:d0:59:6d:72:f8:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan 24 17:39:24 2024 GMT
            Not After : Jan 22 17:44:24 2025 GMT
        Subject: CN=2BE5E1CBD7583A4A79370CA42A2F3A6D636EBE5A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:58:5b:aa:b4:5e:ea:13:23:3e:c9:68:b1:84:
                    7b:8e:3b:f2:ac:20:2a:14:5a:16:6c:ee:a5:4c:ec:
                    da:22:c4:f2:dd:75:d2:f6:7b:c1:9d:da:a8:1c:a5:
                    ec:80:c9:b8:da:cc:08:c0:e7:f5:1f:2f:d1:35:e1:
                    7c:5f:43:3d:9d:0f:c3:e5:08:85:9f:ec:c1:86:ff:
                    9b:5c:8e:fa:8a:31:c1:8f:c8:1b:e7:1a:2c:9e:ff:
                    9b:b9:33:79:b3:a6:a6:76:99:46:5f:c0:e1:4e:ec:
                    20:5f:8b:b9:ce:24:9e:83:14:5e:d5:b7:d5:22:df:
                    ca:88:01:12:97:b7:f1:22:95:59:a3:79:eb:9c:9c:
                    ad:6b:d0:39:36:70:f6:a9:c2:7d:6e:8a:73:15:33:
                    41:c7:66:d3:6a:7d:41:0c:40:8d:eb:58:5e:d9:8e:
                    46:81:e0:6d:f6:69:a6:70:02:4e:af:0b:51:6f:c7:
                    63:9b:3d:1c:94:61:51:76:f7:95:22:f3:a2:c7:4e:
                    13:54:99:46:97:8c:d8:2d:27:ab:67:a1:12:bc:fd:
                    42:d8:d2:0e:5e:d5:cb:3b:8b:e5:44:5e:28:2c:ba:
                    bd:d1:7d:c3:87:a2:2e:b8:27:f0:f1:20:6b:9e:39:
                    a8:c6:b1:0b:e0:ac:e9:4b:e0:47:56:6f:6f:b8:db:
                    b1:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:E5:E1:CB:D7:58:3A:4A:79:37:0C:A4:2A:2F:3A:6D:63:6E:BE:5A
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204508.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5f2::/48
                  2a06:a005:5fa::/47
                  2a06:a005:d29::/48
                  2a06:a005:f50::/44
                  2a06:a005:1930::/44
                  2a06:a005:2690::/44

    Signature Algorithm: sha256WithRSAEncryption
         ae:c6:6c:fc:da:3a:b8:9a:59:38:6f:31:22:03:e8:d5:9f:b2:
         8f:7a:4d:a0:71:dc:be:ba:1a:1a:6a:33:53:78:da:81:59:cc:
         64:2f:9c:48:68:60:54:08:38:7b:8b:d8:ee:3a:02:63:47:f1:
         2c:7b:24:d0:38:66:8e:a3:c4:8b:c0:4d:8d:22:40:55:71:c3:
         68:f8:83:3c:5c:fd:40:24:b0:0d:ef:84:6f:f1:8f:96:8f:81:
         5b:16:4f:f0:b4:bd:71:d4:66:8c:fd:0b:82:5c:cc:2f:67:00:
         d4:14:b9:63:9d:bc:dc:66:a1:6d:c8:a9:d0:41:a5:48:e9:14:
         2e:bc:bf:1c:b7:83:f5:06:7f:d7:c7:e5:1e:62:b5:2c:d9:05:
         d8:12:af:29:df:f0:16:94:4a:ce:bd:56:77:79:78:10:af:b2:
         8c:09:6a:bf:13:c0:8a:27:7b:1a:4d:6f:49:1b:74:f9:65:8f:
         02:8a:78:27:98:77:3d:e6:66:2e:b8:2d:25:01:83:c4:8c:fb:
         64:f1:51:d6:9d:90:25:74:f5:8b:76:54:ae:e6:98:84:37:9e:
         34:d2:6b:a2:61:28:83:ec:68:12:bb:fc:ee:1e:7d:4a:e6:49:
         15:64:d8:2e:5e:9d:e7:46:15:bf:6a:6c:70:6b:da:62:eb:83:
         55:f5:30:d9
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIUIOOf2maGN+vP6cgAY5LQWW1y+GIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMjQxNzM5MjRaFw0yNTAxMjIxNzQ0MjRaMDMxMTAvBgNV
BAMTKDJCRTVFMUNCRDc1ODNBNEE3OTM3MENBNDJBMkYzQTZENjM2RUJFNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSWFuqtF7qEyM+yWixhHuOO/Ks
ICoUWhZs7qVM7NoixPLdddL2e8Gd2qgcpeyAybjazAjA5/UfL9E14XxfQz2dD8Pl
CIWf7MGG/5tcjvqKMcGPyBvnGiye/5u5M3mzpqZ2mUZfwOFO7CBfi7nOJJ6DFF7V
t9Ui38qIARKXt/EilVmjeeucnK1r0Dk2cPapwn1uinMVM0HHZtNqfUEMQI3rWF7Z
jkaB4G32aaZwAk6vC1Fvx2ObPRyUYVF295Ui86LHThNUmUaXjNgtJ6tnoRK8/ULY
0g5e1cs7i+VEXigsur3RfcOHoi64J/DxIGueOajGsQvgrOlL4EdWb2+427GLAgMB
AAGjggIfMIICGzAdBgNVHQ4EFgQUK+Xhy9dYOkp5NwykKi86bWNuvlowHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA0NTA4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CME8GCCsGAQUFBwEH
AQH/BEAwPjA8BAIAAjA2AwcAKgagBQXyAwcBKgagBQX6AwcAKgagBQ0pAwcEKgag
BQ9QAwcEKgagBRkwAwcEKgagBSaQMA0GCSqGSIb3DQEBCwUAA4IBAQCuxmz82jq4
mlk4bzEiA+jVn7KPek2gcdy+uhoaajNTeNqBWcxkL5xIaGBUCDh7i9juOgJjR/Es
eyTQOGaOo8SLwE2NIkBVccNo+IM8XP1AJLAN74Rv8Y+Wj4FbFk/wtL1x1GaM/QuC
XMwvZwDUFLljnbzcZqFtyKnQQaVI6RQuvL8ct4P1Bn/Xx+UeYrUs2QXYEq8p3/AW
lErOvVZ3eXgQr7KMCWq/E8CKJ3saTW9JG3T5ZY8CingnmHc95mYuuC0lAYPEjPtk
8VHWnZAldPWLdlSu5piEN5400muiYSiD7GgSu/zuHn1K5kkVZNguXp3nRhW/amxw
a9pi64NV9TDZ
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:04:24 2024 by rpki-client on console-fra.rpki-client.org