Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204842.roa
File:                     AS204842.roa (raw, json)
Hash identifier:          qo3KllBRxVhI5GDo7FIY3PcIGjDusSJ2klHHrxxmoPk=
Subject key identifier:   5E:A2:FB:EA:E0:5D:E6:B9:4F:F7:F2:54:24:09:13:28:76:2F:D3:A4
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       04B3EE52D4DC8722ED34C8A8BAD05AE3D23FB6BD
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204842.roa
Signing time:             Tue 05 Nov 2024 03:40:02 +0000
ROA not before:           Tue 05 Nov 2024 03:35:02 +0000
ROA not after:            Tue 04 Nov 2025 03:40:02 +0000
asID:                     204842
IP address blocks:        2a06:a005:4d9::/48 maxlen: 48
                          2a06:a005:cc0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:b3:ee:52:d4:dc:87:22:ed:34:c8:a8:ba:d0:5a:e3:d2:3f:b6:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:02 2024 GMT
            Not After : Nov  4 03:40:02 2025 GMT
        Subject: CN=5EA2FBEAE05DE6B94FF7F25424091328762FD3A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:db:a9:65:ee:ae:80:70:44:df:1b:04:78:01:
                    a8:01:7e:9d:5f:14:b3:33:54:a2:1a:cc:7e:0a:86:
                    15:04:01:60:57:d4:4b:97:47:43:c8:a7:bf:75:34:
                    e7:dd:29:3a:50:6a:df:af:11:95:86:c3:6b:b9:b3:
                    1d:43:b0:13:c5:f6:e4:29:e2:58:46:a7:53:02:0c:
                    32:d6:d1:1a:32:fe:7c:56:ae:32:fa:a0:26:10:e0:
                    41:e0:fa:18:dd:0d:d4:83:aa:25:a9:ea:70:e1:70:
                    82:1a:e0:f4:77:26:ed:b2:63:13:f0:c7:11:e3:0b:
                    76:47:54:31:e9:02:9d:25:90:9c:72:07:a7:33:6b:
                    9f:cf:5b:ca:e9:93:bf:a9:bf:a4:49:23:11:e9:1b:
                    70:3b:11:0f:e6:0a:be:8e:8d:32:54:ff:4f:83:0b:
                    a1:f1:78:3c:c3:5a:fc:c1:37:50:72:a5:b6:8c:bd:
                    57:ea:a7:b7:dc:8e:bd:cd:05:ac:18:9d:ca:21:75:
                    16:31:b7:3a:42:c4:38:a0:8c:39:d5:9f:8e:1e:e9:
                    13:e0:15:dd:8e:65:fa:bb:53:33:63:56:de:c8:35:
                    9b:cb:90:53:10:ed:b6:5b:9f:e2:91:2b:7d:0c:94:
                    e8:43:30:f8:ef:70:ba:c1:73:27:0d:f2:5c:04:b4:
                    22:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:A2:FB:EA:E0:5D:E6:B9:4F:F7:F2:54:24:09:13:28:76:2F:D3:A4
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204842.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:4d9::/48
                  2a06:a005:cc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         41:41:e9:1b:eb:17:a7:cb:38:18:56:ae:0d:ed:5a:a0:7e:68:
         65:24:ce:76:be:26:d9:85:56:8f:9b:33:1f:80:6a:7e:aa:76:
         22:c6:84:8c:d2:81:86:6e:5c:6a:a5:40:4a:41:59:e0:e4:ea:
         63:e8:a4:a2:76:b2:73:5d:20:25:bd:73:cb:69:cb:a1:72:f3:
         dd:83:30:03:ff:29:52:19:2c:45:49:88:21:a8:47:84:86:b4:
         ce:75:49:d6:7f:5a:42:5d:d0:21:ad:8d:b6:85:ca:84:83:3c:
         ed:97:f2:2a:57:32:d9:fa:54:0f:3d:6b:47:0b:95:c4:16:4d:
         85:8d:26:dc:27:91:f9:08:c2:9c:9e:1e:18:fc:cd:4b:73:30:
         90:9c:80:f2:46:9b:a2:9a:9a:c9:c7:2a:20:95:30:6a:d9:13:
         c0:fe:e5:f2:c9:b4:79:b0:5e:ae:c6:4f:65:4a:54:81:15:94:
         75:2c:d6:dc:7e:ed:95:8e:2e:ca:4a:2d:b8:06:f4:ff:b6:ab:
         92:c7:67:6f:4d:ab:97:6f:f0:2f:40:a3:df:da:95:3a:7b:6e:
         c0:d6:f9:8d:f9:85:b2:3e:b3:05:5b:df:88:40:44:f5:f9:db:
         5a:71:62:04:62:7a:65:24:d1:48:92:0f:70:8b:33:0a:8c:dd:
         76:3e:b2:9e
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUBLPuUtTchyLtNMioutBa49I/tr0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDJaFw0yNTExMDQwMzQwMDJaMDMxMTAvBgNV
BAMTKDVFQTJGQkVBRTA1REU2Qjk0RkY3RjI1NDI0MDkxMzI4NzYyRkQzQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN26ll7q6AcETfGwR4AagBfp1f
FLMzVKIazH4KhhUEAWBX1EuXR0PIp791NOfdKTpQat+vEZWGw2u5sx1DsBPF9uQp
4lhGp1MCDDLW0Roy/nxWrjL6oCYQ4EHg+hjdDdSDqiWp6nDhcIIa4PR3Ju2yYxPw
xxHjC3ZHVDHpAp0lkJxyB6cza5/PW8rpk7+pv6RJIxHpG3A7EQ/mCr6OjTJU/0+D
C6HxeDzDWvzBN1BypbaMvVfqp7fcjr3NBawYncohdRYxtzpCxDigjDnVn44e6RPg
Fd2OZfq7UzNjVt7INZvLkFMQ7bZbn+KRK30MlOhDMPjvcLrBcycN8lwEtCLtAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUXqL76uBd5rlP9/JUJAkTKHYv06QwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA0ODQyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQTZAwcEKgagBQzAMA0GCSqGSIb3DQEBCwUA
A4IBAQBBQekb6xenyzgYVq4N7VqgfmhlJM52vibZhVaPmzMfgGp+qnYixoSM0oGG
blxqpUBKQVng5Opj6KSidrJzXSAlvXPLacuhcvPdgzAD/ylSGSxFSYghqEeEhrTO
dUnWf1pCXdAhrY22hcqEgzztl/IqVzLZ+lQPPWtHC5XEFk2FjSbcJ5H5CMKcnh4Y
/M1LczCQnIDyRpuimprJxyoglTBq2RPA/uXyybR5sF6uxk9lSlSBFZR1LNbcfu2V
ji7KSi24BvT/tquSx2dvTauXb/AvQKPf2pU6e27A1vmN+YWyPrMFW9+IQET1+dta
cWIEYnplJNFIkg9wizMKjN12PrKe
-----END CERTIFICATE-----