Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS393577.roa
File:                     AS393577.roa (raw, json)
Hash identifier:          I0Kmn7400RQzL20Bt2jOOa4aauh6+bqESdsr6WCH6L0=
Subject key identifier:   0A:24:EE:DC:E9:22:97:0A:BD:58:A6:39:25:C4:B2:6D:21:38:A3:53
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       32D4B289209C035ADC3CE493436F1C9A32EA974F
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS393577.roa
Signing time:             Thu 25 Jan 2024 07:44:24 +0000
ROA not before:           Thu 25 Jan 2024 07:39:24 +0000
ROA not after:            Thu 23 Jan 2025 07:44:24 +0000
asID:                     393577
IP address blocks:        2a06:a005:15d8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:d4:b2:89:20:9c:03:5a:dc:3c:e4:93:43:6f:1c:9a:32:ea:97:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan 25 07:39:24 2024 GMT
            Not After : Jan 23 07:44:24 2025 GMT
        Subject: CN=0A24EEDCE922970ABD58A63925C4B26D2138A353
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7b:de:2e:8d:6f:c0:ec:2f:35:17:a1:7e:bf:
                    a2:3c:aa:d0:89:c7:39:d6:a1:a9:b9:df:09:a0:1a:
                    82:80:13:86:2d:1f:c6:e4:0a:98:8b:7e:37:8e:07:
                    b1:d2:17:f2:9d:17:1f:a1:56:2b:f8:5c:74:e3:68:
                    17:ec:40:56:84:9d:90:0a:fe:3e:3b:8a:7c:0d:b6:
                    90:d2:30:3c:c5:2b:e7:8b:60:04:6e:19:45:3c:da:
                    02:c4:1f:19:4b:fe:b9:36:46:3c:d5:68:57:0b:af:
                    3f:fb:bc:06:c6:b4:b0:ce:fe:bc:f4:5a:2e:ec:8a:
                    56:2e:64:34:f1:ff:25:23:89:63:e3:2f:0f:9b:6c:
                    f1:62:c3:ee:3d:bb:8c:45:86:00:13:06:43:92:75:
                    38:b4:d2:10:2c:71:52:23:70:5d:a4:3b:49:b3:81:
                    d6:01:8c:63:e5:72:28:5e:87:3a:77:2b:f7:58:6b:
                    db:a3:aa:ea:38:e6:c0:72:27:16:08:d6:fa:ef:63:
                    3d:92:80:94:05:66:bf:1e:e1:47:b7:09:86:de:ad:
                    cc:8f:3c:01:5d:97:70:4e:93:3b:50:87:28:f3:2e:
                    93:56:72:7e:79:18:dd:68:79:33:ef:a7:6e:0d:47:
                    5f:52:95:0b:47:26:0e:23:d0:9b:3e:8d:e4:f8:f5:
                    20:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:24:EE:DC:E9:22:97:0A:BD:58:A6:39:25:C4:B2:6D:21:38:A3:53
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS393577.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:15d8::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:42:3b:5b:d6:af:93:d7:8b:49:a1:48:a9:a1:f4:35:d8:f8:
         c0:8b:9f:5c:9e:8a:cd:42:25:19:4c:15:eb:60:d8:57:46:6f:
         6d:d4:2f:ee:a1:45:84:f7:c8:db:d4:df:48:3b:93:31:ac:7b:
         7c:60:ef:b5:e9:af:73:6b:af:a6:b8:59:59:09:c1:3f:46:04:
         32:a9:10:34:ed:fe:cb:9a:df:8c:60:c0:47:7c:39:fe:51:06:
         16:98:0f:61:5a:14:25:b5:b6:d8:ef:71:5b:1b:ee:f9:3b:8d:
         ff:45:ad:18:50:85:84:5c:68:71:cf:36:ab:a1:55:5d:33:90:
         68:8b:f6:7f:88:b3:d0:82:eb:9b:50:17:89:04:fd:ff:76:9d:
         7f:67:2c:2b:b0:3a:b5:6b:0c:bc:a1:3e:bd:1f:b9:d6:a6:43:
         22:43:3a:46:f8:8e:49:c0:55:e4:f7:ac:dc:57:a0:f3:9b:84:
         57:b8:5a:3f:d6:97:a2:fb:c7:25:e1:e0:d9:37:38:8f:6c:56:
         84:71:a8:21:a5:1f:67:ca:ce:30:b4:19:60:ec:6c:17:ae:a9:
         b0:be:1d:bf:79:c2:39:96:ca:87:b8:53:53:8f:30:a1:42:34:
         96:db:0b:b8:2a:e4:04:17:1f:2e:ff:c2:e1:ef:59:e4:63:71:
         3f:61:18:fd
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUMtSyiSCcA1rcPOSTQ28cmjLql08wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMjUwNzM5MjRaFw0yNTAxMjMwNzQ0MjRaMDMxMTAvBgNV
BAMTKDBBMjRFRURDRTkyMjk3MEFCRDU4QTYzOTI1QzRCMjZEMjEzOEEzNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCre94ujW/A7C81F6F+v6I8qtCJ
xznWoam53wmgGoKAE4YtH8bkCpiLfjeOB7HSF/KdFx+hViv4XHTjaBfsQFaEnZAK
/j47inwNtpDSMDzFK+eLYARuGUU82gLEHxlL/rk2RjzVaFcLrz/7vAbGtLDO/rz0
Wi7silYuZDTx/yUjiWPjLw+bbPFiw+49u4xFhgATBkOSdTi00hAscVIjcF2kO0mz
gdYBjGPlcihehzp3K/dYa9ujquo45sByJxYI1vrvYz2SgJQFZr8e4Ue3CYbercyP
PAFdl3BOkztQhyjzLpNWcn55GN1oeTPvp24NR19SlQtHJg4j0Js+jeT49SCrAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUCiTu3Okilwq9WKY5JcSybSE4o1MwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MzkzNTc3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBRXYMA0GCSqGSIb3DQEBCwUAA4IBAQC3Qjtb
1q+T14tJoUipofQ12PjAi59cnorNQiUZTBXrYNhXRm9t1C/uoUWE98jb1N9IO5Mx
rHt8YO+16a9za6+muFlZCcE/RgQyqRA07f7Lmt+MYMBHfDn+UQYWmA9hWhQltbbY
73FbG+75O43/Ra0YUIWEXGhxzzaroVVdM5Boi/Z/iLPQguubUBeJBP3/dp1/Zywr
sDq1awy8oT69H7nWpkMiQzpG+I5JwFXk96zcV6Dzm4RXuFo/1pei+8cl4eDZNziP
bFaEcaghpR9nys4wtBlg7GwXrqmwvh2/ecI5lsqHuFNTjzChQjSW2wu4KuQEFx8u
/8Lh71nkY3E/YRj9
-----END CERTIFICATE-----