Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS38254.roa
File:                     AS38254.roa (raw, json)
Hash identifier:          KTU7TJOHzHYxjqMoK6atZFiO+9yuuFss/WiGoN4RwAg=
Subject key identifier:   49:E3:23:81:33:5E:C9:75:CA:72:BE:8C:59:8C:5A:F0:2D:BE:77:3F
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       23ED1AF9FC37627435F59F0DD63E734DAC4962BF
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS38254.roa
Signing time:             Tue 05 Dec 2023 02:44:10 +0000
ROA not before:           Tue 05 Dec 2023 02:39:10 +0000
ROA not after:            Tue 03 Dec 2024 02:44:10 +0000
asID:                     38254
IP address blocks:        2a06:a005:160::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:ed:1a:f9:fc:37:62:74:35:f5:9f:0d:d6:3e:73:4d:ac:49:62:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:10 2023 GMT
            Not After : Dec  3 02:44:10 2024 GMT
        Subject: CN=49E32381335EC975CA72BE8C598C5AF02DBE773F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:74:72:ec:5d:5b:df:8a:47:06:92:6e:4a:18:
                    96:b8:b9:6a:fb:4f:65:2b:91:cb:5d:38:14:1f:ec:
                    3e:f6:dd:3c:79:01:e8:c6:b2:28:91:87:34:b3:68:
                    0f:44:85:a6:3a:79:b9:32:d1:dc:9e:d1:2e:e2:22:
                    40:29:d5:cf:20:ef:b2:f1:57:77:69:ee:8d:ab:ca:
                    f1:02:20:42:52:97:46:4a:d5:6e:87:d1:b3:b1:92:
                    d1:0d:66:d3:d0:e6:25:16:5d:cb:a3:1b:9f:b9:52:
                    e4:ed:df:da:49:16:2c:ec:d2:b7:53:7c:d4:c2:fe:
                    ae:d1:6a:55:d1:39:86:20:4b:f1:2e:68:fe:5f:79:
                    3b:f4:ec:dd:13:29:13:0b:1d:b0:61:33:28:29:fe:
                    74:74:ac:45:b1:71:aa:c8:21:d4:51:ae:9c:e8:24:
                    c7:60:1d:96:84:e7:04:62:d4:ce:44:c4:d1:ab:2d:
                    a1:8d:74:65:eb:e7:86:68:4a:dd:f6:2b:5c:85:2c:
                    6b:b2:7c:e4:20:a8:c3:77:ca:b8:2a:81:f4:5f:56:
                    f9:67:a5:2f:76:c7:3b:45:56:4e:b9:12:7d:56:90:
                    29:61:1d:85:38:2b:02:20:c1:b9:fc:0c:be:3d:ae:
                    45:19:e5:bc:9c:8b:16:fb:d0:19:73:ad:85:9d:c8:
                    d0:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:E3:23:81:33:5E:C9:75:CA:72:BE:8C:59:8C:5A:F0:2D:BE:77:3F
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS38254.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:160::/44

    Signature Algorithm: sha256WithRSAEncryption
         b5:58:d2:a6:4d:04:40:a8:07:c4:9c:46:48:b7:18:e4:c6:aa:
         f1:68:0a:c3:60:2d:04:80:37:d9:20:b9:ad:94:e7:79:ca:fd:
         46:1d:a6:cf:87:f2:c0:1e:1e:39:5f:fd:dd:32:bd:c2:ae:f1:
         63:bc:c7:50:b9:c0:29:67:2e:a9:03:ad:b6:60:04:a6:f4:c1:
         01:ea:e1:d1:82:d7:b2:ee:89:b4:85:f1:c2:84:c9:79:29:f5:
         28:69:01:97:01:5b:96:21:ed:79:e7:f7:b5:25:66:8c:20:52:
         63:b6:1f:fc:e0:5f:28:75:54:5d:09:aa:74:62:07:ab:86:50:
         8e:82:84:93:79:dd:d1:49:12:97:3b:df:f9:ab:94:e5:a1:ae:
         08:58:d6:0d:f4:f3:e3:3e:d1:4e:47:74:1f:dc:d9:ee:34:a1:
         0e:06:8a:57:b4:5c:3d:7d:25:4a:e2:78:d6:86:02:1f:ab:f2:
         4f:46:0d:83:2d:58:98:fd:a7:5f:d3:66:3b:04:97:bc:9c:a6:
         6d:68:8f:44:6c:27:b0:ff:18:65:9a:32:07:8f:49:9d:ec:e9:
         2a:0b:da:79:b7:d8:0f:0e:2d:d1:fe:c1:e4:68:2b:61:67:1a:
         dd:89:d8:9c:e6:b5:a1:52:db:e2:64:ad:30:90:34:7b:c7:7e:
         43:ae:ef:a0
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUI+0a+fw3YnQ19Z8N1j5zTaxJYr8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTBaFw0yNDEyMDMwMjQ0MTBaMDMxMTAvBgNV
BAMTKDQ5RTMyMzgxMzM1RUM5NzVDQTcyQkU4QzU5OEM1QUYwMkRCRTc3M0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcdHLsXVvfikcGkm5KGJa4uWr7
T2UrkctdOBQf7D723Tx5AejGsiiRhzSzaA9EhaY6ebky0dye0S7iIkAp1c8g77Lx
V3dp7o2ryvECIEJSl0ZK1W6H0bOxktENZtPQ5iUWXcujG5+5UuTt39pJFizs0rdT
fNTC/q7RalXROYYgS/EuaP5feTv07N0TKRMLHbBhMygp/nR0rEWxcarIIdRRrpzo
JMdgHZaE5wRi1M5ExNGrLaGNdGXr54ZoSt32K1yFLGuyfOQgqMN3yrgqgfRfVvln
pS92xztFVk65En1WkClhHYU4KwIgwbn8DL49rkUZ5bycixb70BlzrYWdyNDjAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUSeMjgTNeyXXKcr6MWYxa8C2+dz8wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MzgyNTQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwQqBqAFAWAwDQYJKoZIhvcNAQELBQADggEBALVY0qZN
BECoB8ScRki3GOTGqvFoCsNgLQSAN9kgua2U53nK/UYdps+H8sAeHjlf/d0yvcKu
8WO8x1C5wClnLqkDrbZgBKb0wQHq4dGC17LuibSF8cKEyXkp9ShpAZcBW5Yh7Xnn
97UlZowgUmO2H/zgXyh1VF0JqnRiB6uGUI6ChJN53dFJEpc73/mrlOWhrghY1g30
8+M+0U5HdB/c2e40oQ4Gile0XD19JUrieNaGAh+r8k9GDYMtWJj9p1/TZjsEl7yc
pm1oj0RsJ7D/GGWaMgePSZ3s6SoL2nm32A8OLdH+weRoK2FnGt2J2JzmtaFS2+Jk
rTCQNHvHfkOu76A=
-----END CERTIFICATE-----