Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS47689.roa
File:                     AS47689.roa (raw, json)
Hash identifier:          mjhEtzwRQ6TB4w6FDPjlYcu4v93hu9pLrejmDNBrhpE=
Subject key identifier:   C0:C0:A2:85:7E:6D:35:BF:FB:91:07:DC:B9:5C:40:2E:3D:DA:31:8F
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       3BCDEB3A3B405B856754CDCD60452273EF9671BF
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS47689.roa
Signing time:             Tue 05 Dec 2023 02:44:13 +0000
ROA not before:           Tue 05 Dec 2023 02:39:13 +0000
ROA not after:            Tue 03 Dec 2024 02:44:13 +0000
asID:                     47689
IP address blocks:        2a06:a005:a18::/45 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Apr 2024 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:cd:eb:3a:3b:40:5b:85:67:54:cd:cd:60:45:22:73:ef:96:71:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:13 2023 GMT
            Not After : Dec  3 02:44:13 2024 GMT
        Subject: CN=C0C0A2857E6D35BFFB9107DCB95C402E3DDA318F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8e:ce:d9:89:e1:e4:c4:31:c7:63:e0:65:92:
                    f6:f4:e3:a5:37:db:b5:d5:31:e8:99:5f:cc:74:95:
                    d4:11:94:dd:ce:e3:96:4a:dc:9d:f8:60:be:5c:32:
                    29:2a:ec:b6:8f:a5:c1:36:37:43:95:90:a6:27:20:
                    58:64:24:be:22:ba:54:de:1f:79:4b:c7:24:de:a6:
                    78:c0:ed:cc:a0:8b:e9:fe:7d:b9:4e:21:c0:e8:1c:
                    ed:1d:5e:b7:f1:00:ce:44:68:38:ad:9c:47:4d:6d:
                    99:90:56:93:1a:69:c1:2b:30:44:b9:c5:10:93:85:
                    9f:81:b5:e1:94:97:17:bf:64:a3:d4:0d:f9:ef:8a:
                    8d:a5:89:3e:9f:20:6f:42:e5:1a:14:46:45:38:a4:
                    1e:0c:85:4f:db:1e:75:a0:44:1d:b2:bc:ef:39:01:
                    ca:56:19:fb:d1:84:ae:a9:2a:2a:ca:de:bd:0d:2c:
                    1a:a5:ec:1c:9f:a2:43:77:50:6c:7e:88:fb:ac:48:
                    90:22:6a:86:1f:56:0a:f9:a4:74:14:01:cf:4a:ce:
                    bc:e8:05:bb:b6:71:2b:40:9f:a1:cd:f0:02:cb:b2:
                    36:19:ea:ba:8c:f3:44:2d:27:37:62:15:5e:13:fb:
                    fb:7f:1f:97:6f:45:71:53:6e:12:65:5a:6b:5d:b3:
                    c2:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:C0:A2:85:7E:6D:35:BF:FB:91:07:DC:B9:5C:40:2E:3D:DA:31:8F
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS47689.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:a18::/45

    Signature Algorithm: sha256WithRSAEncryption
         73:2e:57:20:31:3c:64:d9:95:78:23:3a:a7:17:b8:a6:85:22:
         72:90:30:1e:16:77:69:f8:08:b7:7f:d0:90:f2:d5:af:46:ed:
         ec:a6:48:38:03:2e:5b:9b:17:52:15:11:96:33:0f:ff:25:07:
         04:53:60:7b:ee:af:02:50:e6:e2:41:38:80:79:72:54:43:49:
         8d:ea:6e:53:2e:f2:e3:7c:df:d9:53:ae:19:04:38:fa:2a:43:
         6f:8d:d0:8d:a2:8c:e0:66:39:b1:90:73:e0:7e:d5:35:91:b9:
         6a:a1:63:f2:b3:e4:bb:92:6c:94:62:9b:3f:5a:31:95:d8:80:
         da:2c:82:06:94:9a:be:f9:c4:ef:22:fb:34:24:6f:7e:30:8f:
         23:ac:3d:72:f2:51:94:f0:ac:91:3a:c2:88:e5:62:9d:e6:cd:
         f0:39:d5:ce:f5:cf:f0:fb:0f:ee:2e:a8:45:05:a5:94:02:fb:
         11:07:ae:01:a1:4f:d2:c9:71:fd:27:92:d1:06:a6:2b:16:41:
         c8:16:d8:b4:cb:2e:f4:c3:1d:78:a9:38:90:2e:46:4e:d4:72:
         6a:92:c2:f8:e5:d9:fb:56:1a:fa:94:ea:77:28:a2:17:58:62:
         86:c4:b0:a7:0f:8d:be:e5:3b:a5:9a:f1:de:69:c7:e8:aa:49:
         f9:78:92:5d
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUO83rOjtAW4VnVM3NYEUic++Wcb8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTNaFw0yNDEyMDMwMjQ0MTNaMDMxMTAvBgNV
BAMTKEMwQzBBMjg1N0U2RDM1QkZGQjkxMDdEQ0I5NUM0MDJFM0REQTMxOEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbjs7ZieHkxDHHY+Blkvb046U3
27XVMeiZX8x0ldQRlN3O45ZK3J34YL5cMikq7LaPpcE2N0OVkKYnIFhkJL4iulTe
H3lLxyTepnjA7cygi+n+fblOIcDoHO0dXrfxAM5EaDitnEdNbZmQVpMaacErMES5
xRCThZ+BteGUlxe/ZKPUDfnvio2liT6fIG9C5RoURkU4pB4MhU/bHnWgRB2yvO85
AcpWGfvRhK6pKirK3r0NLBql7ByfokN3UGx+iPusSJAiaoYfVgr5pHQUAc9Kzrzo
Bbu2cStAn6HN8ALLsjYZ6rqM80QtJzdiFV4T+/t/H5dvRXFTbhJlWmtds8KFAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUwMCihX5tNb/7kQfcuVxALj3aMY8wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
NDc2ODkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwMqBqAFChgwDQYJKoZIhvcNAQELBQADggEBAHMuVyAx
PGTZlXgjOqcXuKaFInKQMB4Wd2n4CLd/0JDy1a9G7eymSDgDLlubF1IVEZYzD/8l
BwRTYHvurwJQ5uJBOIB5clRDSY3qblMu8uN839lTrhkEOPoqQ2+N0I2ijOBmObGQ
c+B+1TWRuWqhY/Kz5LuSbJRimz9aMZXYgNosggaUmr75xO8i+zQkb34wjyOsPXLy
UZTwrJE6wojlYp3mzfA51c71z/D7D+4uqEUFpZQC+xEHrgGhT9LJcf0nktEGpisW
QcgW2LTLLvTDHXipOJAuRk7UcmqSwvjl2ftWGvqU6ncoohdYYobEsKcPjb7lO6Wa
8d5px+iqSfl4kl0=
-----END CERTIFICATE-----