Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204914.roa
File:                     AS204914.roa (raw, json)
Hash identifier:          BfN7T7YyRBjuvcNVFOmr1wSB738P2Whoa30NTMJqxME=
Subject key identifier:   29:B1:40:5B:CB:B4:CD:BC:B5:30:03:A2:A1:61:9C:8F:A2:4F:E1:13
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       61C5F37C3360B318995C549AC4B714D789FC0E75
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204914.roa
Signing time:             Tue 05 Dec 2023 02:44:15 +0000
ROA not before:           Tue 05 Dec 2023 02:39:15 +0000
ROA not after:            Tue 03 Dec 2024 02:44:15 +0000
asID:                     204914
IP address blocks:        2a06:a005:d24::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:c5:f3:7c:33:60:b3:18:99:5c:54:9a:c4:b7:14:d7:89:fc:0e:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:15 2023 GMT
            Not After : Dec  3 02:44:15 2024 GMT
        Subject: CN=29B1405BCBB4CDBCB53003A2A1619C8FA24FE113
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:00:6a:e1:a7:c3:0d:b7:0a:59:6c:65:d6:40:
                    aa:75:2b:02:7e:18:bc:37:fb:ff:cc:17:4a:71:5a:
                    0f:d2:02:b5:15:57:58:24:9a:f5:6a:b2:d1:91:5a:
                    24:62:89:d0:4a:98:cb:7f:40:0d:a3:14:99:1e:6c:
                    e9:0c:7d:fa:85:c0:cf:6e:6d:07:21:fa:3b:37:c5:
                    44:15:c4:3f:c2:92:5c:1b:8a:e7:49:1b:d3:b0:08:
                    55:1e:90:71:26:e7:c9:a0:92:a0:17:21:93:81:ec:
                    cc:01:83:09:7f:3c:ae:f4:dd:68:cb:97:63:73:3f:
                    f9:2d:1e:c6:09:c7:d9:72:11:91:08:51:57:d0:05:
                    e5:24:11:9b:81:c8:c4:87:85:e5:b6:99:4f:01:3a:
                    d4:b4:dd:01:33:60:84:3a:30:ff:08:3c:39:1a:b7:
                    4b:f1:e9:f4:4c:b4:71:67:00:08:16:33:6f:0b:46:
                    32:b0:ef:8a:c5:03:d0:9c:10:3b:3b:4e:a2:62:a6:
                    8f:da:4b:7c:a1:52:52:f0:c5:8a:eb:a0:24:e6:69:
                    d1:c2:be:59:97:98:d5:8f:8b:99:10:6e:ed:05:74:
                    99:ff:27:f6:58:e4:1c:88:41:18:b2:3d:19:b8:d5:
                    e5:8e:e7:62:7b:7e:09:db:7b:49:4f:86:5b:4e:bc:
                    52:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B1:40:5B:CB:B4:CD:BC:B5:30:03:A2:A1:61:9C:8F:A2:4F:E1:13
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS204914.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:d24::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:4f:9b:48:3f:ac:6c:60:5c:85:b7:65:1f:ec:80:6d:bc:00:
         f2:08:19:ce:d0:22:32:9a:dc:12:d3:14:c2:f3:34:80:2c:0b:
         f2:b2:a9:91:1b:e1:67:7f:48:3b:7b:8c:97:dc:68:4c:03:24:
         b4:0f:ee:57:de:e9:83:fe:8b:53:9e:fb:ab:6a:b0:73:47:d2:
         a2:8b:2f:db:43:20:69:6c:62:1c:c4:c4:ab:e6:00:29:cc:ee:
         62:16:44:8a:66:d2:0a:19:1d:3f:bb:96:c7:e9:77:a4:53:56:
         ef:d7:6b:b1:99:51:35:37:12:a2:52:40:a8:5c:85:86:df:7a:
         74:92:7d:18:44:4a:77:8e:3a:90:a9:91:c5:9d:57:8a:5a:9e:
         24:39:df:66:4f:d6:52:67:dd:cb:03:4a:1d:4d:9b:8b:80:1c:
         e4:54:5f:e7:88:5a:2d:df:d3:2d:d4:3a:9d:e0:ca:99:06:fa:
         01:c4:ca:90:7f:a1:e4:bf:5a:6d:74:ca:32:e2:da:b8:27:42:
         63:45:18:fa:ce:75:fd:93:f6:a7:27:57:0c:77:48:32:13:b8:
         17:d2:a8:f2:72:40:18:35:0b:8f:f3:39:62:f1:28:cb:9b:c5:
         71:59:b9:a9:d6:56:9a:d6:19:fe:d5:12:27:66:d8:a8:f0:12:
         d1:51:8e:6e
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUYcXzfDNgsxiZXFSaxLcU14n8DnUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTVaFw0yNDEyMDMwMjQ0MTVaMDMxMTAvBgNV
BAMTKDI5QjE0MDVCQ0JCNENEQkNCNTMwMDNBMkExNjE5QzhGQTI0RkUxMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZAGrhp8MNtwpZbGXWQKp1KwJ+
GLw3+//MF0pxWg/SArUVV1gkmvVqstGRWiRiidBKmMt/QA2jFJkebOkMffqFwM9u
bQch+js3xUQVxD/CklwbiudJG9OwCFUekHEm58mgkqAXIZOB7MwBgwl/PK703WjL
l2NzP/ktHsYJx9lyEZEIUVfQBeUkEZuByMSHheW2mU8BOtS03QEzYIQ6MP8IPDka
t0vx6fRMtHFnAAgWM28LRjKw74rFA9CcEDs7TqJipo/aS3yhUlLwxYrroCTmadHC
vlmXmNWPi5kQbu0FdJn/J/ZY5ByIQRiyPRm41eWO52J7fgnbe0lPhltOvFK/AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUKbFAW8u0zby1MAOioWGcj6JP4RMwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA0OTE0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQ0kMA0GCSqGSIb3DQEBCwUAA4IBAQBzT5tI
P6xsYFyFt2Uf7IBtvADyCBnO0CIymtwS0xTC8zSALAvysqmRG+Fnf0g7e4yX3GhM
AyS0D+5X3umD/otTnvurarBzR9Kiiy/bQyBpbGIcxMSr5gApzO5iFkSKZtIKGR0/
u5bH6XekU1bv12uxmVE1NxKiUkCoXIWG33p0kn0YREp3jjqQqZHFnVeKWp4kOd9m
T9ZSZ93LA0odTZuLgBzkVF/niFot39Mt1Dqd4MqZBvoBxMqQf6Hkv1ptdMoy4tq4
J0JjRRj6znX9k/anJ1cMd0gyE7gX0qjyckAYNQuP8zli8SjLm8VxWbmp1laa1hn+
1RInZtio8BLRUY5u
-----END CERTIFICATE-----