Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS208223.roa
File:                     AS208223.roa (raw, json)
Hash identifier:          hI7qgl7fB+l9Cd7KhMaAfnqKowU6xdHfO+vXSZF6iZE=
Subject key identifier:   71:23:36:96:F9:7B:C9:05:CC:D1:35:E9:07:C4:29:C1:56:13:D0:6D
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       78F53CB43ED3D293BB0FD7F2A161304D8E73256D
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS208223.roa
Signing time:             Tue 05 Dec 2023 02:44:14 +0000
ROA not before:           Tue 05 Dec 2023 02:39:14 +0000
ROA not after:            Tue 03 Dec 2024 02:44:14 +0000
asID:                     208223
IP address blocks:        2a06:a005:4de::/48 maxlen: 48
                          2a06:a005:770::/44 maxlen: 48
                          2a06:a005:890::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:f5:3c:b4:3e:d3:d2:93:bb:0f:d7:f2:a1:61:30:4d:8e:73:25:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:14 2023 GMT
            Not After : Dec  3 02:44:14 2024 GMT
        Subject: CN=71233696F97BC905CCD135E907C429C15613D06D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ae:1b:cd:58:74:15:24:45:6e:df:5c:f5:62:
                    fa:70:c4:03:4f:0b:45:09:3b:d9:a8:85:db:32:f3:
                    66:23:2c:60:f7:b4:84:73:f6:48:fa:ff:42:6e:d5:
                    d3:77:dd:f4:e6:65:d5:44:8b:54:c1:4b:ec:74:0a:
                    55:4b:a2:97:a4:4c:56:12:cf:5f:35:d2:b1:62:cf:
                    00:67:ae:52:26:61:47:0c:1f:96:bc:7c:17:bb:70:
                    d0:d7:3f:3a:1c:1e:3e:7e:3e:7a:2a:6a:f4:35:73:
                    cc:60:51:b7:a6:b9:7f:85:c4:e9:4d:56:f0:17:c2:
                    53:49:59:09:95:65:3f:d3:04:9a:06:bb:9c:6a:7d:
                    b8:3d:35:d3:44:d2:e2:20:6a:13:7c:84:59:94:39:
                    3d:4e:47:88:06:60:a8:de:9d:34:96:26:77:92:5f:
                    f2:68:a7:ec:46:8c:42:30:86:82:10:23:ed:f1:f7:
                    96:b0:34:35:26:c6:95:f0:23:2e:9d:97:dc:c3:b5:
                    42:6c:29:61:b2:2e:72:59:97:3c:ed:2b:87:23:26:
                    1c:6f:97:c8:c5:6c:dc:f0:ae:ce:94:d6:f3:67:3e:
                    92:19:81:6d:49:e4:5c:da:48:3a:ba:12:8c:71:ea:
                    48:cf:c8:ce:fa:6d:cd:bc:90:d4:1f:37:02:4b:45:
                    35:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:23:36:96:F9:7B:C9:05:CC:D1:35:E9:07:C4:29:C1:56:13:D0:6D
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS208223.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:4de::/48
                  2a06:a005:770::/44
                  2a06:a005:890::/44

    Signature Algorithm: sha256WithRSAEncryption
         8b:3a:f3:68:b0:d4:79:a6:4f:f7:f0:54:2a:70:07:cb:a5:db:
         37:08:52:8a:25:0f:10:f0:af:a7:b2:89:45:f3:d3:1b:14:b0:
         cf:c0:20:7e:fd:72:9d:e2:1a:5b:0e:49:c9:08:bc:b3:d4:7e:
         71:26:34:8b:e3:48:8b:76:f1:05:f0:52:29:0a:33:65:30:ad:
         e4:a4:fb:9e:9a:94:ac:eb:d9:15:49:a3:74:2b:1f:1b:52:30:
         b4:c3:b3:e8:07:3b:c7:1d:19:d5:c0:93:f8:12:cf:d4:bc:d7:
         92:2e:23:cc:28:24:f5:7f:77:5b:4e:8d:38:1d:7c:c2:e1:85:
         f9:49:ad:43:dc:fb:cd:97:63:41:56:99:fd:5f:c6:53:9c:06:
         f2:6e:dd:71:16:50:bf:66:10:ad:a0:81:42:a0:7e:33:82:24:
         39:10:69:b5:b9:b2:f9:34:03:2e:d9:ef:d1:c4:37:5e:32:e4:
         5c:65:1d:4d:24:21:57:d7:ab:1e:14:26:ed:ce:46:83:f8:86:
         06:72:ff:12:48:0d:c2:4a:13:8d:f9:28:6a:af:02:56:34:fd:
         79:b9:e5:d4:dd:32:4d:9d:8d:c4:d9:b1:5a:e9:98:05:0a:4e:
         1c:f0:27:29:6f:e4:db:89:fa:5a:e4:4a:5d:6a:36:11:fc:b1:
         6d:17:47:3c
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUePU8tD7T0pO7D9fyoWEwTY5zJW0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTRaFw0yNDEyMDMwMjQ0MTRaMDMxMTAvBgNV
BAMTKDcxMjMzNjk2Rjk3QkM5MDVDQ0QxMzVFOTA3QzQyOUMxNTYxM0QwNkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUrhvNWHQVJEVu31z1YvpwxANP
C0UJO9mohdsy82YjLGD3tIRz9kj6/0Ju1dN33fTmZdVEi1TBS+x0ClVLopekTFYS
z1810rFizwBnrlImYUcMH5a8fBe7cNDXPzocHj5+PnoqavQ1c8xgUbemuX+FxOlN
VvAXwlNJWQmVZT/TBJoGu5xqfbg9NdNE0uIgahN8hFmUOT1OR4gGYKjenTSWJneS
X/Jop+xGjEIwhoIQI+3x95awNDUmxpXwIy6dl9zDtUJsKWGyLnJZlzztK4cjJhxv
l8jFbNzwrs6U1vNnPpIZgW1J5FzaSDq6Eoxx6kjPyM76bc28kNQfNwJLRTWDAgMB
AAGjggIEMIICADAdBgNVHQ4EFgQUcSM2lvl7yQXM0TXpB8QpwVYT0G0wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA4MjIzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcAKgagBQTeAwcEKgagBQdwAwcEKgagBQiQMA0GCSqG
SIb3DQEBCwUAA4IBAQCLOvNosNR5pk/38FQqcAfLpds3CFKKJQ8Q8K+nsolF89Mb
FLDPwCB+/XKd4hpbDknJCLyz1H5xJjSL40iLdvEF8FIpCjNlMK3kpPuempSs69kV
SaN0Kx8bUjC0w7PoBzvHHRnVwJP4Es/UvNeSLiPMKCT1f3dbTo04HXzC4YX5Sa1D
3PvNl2NBVpn9X8ZTnAbybt1xFlC/ZhCtoIFCoH4zgiQ5EGm1ubL5NAMu2e/RxDde
MuRcZR1NJCFX16seFCbtzkaD+IYGcv8SSA3CShON+ShqrwJWNP15ueXU3TJNnY3E
2bFa6ZgFCk4c8Ccpb+Tbifpa5EpdajYR/LFtF0c8
-----END CERTIFICATE-----