Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204660.roa
File:                     AS204660.roa (raw, json)
Hash identifier:          bcVZtV57VtELbpus1tx8aDssvlGcZAoXxtvKjb86kpk=
Subject key identifier:   99:F3:2D:F8:70:F0:5A:DF:50:CC:63:5A:F9:58:C2:C5:EF:B9:F7:FC
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       5842FF399F396C2F26528E41330532AF85835209
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204660.roa
Signing time:             Tue 05 Nov 2024 03:40:08 +0000
ROA not before:           Tue 05 Nov 2024 03:35:08 +0000
ROA not after:            Tue 04 Nov 2025 03:40:08 +0000
asID:                     204660
IP address blocks:        2a06:a005:d23::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:42:ff:39:9f:39:6c:2f:26:52:8e:41:33:05:32:af:85:83:52:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:08 2024 GMT
            Not After : Nov  4 03:40:08 2025 GMT
        Subject: CN=99F32DF870F05ADF50CC635AF958C2C5EFB9F7FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:dc:87:88:d0:25:c2:c2:18:6f:fa:56:92:1f:
                    5f:96:e5:3c:ec:d5:56:02:35:cc:48:93:bf:73:16:
                    96:59:be:74:e2:f0:03:a0:38:51:81:35:26:e0:f7:
                    c9:86:8a:53:2b:c9:a1:e6:91:5e:c6:71:97:81:3b:
                    ab:b0:e8:59:d6:5d:08:b3:66:48:da:8a:3a:7c:c5:
                    f6:b8:2e:16:c9:fb:89:7f:24:48:65:0e:43:43:69:
                    7a:02:6e:fd:60:ad:40:af:e6:84:b9:52:78:a4:34:
                    06:af:44:51:36:4c:da:fa:fa:2f:22:45:be:77:7e:
                    ce:ad:58:5f:c1:64:9e:dd:72:1f:a0:e4:8a:01:9a:
                    c7:45:30:2d:8a:ea:28:80:29:6f:d2:9f:83:84:3b:
                    c0:19:95:21:12:21:7a:83:e3:f7:2f:15:fd:22:d5:
                    07:86:02:e3:9b:da:df:ac:9d:37:e5:0e:32:c8:4b:
                    75:f7:db:a3:37:2b:65:5e:b3:e2:c1:e9:1b:a6:0a:
                    9e:34:13:c1:81:7a:43:d5:49:e8:74:6f:b2:db:19:
                    c9:ff:6b:64:9b:26:9f:d0:f9:bc:63:c9:fb:2f:90:
                    66:84:ee:ab:f0:e2:24:20:f9:26:f1:df:06:4c:03:
                    af:50:ff:07:5c:c9:79:e2:99:37:a1:cf:4f:0f:b7:
                    2f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:F3:2D:F8:70:F0:5A:DF:50:CC:63:5A:F9:58:C2:C5:EF:B9:F7:FC
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204660.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:d23::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:fc:62:50:ba:dc:d0:a0:76:d3:78:ec:9e:62:e8:34:6f:85:
         7b:72:be:c1:1d:7d:69:41:b3:49:b0:d5:5b:71:98:ec:75:c8:
         86:d4:dc:03:8f:b4:0f:5c:9d:e2:5d:d6:3c:d3:d8:2e:85:14:
         c7:ad:8d:69:ec:3a:ef:3b:6f:ed:36:06:cc:ae:0c:4c:16:7b:
         b5:c3:d1:18:84:0c:3d:1c:b2:f2:94:e0:e4:d2:32:72:eb:75:
         ac:a2:5a:99:34:f5:e3:20:81:e2:9e:6d:b5:06:0b:0e:28:05:
         5c:d7:ee:15:d1:67:da:3e:36:c2:81:ca:a1:32:89:f0:40:71:
         db:59:a9:c7:d4:f7:8e:d6:e3:d9:b4:43:52:5c:b4:43:c5:dc:
         5b:d6:fe:e6:a3:7f:96:7e:ab:ce:1e:ec:ec:43:a9:ae:cb:73:
         88:ff:ff:39:ba:6e:29:d6:9a:1e:c5:83:21:49:53:59:d2:40:
         83:b5:e0:58:aa:3a:f4:ca:d1:c7:f9:ec:4f:c6:88:11:2f:85:
         de:a0:e2:a9:69:61:6b:d0:10:7a:d1:2f:5c:c0:4d:e3:0e:9d:
         af:6a:58:ab:6d:18:0c:9c:66:c5:77:20:d4:7d:c5:1c:69:08:
         b3:1c:e0:67:ab:57:7b:81:b4:24:7b:de:37:7a:19:fd:b2:48:
         12:d2:bd:4e
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUWEL/OZ85bC8mUo5BMwUyr4WDUgkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDhaFw0yNTExMDQwMzQwMDhaMDMxMTAvBgNV
BAMTKDk5RjMyREY4NzBGMDVBREY1MENDNjM1QUY5NThDMkM1RUZCOUY3RkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB3IeI0CXCwhhv+laSH1+W5Tzs
1VYCNcxIk79zFpZZvnTi8AOgOFGBNSbg98mGilMryaHmkV7GcZeBO6uw6FnWXQiz
Zkjaijp8xfa4LhbJ+4l/JEhlDkNDaXoCbv1grUCv5oS5UnikNAavRFE2TNr6+i8i
Rb53fs6tWF/BZJ7dch+g5IoBmsdFMC2K6iiAKW/Sn4OEO8AZlSESIXqD4/cvFf0i
1QeGAuOb2t+snTflDjLIS3X326M3K2Ves+LB6RumCp40E8GBekPVSeh0b7LbGcn/
a2SbJp/Q+bxjyfsvkGaE7qvw4iQg+Sbx3wZMA69Q/wdcyXnimTehz08Pty81AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUmfMt+HDwWt9QzGNa+VjCxe+59/wwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA0NjYwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQ0jMA0GCSqGSIb3DQEBCwUAA4IBAQB6/GJQ
utzQoHbTeOyeYug0b4V7cr7BHX1pQbNJsNVbcZjsdciG1NwDj7QPXJ3iXdY809gu
hRTHrY1p7DrvO2/tNgbMrgxMFnu1w9EYhAw9HLLylODk0jJy63WsolqZNPXjIIHi
nm21BgsOKAVc1+4V0WfaPjbCgcqhMonwQHHbWanH1PeO1uPZtENSXLRDxdxb1v7m
o3+WfqvOHuzsQ6muy3OI//85um4p1poexYMhSVNZ0kCDteBYqjr0ytHH+exPxogR
L4XeoOKpaWFr0BB60S9cwE3jDp2valirbRgMnGbFdyDUfcUcaQizHOBnq1d7gbQk
e943ehn9skgS0r1O
-----END CERTIFICATE-----