Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS44001.roa
File:                     AS44001.roa (raw, json)
Hash identifier:          nDGly8cHHgjVX20mhn0bfSDlz4VBG+XO4c3dwoFHpHg=
Subject key identifier:   C6:DF:93:CA:4E:F9:3A:DE:3D:F6:85:CF:D4:4C:F0:33:61:EE:6C:29
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       7239B928DC53ADC84DB2F5D00D3C4DFD0D95DB0F
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS44001.roa
Signing time:             Tue 05 Nov 2024 03:40:07 +0000
ROA not before:           Tue 05 Nov 2024 03:35:07 +0000
ROA not after:            Tue 04 Nov 2025 03:40:07 +0000
asID:                     44001
IP address blocks:        2a06:a005:13a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:39:b9:28:dc:53:ad:c8:4d:b2:f5:d0:0d:3c:4d:fd:0d:95:db:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:07 2024 GMT
            Not After : Nov  4 03:40:07 2025 GMT
        Subject: CN=C6DF93CA4EF93ADE3DF685CFD44CF03361EE6C29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:3d:b7:93:c1:c7:c4:41:81:ac:07:3a:2e:b0:
                    52:e7:4f:17:31:9e:b1:eb:a1:11:f4:4b:91:f9:78:
                    f1:32:91:5b:c8:5e:65:7c:0c:73:c1:86:52:30:1b:
                    40:34:db:c0:f1:85:4f:e6:94:a0:72:17:43:47:1c:
                    0f:1f:2a:51:31:64:a0:78:17:02:94:15:40:5d:a8:
                    20:68:84:cc:2e:5f:1a:1d:10:a4:0b:64:89:52:b6:
                    8c:7a:06:2b:7b:1e:3a:1a:c9:ec:0e:98:d6:bd:a1:
                    62:0d:e7:7f:69:51:be:82:ea:47:0c:c4:15:75:19:
                    72:ac:c2:fd:08:72:89:17:ed:69:fb:38:22:d6:fa:
                    4f:d5:29:82:ed:c8:3d:87:cd:d3:cf:e2:0d:0c:30:
                    bf:ff:c5:85:ca:79:c1:29:c6:05:ce:dc:6b:37:9d:
                    b3:e9:ea:17:da:66:8a:a9:77:7b:1b:90:a5:cb:98:
                    64:f0:80:14:a7:c8:25:c3:4a:90:14:ff:98:4a:71:
                    db:b5:86:c9:85:c8:46:6a:4c:5a:23:12:14:be:be:
                    bf:8d:35:4f:ed:75:2b:83:c0:86:b8:3c:22:5a:d9:
                    4f:27:3f:73:84:9b:73:d0:54:25:68:46:aa:f5:cc:
                    76:c7:d7:c9:20:61:9e:29:1c:67:0b:db:c8:0f:b8:
                    01:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:DF:93:CA:4E:F9:3A:DE:3D:F6:85:CF:D4:4C:F0:33:61:EE:6C:29
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS44001.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:13a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6c:cd:35:c8:49:5f:a9:24:8d:b7:b0:09:c0:e9:b7:05:55:d9:
         3b:71:d3:9c:eb:09:35:25:27:47:ea:31:bb:06:8e:af:3e:cb:
         fc:f7:c5:2c:23:49:ee:e0:54:54:b4:02:84:ed:d9:40:20:26:
         a7:52:f2:57:32:85:7f:8f:e6:cf:6a:b6:00:1c:24:e5:e6:f5:
         f0:1b:9d:23:88:d9:3f:9f:ac:61:25:5e:06:76:c4:59:23:c4:
         ec:21:44:73:43:1f:b4:67:3c:68:b8:fc:07:8f:92:eb:00:80:
         50:1c:a9:15:a4:2b:02:a0:3f:a0:96:3c:24:30:eb:42:6b:10:
         3c:33:a5:fb:c5:10:60:3a:7e:12:d3:e6:74:8d:24:ae:70:a5:
         46:f4:5d:25:be:cb:3d:e4:fc:02:1e:d4:52:14:a7:97:36:f0:
         f0:41:79:4e:87:dd:37:7e:c4:67:27:aa:0f:9a:50:cc:cd:e6:
         ac:c3:d3:35:72:7e:45:8a:ce:04:29:69:60:33:77:ef:74:00:
         6b:ab:e2:96:0f:90:db:64:bc:eb:38:86:ec:7c:0d:3a:a0:e8:
         90:43:71:42:63:d6:ea:3f:f9:5e:22:84:9d:8f:6f:ac:0f:95:
         85:e4:4d:20:e0:24:c0:36:96:2c:84:77:76:e6:b0:a9:7e:b5:
         02:94:e6:ec
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUcjm5KNxTrchNsvXQDTxN/Q2V2w8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDdaFw0yNTExMDQwMzQwMDdaMDMxMTAvBgNV
BAMTKEM2REY5M0NBNEVGOTNBREUzREY2ODVDRkQ0NENGMDMzNjFFRTZDMjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZPbeTwcfEQYGsBzousFLnTxcx
nrHroRH0S5H5ePEykVvIXmV8DHPBhlIwG0A028DxhU/mlKByF0NHHA8fKlExZKB4
FwKUFUBdqCBohMwuXxodEKQLZIlStox6Bit7HjoayewOmNa9oWIN539pUb6C6kcM
xBV1GXKswv0IcokX7Wn7OCLW+k/VKYLtyD2HzdPP4g0MML//xYXKecEpxgXO3Gs3
nbPp6hfaZoqpd3sbkKXLmGTwgBSnyCXDSpAU/5hKcdu1hsmFyEZqTFojEhS+vr+N
NU/tdSuDwIa4PCJa2U8nP3OEm3PQVCVoRqr1zHbH18kgYZ4pHGcL28gPuAF1AgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUxt+Tyk75Ot499oXP1EzwM2HubCkwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
NDQwMDEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwQqBqAFE6AwDQYJKoZIhvcNAQELBQADggEBAGzNNchJ
X6kkjbewCcDptwVV2Ttx05zrCTUlJ0fqMbsGjq8+y/z3xSwjSe7gVFS0AoTt2UAg
JqdS8lcyhX+P5s9qtgAcJOXm9fAbnSOI2T+frGElXgZ2xFkjxOwhRHNDH7RnPGi4
/AePkusAgFAcqRWkKwKgP6CWPCQw60JrEDwzpfvFEGA6fhLT5nSNJK5wpUb0XSW+
yz3k/AIe1FIUp5c28PBBeU6H3Td+xGcnqg+aUMzN5qzD0zVyfkWKzgQpaWAzd+90
AGur4pYPkNtkvOs4hux8DTqg6JBDcUJj1uo/+V4ihJ2Pb6wPlYXkTSDgJMA2liyE
d3bmsKl+tQKU5uw=
-----END CERTIFICATE-----