Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS207320.roa
File:                     AS207320.roa (raw, json)
Hash identifier:          852JCiaHHl8qG+5LXkco/6OunClUjWEkSU59efg30n8=
Subject key identifier:   78:A2:DD:49:99:73:6E:EA:65:44:53:71:E8:67:DF:48:8D:D5:7D:5D
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       1DE76195AB0C924E0775D7D05516C772961013DD
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS207320.roa
Signing time:             Tue 05 Dec 2023 02:44:12 +0000
ROA not before:           Tue 05 Dec 2023 02:39:12 +0000
ROA not after:            Tue 03 Dec 2024 02:44:12 +0000
asID:                     207320
IP address blocks:        2a06:a005:43d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:e7:61:95:ab:0c:92:4e:07:75:d7:d0:55:16:c7:72:96:10:13:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:12 2023 GMT
            Not After : Dec  3 02:44:12 2024 GMT
        Subject: CN=78A2DD4999736EEA65445371E867DF488DD57D5D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d0:2c:58:44:ba:fe:2a:0a:56:be:6b:24:55:
                    3b:12:0a:f0:1b:4b:3a:a2:a3:5f:22:24:6f:92:a4:
                    af:da:ca:0b:54:9d:1f:61:d0:5b:51:e4:7f:6c:8f:
                    6b:23:14:79:35:fc:10:de:70:d4:ff:0a:76:c8:6e:
                    d1:ff:14:63:d7:09:05:40:7f:15:34:e1:b2:6f:3b:
                    ee:ea:ef:2f:46:49:16:cc:b2:e7:51:2e:d2:d0:7f:
                    5e:88:e4:06:ee:e9:16:47:d4:d6:b7:88:c2:f8:65:
                    30:19:ef:15:80:5b:b4:2f:fe:a7:62:27:e8:9f:9c:
                    b8:5b:6e:a4:cf:fc:65:17:b5:dc:b7:96:a1:40:df:
                    b9:91:0e:4e:4e:e3:97:19:14:95:bc:e3:fb:19:09:
                    9d:be:c8:4b:1d:8f:c6:5a:2e:93:2f:af:bf:7e:94:
                    8c:df:eb:44:70:d6:ad:35:c9:b6:f6:74:09:c9:8b:
                    ad:56:0a:83:cd:3c:05:15:0a:f4:d5:c9:2f:50:83:
                    5f:4e:0a:4e:58:8b:34:9e:10:49:96:6e:bf:88:de:
                    f1:43:5e:7c:7b:32:27:85:90:51:df:13:dc:78:52:
                    e1:ff:eb:3c:5a:8f:05:be:02:6a:76:e6:eb:25:99:
                    02:7f:c5:7a:3e:d4:dc:3b:e7:c7:80:1e:db:3d:c2:
                    63:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:A2:DD:49:99:73:6E:EA:65:44:53:71:E8:67:DF:48:8D:D5:7D:5D
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS207320.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:43d::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:5f:02:52:c8:6f:c7:05:bc:03:cb:86:b3:bf:62:a8:be:92:
         57:68:79:49:37:ec:17:c2:31:dc:68:d6:59:8e:06:80:ae:2f:
         58:c2:71:3e:2e:f4:61:5a:71:43:23:2c:24:ef:da:91:25:3d:
         0f:e4:9a:3f:e0:3b:00:ff:37:a7:6f:f6:6c:03:44:2a:8e:47:
         d4:50:c8:b0:85:50:bd:21:af:b4:b0:cc:95:eb:32:09:49:4b:
         26:da:fa:cf:3f:b0:fe:1e:5c:b5:7c:7f:ba:76:96:b4:ed:6c:
         13:fc:ec:5a:c4:6b:a3:e6:dc:e6:02:29:2d:f4:a6:1d:94:01:
         a0:03:d4:17:3a:c5:1e:bd:fc:a4:b6:16:c5:96:cd:2f:d1:31:
         14:a1:de:04:78:16:b6:24:97:9a:06:09:7f:88:5b:23:95:fd:
         9a:04:92:58:49:49:d6:4e:03:22:2f:21:8b:65:d8:69:65:26:
         0c:e3:58:7b:3d:d2:45:df:e6:75:26:7f:96:04:5d:79:6c:62:
         df:05:65:1b:41:fd:e4:35:df:77:67:ee:38:a3:37:f1:d4:be:
         b9:87:34:9f:ba:0e:99:27:af:b0:51:a3:ed:4a:e6:39:11:c3:
         0a:14:3e:f4:aa:8a:e9:d9:90:b6:fb:d2:d2:ce:c7:77:11:48:
         e0:42:8c:5d
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUHedhlasMkk4HddfQVRbHcpYQE90wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTJaFw0yNDEyMDMwMjQ0MTJaMDMxMTAvBgNV
BAMTKDc4QTJERDQ5OTk3MzZFRUE2NTQ0NTM3MUU4NjdERjQ4OERENTdENUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC20CxYRLr+KgpWvmskVTsSCvAb
Szqio18iJG+SpK/aygtUnR9h0FtR5H9sj2sjFHk1/BDecNT/CnbIbtH/FGPXCQVA
fxU04bJvO+7q7y9GSRbMsudRLtLQf16I5Abu6RZH1Na3iML4ZTAZ7xWAW7Qv/qdi
J+ifnLhbbqTP/GUXtdy3lqFA37mRDk5O45cZFJW84/sZCZ2+yEsdj8ZaLpMvr79+
lIzf60Rw1q01ybb2dAnJi61WCoPNPAUVCvTVyS9Qg19OCk5YizSeEEmWbr+I3vFD
Xnx7MieFkFHfE9x4UuH/6zxajwW+Amp25uslmQJ/xXo+1Nw758eAHts9wmNJAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUeKLdSZlzbuplRFNx6GffSI3VfV0wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA3MzIwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQQ9MA0GCSqGSIb3DQEBCwUAA4IBAQBSXwJS
yG/HBbwDy4azv2KovpJXaHlJN+wXwjHcaNZZjgaAri9YwnE+LvRhWnFDIywk79qR
JT0P5Jo/4DsA/zenb/ZsA0QqjkfUUMiwhVC9Ia+0sMyV6zIJSUsm2vrPP7D+Hly1
fH+6dpa07WwT/OxaxGuj5tzmAikt9KYdlAGgA9QXOsUevfykthbFls0v0TEUod4E
eBa2JJeaBgl/iFsjlf2aBJJYSUnWTgMiLyGLZdhpZSYM41h7PdJF3+Z1Jn+WBF15
bGLfBWUbQf3kNd93Z+44ozfx1L65hzSfug6ZJ6+wUaPtSuY5EcMKFD70qorp2ZC2
+9LSzsd3EUjgQoxd
-----END CERTIFICATE-----