Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS24676.roa
File:                     AS24676.roa (raw, json)
Hash identifier:          o+T5U1y1Bm08A3FYmRO463IL5SfTHAjcar0jnh6NaoQ=
Subject key identifier:   BC:10:0E:99:57:30:EC:32:9B:62:13:FC:52:DF:E9:E1:A3:5C:99:9E
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       52E5B1DCAEBE5476ACA2500F08936D745725B478
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS24676.roa
Signing time:             Tue 05 Dec 2023 02:44:16 +0000
ROA not before:           Tue 05 Dec 2023 02:39:16 +0000
ROA not after:            Tue 03 Dec 2024 02:44:16 +0000
asID:                     24676
IP address blocks:        2a06:a005:19c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:e5:b1:dc:ae:be:54:76:ac:a2:50:0f:08:93:6d:74:57:25:b4:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:16 2023 GMT
            Not After : Dec  3 02:44:16 2024 GMT
        Subject: CN=BC100E995730EC329B6213FC52DFE9E1A35C999E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c4:a7:5e:7f:58:7f:25:c0:ac:55:82:64:65:
                    54:b4:7b:fc:cb:57:97:09:61:cb:d7:0e:cd:15:4a:
                    c6:5c:72:9e:2d:76:dd:9e:44:74:c4:37:ef:7b:bc:
                    64:94:73:e5:58:9f:6a:9d:2d:f4:f0:26:c3:6f:dd:
                    a8:aa:ae:89:f3:80:fb:3f:cc:32:2f:47:5a:05:07:
                    ea:b9:86:6d:9b:ef:ef:0a:e7:49:0b:44:99:de:91:
                    a6:a3:22:7a:62:c5:05:69:1e:cb:c7:cb:3d:a4:8a:
                    16:24:ef:68:a4:fc:70:9f:98:dc:25:37:49:f2:2e:
                    e0:99:69:5d:1d:9c:0f:a1:cb:ac:6e:b2:b9:1b:fa:
                    91:c4:f3:4b:13:c5:6f:db:1e:e2:cd:cc:82:b7:82:
                    c7:dd:37:cb:83:b6:fd:e1:99:b4:c4:47:fb:2b:bd:
                    8a:c9:d3:c1:47:b0:54:56:aa:76:a0:a6:e4:12:08:
                    7a:99:2b:5e:80:35:6b:60:de:42:6a:16:91:93:2c:
                    da:cc:40:0c:c4:f2:a9:dd:a3:7c:08:0c:9d:d6:21:
                    13:5a:f2:03:89:65:4e:05:e8:81:da:0f:fb:1e:06:
                    0f:8f:1c:d4:bf:e5:2a:46:50:1f:1e:b5:51:83:f6:
                    81:d7:c8:8a:a6:d1:a2:7f:ff:4e:4f:da:81:d1:96:
                    1b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:10:0E:99:57:30:EC:32:9B:62:13:FC:52:DF:E9:E1:A3:5C:99:9E
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS24676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:19c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9d:8a:c6:d6:02:18:02:84:9c:7d:07:29:42:aa:28:5d:1b:46:
         99:e9:de:21:25:a8:64:33:11:01:75:06:36:d1:71:d1:d7:11:
         ed:32:50:81:5d:82:55:a5:e3:c6:5e:6e:ce:19:cf:af:c7:4b:
         71:06:4c:7c:c7:4c:e5:c7:13:6b:2f:52:af:1e:51:d1:ed:05:
         39:b0:f1:7d:da:e5:c3:6d:51:0f:b5:4c:0c:27:35:16:7d:3f:
         14:67:db:8b:52:c7:49:7f:a5:42:17:13:1f:cb:cb:7b:e2:8c:
         c4:75:ec:2c:c5:53:c0:a9:49:5e:97:2d:8a:69:20:10:95:94:
         b6:04:62:ca:12:af:2a:04:4a:c4:07:34:16:31:54:bc:bb:21:
         f4:2c:73:58:89:78:80:d0:14:a7:f3:11:5b:40:ed:be:43:f0:
         e2:ac:80:19:96:6b:52:5e:57:3b:7e:09:72:1b:83:2d:ca:b7:
         7b:bf:a1:39:83:4e:12:c3:e6:80:c6:de:18:72:46:2d:61:46:
         6b:1e:2d:3f:53:59:01:0d:27:eb:dd:48:22:3b:0b:79:77:bb:
         79:9d:c4:ae:5f:38:dc:21:e1:fd:0f:61:78:12:e8:fa:61:81:
         d1:6b:4f:2c:2d:84:87:6e:bd:68:23:c7:74:81:ac:41:3e:7d:
         08:16:35:bb
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUUuWx3K6+VHasolAPCJNtdFcltHgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTZaFw0yNDEyMDMwMjQ0MTZaMDMxMTAvBgNV
BAMTKEJDMTAwRTk5NTczMEVDMzI5QjYyMTNGQzUyREZFOUUxQTM1Qzk5OUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoxKdef1h/JcCsVYJkZVS0e/zL
V5cJYcvXDs0VSsZccp4tdt2eRHTEN+97vGSUc+VYn2qdLfTwJsNv3aiqronzgPs/
zDIvR1oFB+q5hm2b7+8K50kLRJnekaajInpixQVpHsvHyz2kihYk72ik/HCfmNwl
N0nyLuCZaV0dnA+hy6xusrkb+pHE80sTxW/bHuLNzIK3gsfdN8uDtv3hmbTER/sr
vYrJ08FHsFRWqnagpuQSCHqZK16ANWtg3kJqFpGTLNrMQAzE8qndo3wIDJ3WIRNa
8gOJZU4F6IHaD/seBg+PHNS/5SpGUB8etVGD9oHXyIqm0aJ//05P2oHRlhs5AgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUvBAOmVcw7DKbYhP8Ut/p4aNcmZ4wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjQ2NzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwQqBqAFGcAwDQYJKoZIhvcNAQELBQADggEBAJ2KxtYC
GAKEnH0HKUKqKF0bRpnp3iElqGQzEQF1BjbRcdHXEe0yUIFdglWl48Zebs4Zz6/H
S3EGTHzHTOXHE2svUq8eUdHtBTmw8X3a5cNtUQ+1TAwnNRZ9PxRn24tSx0l/pUIX
Ex/Ly3vijMR17CzFU8CpSV6XLYppIBCVlLYEYsoSryoESsQHNBYxVLy7IfQsc1iJ
eIDQFKfzEVtA7b5D8OKsgBmWa1JeVzt+CXIbgy3Kt3u/oTmDThLD5oDG3hhyRi1h
RmseLT9TWQENJ+vdSCI7C3l3u3mdxK5fONwh4f0PYXgS6PphgdFrTywthIduvWgj
x3SBrEE+fQgWNbs=
-----END CERTIFICATE-----