Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204518.roa
File:                     AS204518.roa (raw, json)
Hash identifier:          +gIRBWWgoT2dX+dbYovWCz3d1HMKll9pTgYrOSZB/Vo=
Subject key identifier:   52:D3:D1:9A:24:F7:17:64:FC:A9:C8:04:41:68:1D:73:D1:87:7F:58
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       4ACE082F1DEF4952AC0D1F58FF4EC0B24D5862CD
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204518.roa
Signing time:             Tue 05 Dec 2023 02:44:10 +0000
ROA not before:           Tue 05 Dec 2023 02:39:10 +0000
ROA not after:            Tue 03 Dec 2024 02:44:10 +0000
asID:                     204518
IP address blocks:        2a06:a005:d90::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:ce:08:2f:1d:ef:49:52:ac:0d:1f:58:ff:4e:c0:b2:4d:58:62:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:10 2023 GMT
            Not After : Dec  3 02:44:10 2024 GMT
        Subject: CN=52D3D19A24F71764FCA9C80441681D73D1877F58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b9:c9:dd:15:15:f6:16:a9:96:ff:fd:36:6f:
                    ff:26:d2:94:51:26:46:0a:f1:c6:2c:7b:54:7e:3c:
                    cd:69:0b:0d:4a:5c:fe:64:45:9f:5b:cb:24:65:b3:
                    ac:18:57:11:fd:19:bc:a0:a3:da:a6:bc:d0:b2:d4:
                    b1:c3:bb:23:ba:3f:c3:da:f7:7c:54:dc:02:70:94:
                    34:b5:10:cd:5d:53:6a:f7:ef:6b:21:e1:c7:57:a4:
                    33:7d:5b:9c:8f:6a:ac:f7:7c:18:c9:34:8f:ca:69:
                    d0:a7:ee:4e:7b:17:eb:ae:df:ff:5d:e3:91:f8:e7:
                    25:58:e1:37:fb:c1:e9:cf:cd:3e:b3:2f:be:ac:95:
                    48:d2:e1:3d:06:8c:e3:26:10:08:12:47:05:f2:b0:
                    fa:c0:10:32:53:2d:a8:10:a1:94:79:65:34:43:68:
                    91:e3:04:91:c2:2b:51:1b:05:ab:41:30:67:4a:0b:
                    9e:17:46:46:eb:5d:34:aa:16:d1:ba:06:98:85:83:
                    d5:ce:78:f7:cc:ed:3f:d6:18:30:7d:2b:a1:62:26:
                    16:b7:70:2c:a1:93:a1:60:7b:91:5b:9f:a2:40:77:
                    27:27:2c:f7:b1:5d:6f:b5:4a:06:66:30:ff:e9:3a:
                    98:5a:8b:07:2d:24:00:5d:e6:ec:00:2f:9d:cd:e0:
                    12:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:D3:D1:9A:24:F7:17:64:FC:A9:C8:04:41:68:1D:73:D1:87:7F:58
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204518.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:d90::/44

    Signature Algorithm: sha256WithRSAEncryption
         69:b5:a4:ea:19:a1:67:ee:4c:b8:67:10:7f:73:6f:34:d9:8d:
         82:db:e6:36:fb:fa:9e:12:da:57:9f:d7:c5:0d:26:c1:e0:60:
         2c:5a:92:f9:de:38:08:37:4c:73:6d:12:9e:89:bf:20:e4:6d:
         d0:a1:07:6d:e4:e5:16:e0:2c:81:62:7a:47:8e:71:b4:33:c7:
         d3:5c:2d:06:b0:89:48:76:0d:fa:d2:f5:33:78:c7:eb:eb:15:
         23:85:10:51:7c:2f:c2:16:aa:08:f9:4b:0e:5b:c8:33:e2:10:
         25:33:15:81:5a:58:cb:41:3e:e1:f0:fe:53:37:87:4b:6f:0a:
         20:3c:d3:ce:d4:f9:9f:21:c9:6a:15:97:d7:cf:1d:50:36:5b:
         cf:ed:0f:a5:2a:d8:22:8f:41:d8:89:77:30:ae:f0:9c:7a:b1:
         72:8b:49:a9:37:2b:0d:38:e6:70:36:ea:21:ad:92:7e:e0:43:
         2f:28:28:77:99:d1:d1:33:87:8a:a3:5f:21:cb:9f:90:14:a1:
         18:ad:3c:17:e7:f3:86:35:eb:19:6f:e6:81:ef:e4:55:37:89:
         0c:4b:d3:62:20:09:71:80:bd:65:09:8b:46:b5:95:be:32:2c:
         54:e3:46:05:f8:f7:d9:39:01:bf:7e:06:88:03:17:e9:a7:1a:
         24:07:4b:81
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUSs4ILx3vSVKsDR9Y/07Ask1YYs0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTBaFw0yNDEyMDMwMjQ0MTBaMDMxMTAvBgNV
BAMTKDUyRDNEMTlBMjRGNzE3NjRGQ0E5QzgwNDQxNjgxRDczRDE4NzdGNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3ucndFRX2FqmW//02b/8m0pRR
JkYK8cYse1R+PM1pCw1KXP5kRZ9byyRls6wYVxH9Gbygo9qmvNCy1LHDuyO6P8Pa
93xU3AJwlDS1EM1dU2r372sh4cdXpDN9W5yPaqz3fBjJNI/KadCn7k57F+uu3/9d
45H45yVY4Tf7wenPzT6zL76slUjS4T0GjOMmEAgSRwXysPrAEDJTLagQoZR5ZTRD
aJHjBJHCK1EbBatBMGdKC54XRkbrXTSqFtG6BpiFg9XOePfM7T/WGDB9K6FiJha3
cCyhk6Fge5Fbn6JAdycnLPexXW+1SgZmMP/pOphaiwctJABd5uwAL53N4BInAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUUtPRmiT3F2T8qcgEQWgdc9GHf1gwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA0NTE4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQ2QMA0GCSqGSIb3DQEBCwUAA4IBAQBptaTq
GaFn7ky4ZxB/c2802Y2C2+Y2+/qeEtpXn9fFDSbB4GAsWpL53jgIN0xzbRKeib8g
5G3QoQdt5OUW4CyBYnpHjnG0M8fTXC0GsIlIdg360vUzeMfr6xUjhRBRfC/CFqoI
+UsOW8gz4hAlMxWBWljLQT7h8P5TN4dLbwogPNPO1PmfIclqFZfXzx1QNlvP7Q+l
Ktgij0HYiXcwrvCcerFyi0mpNysNOOZwNuohrZJ+4EMvKCh3mdHRM4eKo18hy5+Q
FKEYrTwX5/OGNesZb+aB7+RVN4kMS9NiIAlxgL1lCYtGtZW+MixU40YF+PfZOQG/
fgaIAxfppxokB0uB
-----END CERTIFICATE-----