Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          xntY0CDRDC+GPgumRWyGy2LjpO8FtZGEx/Mf3FnI/lA=
Subject key identifier:   97:ED:2F:C1:61:66:58:4A:67:A6:4D:DB:C6:FC:42:E2:61:4F:B7:D5
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       5D898527280A360EF81D5B2123689D192C539CBF
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS20473.roa
Signing time:             Tue 05 Dec 2023 02:44:16 +0000
ROA not before:           Tue 05 Dec 2023 02:39:16 +0000
ROA not after:            Tue 03 Dec 2024 02:44:16 +0000
asID:                     20473
IP address blocks:        2a06:a000:170::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 12:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:89:85:27:28:0a:36:0e:f8:1d:5b:21:23:68:9d:19:2c:53:9c:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:16 2023 GMT
            Not After : Dec  3 02:44:16 2024 GMT
        Subject: CN=97ED2FC16166584A67A64DDBC6FC42E2614FB7D5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:be:45:63:bf:a3:e2:52:69:49:f1:9e:9d:3b:
                    d1:17:bb:ce:e6:1e:c0:42:5c:0d:6b:a5:d2:b6:a2:
                    73:c7:ae:58:e5:fc:83:f0:e4:7a:48:9f:9b:3c:e7:
                    75:b2:a3:5d:11:9f:9f:af:b4:bc:e6:9f:85:3a:3f:
                    e3:68:a0:13:e1:c3:c6:f5:6d:33:87:dc:65:72:80:
                    48:8d:8f:c5:82:2c:85:76:b5:33:a6:60:ce:76:4e:
                    5b:a6:2a:0e:cc:13:72:50:9f:92:77:92:9f:a9:ea:
                    66:8c:3f:68:0e:7c:25:19:3f:c3:2d:12:2d:91:37:
                    98:52:c2:f7:f2:47:d3:1b:27:58:1b:f0:8a:55:8a:
                    2e:8c:9a:25:7a:70:37:ec:74:9b:f4:82:fb:dc:69:
                    6f:4c:13:4a:48:77:31:7d:b1:03:6a:71:d4:40:31:
                    f0:b2:d0:85:ab:fa:3c:2e:2e:5b:95:e1:be:db:23:
                    8d:fe:e1:18:81:f7:2c:e9:42:d8:4a:ec:ab:36:9c:
                    8e:ff:12:17:07:2b:37:a8:e8:29:cf:1b:62:fb:30:
                    ef:a1:9a:75:58:e8:af:11:a9:19:04:16:00:a0:e0:
                    bd:eb:2d:b0:25:37:20:5c:2c:d8:20:7f:f6:e2:01:
                    69:ec:ed:c2:fd:60:ab:8f:9c:94:2c:5e:f1:2e:1d:
                    3a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:ED:2F:C1:61:66:58:4A:67:A6:4D:DB:C6:FC:42:E2:61:4F:B7:D5
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a000:170::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:2c:73:8a:ad:c8:34:ae:e0:d5:f6:cb:03:b7:53:55:4f:46:
         ee:61:63:df:4c:f4:db:aa:e4:a7:e1:09:97:ec:b7:98:cd:d7:
         cb:31:fc:0a:fe:80:fa:6b:39:6f:12:a2:98:b0:7c:00:fd:00:
         14:1d:aa:d2:e0:0a:93:e6:6e:94:d5:89:f1:a3:41:f7:72:d5:
         fa:15:26:17:1a:dd:77:7d:49:0b:6b:0e:1b:c2:7f:67:ff:dd:
         2c:8f:fd:77:3c:6d:14:46:ce:0b:4f:f1:64:ab:c9:f9:e3:bc:
         38:8b:35:38:5b:fd:d8:52:fd:9b:f1:a1:3a:1d:f2:ec:cf:dc:
         9a:0f:cd:8c:55:c9:4b:87:00:f3:5b:05:2b:bf:16:1c:70:0d:
         bb:a7:07:30:b9:1f:32:96:fa:45:3b:53:03:38:27:81:18:7c:
         4b:5d:e9:08:a5:a4:37:32:bf:6f:7d:8a:d1:fd:ab:7d:e1:b8:
         32:6e:9c:7c:52:74:a6:42:85:ff:ad:2b:12:41:92:2c:41:2e:
         50:cd:c6:8c:ca:08:2e:17:a0:81:c6:e3:18:b1:86:79:f0:6a:
         44:ff:05:d3:e0:71:f8:80:e1:91:a8:51:3f:ee:48:99:ac:6b:
         74:26:3a:18:86:0a:4e:f8:ba:04:10:ea:21:9b:bc:df:84:e2:
         e7:39:6e:39
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUXYmFJygKNg74HVshI2idGSxTnL8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTZaFw0yNDEyMDMwMjQ0MTZaMDMxMTAvBgNV
BAMTKDk3RUQyRkMxNjE2NjU4NEE2N0E2NEREQkM2RkM0MkUyNjE0RkI3RDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEvkVjv6PiUmlJ8Z6dO9EXu87m
HsBCXA1rpdK2onPHrljl/IPw5HpIn5s853Wyo10Rn5+vtLzmn4U6P+NooBPhw8b1
bTOH3GVygEiNj8WCLIV2tTOmYM52TlumKg7ME3JQn5J3kp+p6maMP2gOfCUZP8Mt
Ei2RN5hSwvfyR9MbJ1gb8IpVii6MmiV6cDfsdJv0gvvcaW9ME0pIdzF9sQNqcdRA
MfCy0IWr+jwuLluV4b7bI43+4RiB9yzpQthK7Ks2nI7/EhcHKzeo6CnPG2L7MO+h
mnVY6K8RqRkEFgCg4L3rLbAlNyBcLNggf/biAWns7cL9YKuPnJQsXvEuHToHAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUl+0vwWFmWEpnpk3bxvxC4mFPt9UwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA0NzMucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwAqBqAAAXAwDQYJKoZIhvcNAQELBQADggEBADUsc4qt
yDSu4NX2ywO3U1VPRu5hY99M9Nuq5KfhCZfst5jN18sx/Ar+gPprOW8SopiwfAD9
ABQdqtLgCpPmbpTVifGjQfdy1foVJhca3Xd9SQtrDhvCf2f/3SyP/Xc8bRRGzgtP
8WSryfnjvDiLNThb/dhS/ZvxoTod8uzP3JoPzYxVyUuHAPNbBSu/FhxwDbunBzC5
HzKW+kU7UwM4J4EYfEtd6QilpDcyv299itH9q33huDJunHxSdKZChf+tKxJBkixB
LlDNxozKCC4XoIHG4xixhnnwakT/BdPgcfiA4ZGoUT/uSJmsa3QmOhiGCk74ugQQ
6iGbvN+E4uc5bjk=
-----END CERTIFICATE-----
Generated at Thu Mar 28 16:46:34 2024 by rpki-client on console-fra.rpki-client.org