Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          t+G/vh3n1D+AyZaxwxaS3NNT5cwvgjsB/K3orzcEH0o=
Subject key identifier:   81:82:6E:79:06:6A:DA:02:FE:9A:C1:5E:D8:75:24:EC:5F:2A:ED:69
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       0227C10D2004F1FEA8A62B869CC958799BAA46D2
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS20473.roa
Signing time:             Tue 03 Jan 2023 02:07:10 +0000
ROA not before:           Tue 03 Jan 2023 02:02:10 +0000
ROA not after:            Tue 02 Jan 2024 02:07:10 +0000
asID:                     20473
IP address blocks:        2a06:a000:170::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 07:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:27:c1:0d:20:04:f1:fe:a8:a6:2b:86:9c:c9:58:79:9b:aa:46:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan  3 02:02:10 2023 GMT
            Not After : Jan  2 02:07:10 2024 GMT
        Subject: CN=81826E79066ADA02FE9AC15ED87524EC5F2AED69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:6c:29:43:af:2c:62:13:0c:01:f3:37:ee:54:
                    6b:17:c8:2d:84:70:5e:b2:c8:2a:06:08:c4:27:53:
                    52:79:29:a0:4a:48:c1:f7:51:3e:5d:c4:f0:57:ad:
                    9a:00:88:95:1f:91:50:9e:23:9c:d6:b6:58:46:19:
                    d0:47:84:a1:12:04:25:f3:7b:03:00:fc:a3:ba:56:
                    f5:48:81:95:3d:c2:67:07:15:b2:2f:4f:cd:86:d3:
                    57:d8:07:24:8a:94:0d:14:40:e4:0b:43:fb:3f:ea:
                    5f:e9:4e:29:50:6f:df:fb:f7:8b:44:7f:b4:ef:51:
                    d5:d7:95:80:26:35:0d:2b:c6:22:90:06:bd:5a:59:
                    8a:d2:d5:4c:ed:f9:fe:d6:e3:92:4a:22:69:b0:60:
                    b7:47:26:3c:7c:fb:50:b9:b8:25:a0:91:0b:8a:9c:
                    66:2a:38:f6:c8:8b:d2:c2:96:45:12:99:3a:fc:82:
                    a7:3b:f6:6d:fc:a3:71:09:53:72:59:82:45:03:f9:
                    dd:7a:22:92:26:ad:59:f5:f6:77:d1:06:46:1b:1b:
                    8a:e0:04:75:fe:87:f7:f5:0d:82:1c:38:5b:14:f4:
                    bb:99:be:05:cc:3e:6f:b5:e2:d9:15:0d:c2:6a:d4:
                    04:46:50:c5:5f:bd:2d:2b:e8:b0:cf:de:91:40:cf:
                    3c:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                81:82:6E:79:06:6A:DA:02:FE:9A:C1:5E:D8:75:24:EC:5F:2A:ED:69
            X509v3 Authority Key Identifier: 
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a000:170::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:bd:e1:61:9e:50:7e:28:6c:9a:bb:fa:67:a4:fb:91:1f:24:
         a1:c7:b8:86:1f:07:9c:ae:e2:33:2a:b4:25:78:33:f6:c2:13:
         44:83:0f:2a:69:39:57:74:94:07:4e:c6:42:48:91:22:8a:61:
         7c:8d:20:62:86:e5:42:58:62:cf:c3:64:31:72:27:a3:ff:86:
         2e:81:27:a1:e4:16:19:20:f9:28:87:c9:91:16:44:c5:db:b9:
         8f:b3:e3:51:1a:b2:28:9a:a1:aa:61:e8:a8:42:e6:0f:13:8c:
         b3:70:8c:37:78:99:98:28:b6:b2:4e:42:2d:a7:a9:36:3f:87:
         60:3a:45:58:24:e6:89:f3:e5:ff:4e:d8:57:00:6b:2d:16:63:
         cf:bf:d7:dd:07:67:4d:11:60:b0:8e:b9:93:de:e2:69:e9:51:
         c2:23:3c:4a:51:26:ef:c2:da:42:1a:0e:ef:16:2b:8b:31:ea:
         c1:86:38:7a:ca:55:5d:80:f4:3b:56:a0:a3:d7:00:4c:d2:f6:
         0d:5c:90:4c:fb:1b:90:25:f3:ff:af:03:75:3c:cc:8f:4f:1d:
         5e:01:1a:ed:98:b0:df:06:65:94:2c:ef:bf:c4:d3:2b:d0:ff:
         d7:ab:e3:4f:c4:b3:e1:bd:63:c8:2f:75:60:b9:f5:7b:70:16:
         76:3c:9c:45
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUAifBDSAE8f6opiuGnMlYeZuqRtIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzAxMDMwMjAyMTBaFw0yNDAxMDIwMjA3MTBaMDMxMTAvBgNV
BAMTKDgxODI2RTc5MDY2QURBMDJGRTlBQzE1RUQ4NzUyNEVDNUYyQUVENjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBbClDryxiEwwB8zfuVGsXyC2E
cF6yyCoGCMQnU1J5KaBKSMH3UT5dxPBXrZoAiJUfkVCeI5zWtlhGGdBHhKESBCXz
ewMA/KO6VvVIgZU9wmcHFbIvT82G01fYBySKlA0UQOQLQ/s/6l/pTilQb9/794tE
f7TvUdXXlYAmNQ0rxiKQBr1aWYrS1Uzt+f7W45JKImmwYLdHJjx8+1C5uCWgkQuK
nGYqOPbIi9LClkUSmTr8gqc79m38o3EJU3JZgkUD+d16IpImrVn19nfRBkYbG4rg
BHX+h/f1DYIcOFsU9LuZvgXMPm+14tkVDcJq1ARGUMVfvS0r6LDP3pFAzzzlAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUgYJueQZq2gL+msFe2HUk7F8q7WkwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA0NzMucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwAqBqAAAXAwDQYJKoZIhvcNAQELBQADggEBAKe94WGe
UH4obJq7+mek+5EfJKHHuIYfB5yu4jMqtCV4M/bCE0SDDyppOVd0lAdOxkJIkSKK
YXyNIGKG5UJYYs/DZDFyJ6P/hi6BJ6HkFhkg+SiHyZEWRMXbuY+z41Easiiaoaph
6KhC5g8TjLNwjDd4mZgotrJOQi2nqTY/h2A6RVgk5onz5f9O2FcAay0WY8+/190H
Z00RYLCOuZPe4mnpUcIjPEpRJu/C2kIaDu8WK4sx6sGGOHrKVV2A9DtWoKPXAEzS
9g1ckEz7G5Al8/+vA3U8zI9PHV4BGu2YsN8GZZQs77/E0yvQ/9er40/Es+G9Y8gv
dWC59XtwFnY8nEU=
-----END CERTIFICATE-----