Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204660.roa
File:                     AS204660.roa (raw, json)
Hash identifier:          QeGLxISy6PnJ3amfDanw31b7Ra4P+BA9Wceq8z6q6TQ=
Subject key identifier:   91:1E:65:42:6A:5C:35:B8:CB:3A:F6:8E:60:87:CB:43:04:22:B6:89
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       30BB47FBB73AFFB3354DBA44F7C0EA3FEA073173
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204660.roa
Signing time:             Tue 05 Dec 2023 02:44:11 +0000
ROA not before:           Tue 05 Dec 2023 02:39:11 +0000
ROA not after:            Tue 03 Dec 2024 02:44:11 +0000
asID:                     204660
IP address blocks:        2a06:a005:d23::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:bb:47:fb:b7:3a:ff:b3:35:4d:ba:44:f7:c0:ea:3f:ea:07:31:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:11 2023 GMT
            Not After : Dec  3 02:44:11 2024 GMT
        Subject: CN=911E65426A5C35B8CB3AF68E6087CB430422B689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:87:8e:56:29:48:ea:6b:27:3d:88:e0:58:45:
                    15:62:65:61:0f:0a:ac:36:b4:94:ae:00:22:91:b0:
                    4d:2e:f2:f8:c6:c2:2f:9d:24:27:c6:0e:5a:c2:2c:
                    a6:17:ca:18:88:de:8f:11:c1:d6:16:eb:5d:cd:7f:
                    3b:e4:4c:cc:5c:73:97:b5:b7:4b:05:d7:b3:25:a0:
                    9d:f3:83:c4:74:dc:4d:20:25:d2:15:6d:7f:46:7a:
                    9f:af:e6:27:7e:59:9a:83:87:bc:f8:0c:b0:dd:08:
                    0a:96:99:1a:57:78:8a:b7:76:17:8c:00:e5:d4:cb:
                    26:f0:7e:b7:15:d1:a2:6c:2d:1f:6a:b8:72:e4:72:
                    82:b7:1d:16:94:61:b6:4c:59:70:14:7c:8a:3e:c2:
                    60:b8:60:72:b4:87:29:11:32:eb:e7:c7:55:e7:89:
                    2b:a0:34:aa:0c:c4:e0:d8:ce:de:df:66:47:c3:ea:
                    66:51:48:63:fa:9d:45:9c:50:b2:24:13:c0:9d:48:
                    3e:5a:ef:af:5b:18:bf:24:38:e2:75:e3:44:99:9d:
                    1e:bf:7f:3e:ae:f8:dd:59:83:58:7f:e3:27:e8:9f:
                    d4:4f:fa:a8:09:63:05:d8:0d:46:2d:f8:68:39:57:
                    0b:70:dd:88:b3:78:d1:18:f9:fb:50:20:ff:7e:7a:
                    bd:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:1E:65:42:6A:5C:35:B8:CB:3A:F6:8E:60:87:CB:43:04:22:B6:89
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204660.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:d23::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:ea:cc:68:c7:d5:8e:c2:83:f5:e5:91:d9:fc:85:17:9a:a9:
         43:73:86:09:c1:2c:e5:a0:c7:b5:02:39:5b:9d:4c:88:3d:4f:
         61:c4:a4:81:d2:53:cc:0f:fb:2d:f2:7c:eb:73:4c:b8:4e:15:
         5b:1a:51:44:fb:a0:7e:6e:64:f9:d3:59:12:bd:bb:c0:ef:72:
         08:71:19:85:00:f0:28:0d:e4:3f:0d:22:e3:80:f2:63:87:69:
         3d:83:a9:2f:3d:95:8a:c8:db:cc:4e:4b:89:d6:0a:99:34:52:
         42:d3:cc:26:b4:f3:e9:fe:0e:4c:35:ec:45:32:f2:e1:a2:9a:
         05:2a:93:1f:51:b0:5b:38:81:ec:60:df:ca:f3:f3:5d:2f:de:
         ec:20:c5:61:1d:4a:c5:fa:1a:84:8c:ba:d1:43:28:86:15:c8:
         f9:e4:11:14:22:2e:b5:89:0d:1c:76:40:97:77:a3:14:fc:e4:
         88:b2:bc:f4:17:09:79:42:7c:52:b7:74:55:d6:2e:44:cc:c4:
         1c:58:2c:e5:95:5c:15:be:64:29:ee:de:4b:35:1b:87:56:7f:
         f1:12:41:77:55:f4:e4:11:10:50:b5:fe:5f:51:cf:16:05:c7:
         a5:e7:16:59:ca:81:81:79:81:4d:79:10:ca:c5:9a:fb:ff:4c:
         e5:33:8a:4b
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUMLtH+7c6/7M1TbpE98DqP+oHMXMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTFaFw0yNDEyMDMwMjQ0MTFaMDMxMTAvBgNV
BAMTKDkxMUU2NTQyNkE1QzM1QjhDQjNBRjY4RTYwODdDQjQzMDQyMkI2ODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyh45WKUjqayc9iOBYRRViZWEP
Cqw2tJSuACKRsE0u8vjGwi+dJCfGDlrCLKYXyhiI3o8RwdYW613NfzvkTMxcc5e1
t0sF17MloJ3zg8R03E0gJdIVbX9Gep+v5id+WZqDh7z4DLDdCAqWmRpXeIq3dheM
AOXUyybwfrcV0aJsLR9quHLkcoK3HRaUYbZMWXAUfIo+wmC4YHK0hykRMuvnx1Xn
iSugNKoMxODYzt7fZkfD6mZRSGP6nUWcULIkE8CdSD5a769bGL8kOOJ140SZnR6/
fz6u+N1Zg1h/4yfon9RP+qgJYwXYDUYt+Gg5Vwtw3YizeNEY+ftQIP9+er3fAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUkR5lQmpcNbjLOvaOYIfLQwQitokwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA0NjYwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQ0jMA0GCSqGSIb3DQEBCwUAA4IBAQBu6sxo
x9WOwoP15ZHZ/IUXmqlDc4YJwSzloMe1AjlbnUyIPU9hxKSB0lPMD/st8nzrc0y4
ThVbGlFE+6B+bmT501kSvbvA73IIcRmFAPAoDeQ/DSLjgPJjh2k9g6kvPZWKyNvM
TkuJ1gqZNFJC08wmtPPp/g5MNexFMvLhopoFKpMfUbBbOIHsYN/K8/NdL97sIMVh
HUrF+hqEjLrRQyiGFcj55BEUIi61iQ0cdkCXd6MU/OSIsrz0Fwl5QnxSt3RV1i5E
zMQcWCzllVwVvmQp7t5LNRuHVn/xEkF3VfTkERBQtf5fUc8WBcel5xZZyoGBeYFN
eRDKxZr7/0zlM4pL
-----END CERTIFICATE-----