Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          JEVvNA6zwWrImjJNC2Sx9beASqsC+2xdG3/A+SwPVlY=
Subject key identifier:   B6:FA:54:2E:E6:90:9B:66:0B:41:0F:46:3D:C4:B0:53:54:1D:92:47
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       466E33DF816651E1621FDAE27507D69654E9ACA3
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS20473.roa
Signing time:             Thu 12 Sep 2024 17:49:21 +0000
ROA not before:           Thu 12 Sep 2024 17:44:21 +0000
ROA not after:            Thu 11 Sep 2025 17:49:21 +0000
asID:                     20473
IP address blocks:        2a06:a000:170::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:6e:33:df:81:66:51:e1:62:1f:da:e2:75:07:d6:96:54:e9:ac:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Sep 12 17:44:21 2024 GMT
            Not After : Sep 11 17:49:21 2025 GMT
        Subject: CN=B6FA542EE6909B660B410F463DC4B053541D9247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:74:cf:34:c4:56:21:0f:d7:d4:6a:3e:73:1f:
                    3b:6a:44:1d:6d:ec:c3:cb:41:e3:cd:ee:63:aa:6a:
                    d8:09:b4:4f:31:b6:1a:f2:04:b7:f2:54:10:44:46:
                    9b:2d:cd:13:2b:2a:55:6f:af:0b:2b:5a:fb:c0:07:
                    23:a7:76:32:48:50:8c:2b:86:83:32:1c:7d:c4:0c:
                    55:2d:0f:07:44:c4:fe:48:e5:2e:6d:43:47:c9:53:
                    0f:5d:a2:49:60:c5:a1:4f:8b:87:43:55:94:ab:63:
                    d7:db:9d:7b:89:ef:52:17:15:3d:b6:86:51:0a:46:
                    52:a6:82:7d:46:bd:49:62:cc:85:83:7f:f8:fe:6f:
                    f6:bd:b0:f9:77:ca:86:b4:67:c5:0a:44:97:95:a3:
                    84:ab:93:9b:06:38:c7:b2:3e:40:db:6a:5c:d9:f5:
                    a4:4c:90:7f:58:13:37:58:b3:36:ea:b5:87:31:02:
                    9a:bf:d0:c9:11:87:5f:a8:f1:6b:2d:82:83:fd:92:
                    18:f7:16:4e:7c:3c:71:e0:fc:6c:4c:fb:09:d2:67:
                    66:5f:b0:6c:bd:47:a6:b5:aa:a0:ef:24:67:06:72:
                    37:5d:4a:84:42:af:41:57:58:f2:50:30:81:5f:d2:
                    ba:03:09:15:cb:78:ce:b4:4d:38:d0:94:29:c6:42:
                    16:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:FA:54:2E:E6:90:9B:66:0B:41:0F:46:3D:C4:B0:53:54:1D:92:47
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a000:170::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:c6:64:43:7a:6d:13:46:05:c8:1b:8c:64:17:8e:6c:e4:d6:
         5d:8c:15:15:6c:dd:20:bb:fc:cc:7d:d8:13:0b:1a:74:69:85:
         c1:34:d2:59:af:6e:92:f2:c7:25:b7:b9:89:67:4f:b1:68:95:
         70:b6:5c:2f:8f:3c:a8:7d:f6:6a:2a:67:1e:1e:21:6f:59:d5:
         1f:71:8f:14:51:b0:86:5a:df:0c:ca:dd:16:68:1e:1f:cc:20:
         c8:d5:91:0c:39:e7:cb:76:88:bf:db:88:61:02:88:78:54:26:
         34:63:e9:2f:ce:ff:80:1e:3e:68:5a:03:02:ef:5d:ab:ab:40:
         5a:c6:b8:90:95:4f:d9:20:0d:1b:10:8a:f1:fc:46:72:82:63:
         22:6f:1e:39:a9:d8:72:93:72:e9:e1:05:4e:30:60:46:6e:f2:
         a4:27:c1:8d:2d:05:c1:8b:cc:f5:3a:7e:94:37:69:89:79:90:
         fb:e9:2a:2d:60:0d:ac:ac:64:f8:e3:83:aa:0f:fe:8f:3d:38:
         d3:59:13:50:d9:f2:d8:74:f5:33:7d:f3:2e:4e:fd:34:58:7d:
         e3:06:27:07:8a:93:6e:67:4f:bd:a3:28:c9:7b:64:b0:20:4c:
         f2:b9:f7:9e:28:06:32:b9:76:db:3d:5d:fd:d7:78:e0:06:28:
         49:fc:3a:55
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIURm4z34FmUeFiH9ridQfWllTprKMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA5MTIxNzQ0MjFaFw0yNTA5MTExNzQ5MjFaMDMxMTAvBgNV
BAMTKEI2RkE1NDJFRTY5MDlCNjYwQjQxMEY0NjNEQzRCMDUzNTQxRDkyNDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8dM80xFYhD9fUaj5zHztqRB1t
7MPLQePN7mOqatgJtE8xthryBLfyVBBERpstzRMrKlVvrwsrWvvAByOndjJIUIwr
hoMyHH3EDFUtDwdExP5I5S5tQ0fJUw9doklgxaFPi4dDVZSrY9fbnXuJ71IXFT22
hlEKRlKmgn1GvUlizIWDf/j+b/a9sPl3yoa0Z8UKRJeVo4Srk5sGOMeyPkDbalzZ
9aRMkH9YEzdYszbqtYcxApq/0MkRh1+o8WstgoP9khj3Fk58PHHg/GxM+wnSZ2Zf
sGy9R6a1qqDvJGcGcjddSoRCr0FXWPJQMIFf0roDCRXLeM60TTjQlCnGQhaPAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUtvpULuaQm2YLQQ9GPcSwU1QdkkcwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA0NzMucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwAqBqAAAXAwDQYJKoZIhvcNAQELBQADggEBAF3GZEN6
bRNGBcgbjGQXjmzk1l2MFRVs3SC7/Mx92BMLGnRphcE00lmvbpLyxyW3uYlnT7Fo
lXC2XC+PPKh99moqZx4eIW9Z1R9xjxRRsIZa3wzK3RZoHh/MIMjVkQw558t2iL/b
iGECiHhUJjRj6S/O/4AePmhaAwLvXaurQFrGuJCVT9kgDRsQivH8RnKCYyJvHjmp
2HKTcunhBU4wYEZu8qQnwY0tBcGLzPU6fpQ3aYl5kPvpKi1gDaysZPjjg6oP/o89
ONNZE1DZ8th09TN98y5O/TRYfeMGJweKk25nT72jKMl7ZLAgTPK5954oBjK5dts9
Xf3XeOAGKEn8OlU=
-----END CERTIFICATE-----