Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS205663.roa
File:                     AS205663.roa (raw, json)
Hash identifier:          K+8RIHJs0XIPbBbGbN57005pH2aYyKpHBGa3IW8g0+o=
Subject key identifier:   76:0F:E8:D7:BD:CD:A8:25:0E:C8:BE:34:27:4E:5B:88:13:BB:7A:3B
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       4DB648E81B0F7118D2D629DAEDA380243372DB39
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS205663.roa
Signing time:             Tue 18 Jun 2024 21:04:35 +0000
ROA not before:           Tue 18 Jun 2024 20:59:35 +0000
ROA not after:            Tue 17 Jun 2025 21:04:35 +0000
asID:                     205663
IP address blocks:        2a09:54c1::/32 maxlen: 48
                          2a09:54c1:b00b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 02:53:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:b6:48:e8:1b:0f:71:18:d2:d6:29:da:ed:a3:80:24:33:72:db:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jun 18 20:59:35 2024 GMT
            Not After : Jun 17 21:04:35 2025 GMT
        Subject: CN=760FE8D7BDCDA8250EC8BE34274E5B8813BB7A3B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:52:20:ef:79:c4:f9:42:62:a1:24:82:ca:9a:
                    a1:28:59:35:a7:a4:ed:30:5e:84:80:6b:de:0d:0e:
                    3f:6d:6e:87:d0:b8:71:bf:19:0f:9c:7b:55:f6:36:
                    59:7a:08:f0:17:63:83:1a:15:48:d3:73:6a:fb:de:
                    17:9c:21:36:37:77:b6:6f:64:00:4f:07:f2:c0:cc:
                    60:c4:24:0f:29:79:4f:d1:1a:7e:bd:ca:bd:30:de:
                    84:cd:ce:0a:8f:29:d7:4d:05:1e:24:c4:0d:2c:dc:
                    3a:91:3f:65:30:20:ee:f1:ad:22:14:52:fb:dc:e6:
                    1d:1f:a2:fc:29:3a:62:6d:84:ad:e9:ed:38:eb:ca:
                    40:e2:88:b0:6a:ec:6e:46:b9:ee:b0:f0:e0:96:c5:
                    fd:be:d3:43:a5:33:ee:b2:25:1d:bd:5a:10:e4:74:
                    d8:72:ce:01:ca:cc:8f:69:6f:75:bf:45:b2:06:c6:
                    d1:37:f6:46:73:f2:5e:9b:3d:b7:53:63:82:fb:f9:
                    57:c3:da:7d:92:81:a7:e0:dc:84:58:68:61:40:02:
                    9e:fc:c0:5b:14:2d:cb:5b:27:9f:c5:84:0d:db:14:
                    46:88:97:ee:e1:1f:e5:da:7e:cf:e2:e0:b9:03:63:
                    cc:38:fe:0d:6e:7e:0f:e7:4b:4d:c0:7b:07:ff:ca:
                    83:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:0F:E8:D7:BD:CD:A8:25:0E:C8:BE:34:27:4E:5B:88:13:BB:7A:3B
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS205663.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:54c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         cf:74:a6:87:b3:3a:07:e0:31:b9:55:f9:f4:d1:1e:94:56:dc:
         db:e2:38:a9:e4:6a:cf:76:41:23:e1:f4:77:55:18:e6:b6:8e:
         4b:c0:90:b2:48:0d:43:c9:40:2d:93:04:69:d8:88:5e:59:93:
         48:ac:8e:ec:15:a6:46:65:f2:73:8d:02:05:72:19:d3:34:a9:
         e3:fc:82:26:f9:54:cc:41:6c:88:72:df:5f:74:69:df:f2:c7:
         ae:ab:5e:b6:52:95:37:3a:21:3e:4a:48:d8:3b:23:b7:76:37:
         f3:97:44:1e:8d:63:5c:0c:0c:bc:97:24:bf:a6:b1:63:1d:0e:
         08:17:aa:34:d3:15:f3:d7:40:47:64:ac:a4:19:4d:83:53:33:
         96:ee:99:1b:60:24:47:d1:04:16:d3:0a:d5:5d:8d:88:95:48:
         ea:fa:b3:5c:05:05:96:59:f8:af:94:ee:01:8c:e7:b1:15:b8:
         b7:d0:af:06:12:7a:84:e0:04:3d:3c:c0:1b:6a:6e:88:e4:82:
         9d:f2:bb:09:01:56:6f:d8:6d:68:a4:4f:74:ad:f8:d2:64:d5:
         5a:1f:e9:6a:67:b4:2a:1d:21:b8:2b:e7:41:1b:7b:8e:15:30:
         09:8e:bd:98:de:a8:63:0b:5b:08:69:97:f8:6b:9b:fb:39:fd:
         04:10:b3:98
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIUTbZI6BsPcRjS1ina7aOAJDNy2zkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA2MTgyMDU5MzVaFw0yNTA2MTcyMTA0MzVaMDMxMTAvBgNV
BAMTKDc2MEZFOEQ3QkRDREE4MjUwRUM4QkUzNDI3NEU1Qjg4MTNCQjdBM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvUiDvecT5QmKhJILKmqEoWTWn
pO0wXoSAa94NDj9tbofQuHG/GQ+ce1X2Nll6CPAXY4MaFUjTc2r73hecITY3d7Zv
ZABPB/LAzGDEJA8peU/RGn69yr0w3oTNzgqPKddNBR4kxA0s3DqRP2UwIO7xrSIU
Uvvc5h0fovwpOmJthK3p7TjrykDiiLBq7G5Gue6w8OCWxf2+00OlM+6yJR29WhDk
dNhyzgHKzI9pb3W/RbIGxtE39kZz8l6bPbdTY4L7+VfD2n2Sgafg3IRYaGFAAp78
wFsULctbJ5/FhA3bFEaIl+7hH+Xafs/i4LkDY8w4/g1ufg/nS03Aewf/yoOXAgMB
AAGjggHwMIIB7DAdBgNVHQ4EFgQUdg/o173NqCUOyL40J05biBO7ejswHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA1NjYzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEH
AQH/BBEwDzANBAIAAjAHAwUAKglUwTANBgkqhkiG9w0BAQsFAAOCAQEAz3Smh7M6
B+AxuVX59NEelFbc2+I4qeRqz3ZBI+H0d1UY5raOS8CQskgNQ8lALZMEadiIXlmT
SKyO7BWmRmXyc40CBXIZ0zSp4/yCJvlUzEFsiHLfX3Rp3/LHrqtetlKVNzohPkpI
2Dsjt3Y385dEHo1jXAwMvJckv6axYx0OCBeqNNMV89dAR2SspBlNg1Mzlu6ZG2Ak
R9EEFtMK1V2NiJVI6vqzXAUFlln4r5TuAYznsRW4t9CvBhJ6hOAEPTzAG2puiOSC
nfK7CQFWb9htaKRPdK340mTVWh/pame0Kh0huCvnQRt7jhUwCY69mN6oYwtbCGmX
+Gub+zn9BBCzmA==
-----END CERTIFICATE-----