Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS205531.roa
File:                     AS205531.roa (raw, json)
Hash identifier:          67mTof/1l/aiCXdkkEHJiY4XSw/hHfdv8v36BXRcK9Q=
Subject key identifier:   90:B4:37:D3:B9:00:F7:86:53:BE:4C:01:EB:36:CD:07:A6:AA:E1:CD
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       3B3319AD337852CFF445EA030FBA68849BB2CA40
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS205531.roa
Signing time:             Tue 05 Dec 2023 02:44:09 +0000
ROA not before:           Tue 05 Dec 2023 02:39:09 +0000
ROA not after:            Tue 03 Dec 2024 02:44:09 +0000
asID:                     205531
IP address blocks:        2a06:a005:a0b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:33:19:ad:33:78:52:cf:f4:45:ea:03:0f:ba:68:84:9b:b2:ca:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:09 2023 GMT
            Not After : Dec  3 02:44:09 2024 GMT
        Subject: CN=90B437D3B900F78653BE4C01EB36CD07A6AAE1CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f7:66:83:1b:29:fa:ab:c0:96:32:19:e7:47:
                    19:0c:ec:e8:3e:92:88:3a:ab:1f:08:c2:f1:65:68:
                    7f:5f:5a:c0:47:f9:ca:8b:73:c8:4e:e2:13:6c:7e:
                    84:43:b8:c8:97:bf:94:54:22:6a:47:65:3c:48:89:
                    84:22:1c:80:86:97:1f:74:b6:59:dd:e0:80:2d:c4:
                    0c:60:cd:64:6d:f7:f0:45:79:cd:25:9a:49:42:67:
                    59:e2:ba:62:16:0f:43:a5:09:62:3b:9d:8c:fc:0b:
                    9f:30:55:da:e0:08:1c:f7:47:4b:29:12:a0:2c:fb:
                    8e:72:d4:20:ce:e3:dd:30:9d:f5:45:b4:a4:fc:e4:
                    88:af:59:54:0e:2a:ed:9e:5b:5c:1f:96:13:4e:7d:
                    0a:7b:d9:66:0c:4d:8e:49:57:c3:4e:ac:4b:14:e9:
                    21:a1:12:2e:74:3e:38:7d:57:96:ec:17:e0:4c:89:
                    5a:7d:38:bd:ec:a8:85:a3:0b:cd:b8:44:9e:a2:f3:
                    3a:92:34:89:e5:72:25:fc:44:ad:83:46:48:96:b1:
                    a4:14:fd:16:bc:c6:ce:de:80:67:24:f6:a7:65:ee:
                    f3:5d:aa:37:df:b4:6c:08:42:e7:45:54:fa:0f:52:
                    2e:54:c2:1b:97:ce:6d:43:ef:72:4d:49:c1:0e:f9:
                    32:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B4:37:D3:B9:00:F7:86:53:BE:4C:01:EB:36:CD:07:A6:AA:E1:CD
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS205531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:a0b::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:63:aa:a0:9b:02:0c:64:65:da:6f:41:96:e7:8d:c4:52:cf:
         da:7c:96:d1:1f:a8:1b:26:cf:a0:35:51:f1:92:05:4e:ed:c0:
         bd:3d:46:22:12:f4:61:ae:f8:c4:89:8d:d0:93:1d:ba:a3:98:
         23:90:c7:8e:dd:23:66:20:bc:f5:c3:df:74:11:33:09:cf:d6:
         4c:e4:9c:45:d6:d3:b7:18:02:4b:a7:04:19:42:bc:8f:95:bf:
         81:26:2c:70:c6:4b:70:3c:4b:04:b2:34:91:d6:46:2c:07:21:
         98:50:02:1c:89:d7:e0:bf:65:f5:3d:5b:a3:25:4c:23:be:2d:
         ee:8e:3b:f6:22:7f:9b:d1:eb:fa:97:da:f7:28:dc:f3:f9:75:
         ba:32:51:34:a2:95:1a:6b:33:a5:db:ee:06:6f:37:96:11:18:
         ec:13:4d:36:7d:99:cf:26:86:46:fe:dd:19:50:e8:ee:f6:08:
         1b:2a:a5:93:e9:7e:4c:94:81:65:e3:65:8e:35:fc:44:48:83:
         b5:ad:13:fb:f9:e7:5f:2b:f4:b6:27:91:8b:56:33:0e:05:0b:
         06:9e:a6:a6:be:0c:a6:d1:35:e4:c8:c2:92:ee:47:26:bd:b3:
         66:f9:8c:00:80:9c:e5:6e:aa:14:d9:13:f5:2a:a8:a1:6e:e2:
         a1:6f:0e:ad
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUOzMZrTN4Us/0ReoDD7pohJuyykAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MDlaFw0yNDEyMDMwMjQ0MDlaMDMxMTAvBgNV
BAMTKDkwQjQzN0QzQjkwMEY3ODY1M0JFNEMwMUVCMzZDRDA3QTZBQUUxQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC192aDGyn6q8CWMhnnRxkM7Og+
kog6qx8IwvFlaH9fWsBH+cqLc8hO4hNsfoRDuMiXv5RUImpHZTxIiYQiHICGlx90
tlnd4IAtxAxgzWRt9/BFec0lmklCZ1niumIWD0OlCWI7nYz8C58wVdrgCBz3R0sp
EqAs+45y1CDO490wnfVFtKT85IivWVQOKu2eW1wflhNOfQp72WYMTY5JV8NOrEsU
6SGhEi50Pjh9V5bsF+BMiVp9OL3sqIWjC824RJ6i8zqSNInlciX8RK2DRkiWsaQU
/Ra8xs7egGck9qdl7vNdqjfftGwIQudFVPoPUi5UwhuXzm1D73JNScEO+TK1AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUkLQ307kA94ZTvkwB6zbNB6aq4c0wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA1NTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQoLMA0GCSqGSIb3DQEBCwUAA4IBAQAFY6qg
mwIMZGXab0GW543EUs/afJbRH6gbJs+gNVHxkgVO7cC9PUYiEvRhrvjEiY3Qkx26
o5gjkMeO3SNmILz1w990ETMJz9ZM5JxF1tO3GAJLpwQZQryPlb+BJixwxktwPEsE
sjSR1kYsByGYUAIcidfgv2X1PVujJUwjvi3ujjv2In+b0ev6l9r3KNzz+XW6MlE0
opUaazOl2+4GbzeWERjsE002fZnPJoZG/t0ZUOju9ggbKqWT6X5MlIFl42WONfxE
SIO1rRP7+edfK/S2J5GLVjMOBQsGnqamvgym0TXkyMKS7kcmvbNm+YwAgJzlbqoU
2RP1KqihbuKhbw6t
-----END CERTIFICATE-----