Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS53667.roa
File:                     AS53667.roa (raw, json)
Hash identifier:          cav+4W49hVFt7aPK2BRBDQubfVnhR6FqSVWCxY/y5RE=
Subject key identifier:   39:65:38:76:BE:51:9E:52:93:59:06:13:B9:BB:6C:F4:DD:BA:B3:C8
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       74E22D30CA5D6F1B2AC76CAD4A899F2BF34C96D5
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS53667.roa
Signing time:             Tue 16 Apr 2024 12:44:24 +0000
ROA not before:           Tue 16 Apr 2024 12:39:24 +0000
ROA not after:            Tue 15 Apr 2025 12:44:24 +0000
asID:                     53667
IP address blocks:        2a06:a001:a0e0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:e2:2d:30:ca:5d:6f:1b:2a:c7:6c:ad:4a:89:9f:2b:f3:4c:96:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Apr 16 12:39:24 2024 GMT
            Not After : Apr 15 12:44:24 2025 GMT
        Subject: CN=39653876BE519E5293590613B9BB6CF4DDBAB3C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d7:ea:a7:03:a6:f4:e0:97:f6:b5:87:5c:3d:
                    17:57:5f:a2:de:76:d6:68:55:9a:f5:cf:bc:0e:05:
                    8b:53:75:96:58:a9:55:a6:18:4e:9a:36:d2:6c:15:
                    b5:88:c0:a3:ae:2d:89:81:c6:94:61:03:d8:44:72:
                    79:e2:fe:7a:76:1d:91:22:42:b9:c9:a7:5c:a5:f6:
                    c7:9a:fe:59:d1:d1:13:4c:58:ac:55:d2:d2:40:6a:
                    ec:a8:91:7d:10:d0:dd:e5:8e:ef:d0:0f:31:8b:ec:
                    09:af:4a:80:f9:5c:41:2e:0a:11:f6:e4:6e:70:3e:
                    3b:ac:6f:c2:2a:00:1a:12:10:50:c9:07:3d:52:36:
                    70:0b:b3:31:00:8b:8a:9e:17:9d:ef:80:3b:1a:6f:
                    be:76:43:60:59:4f:7b:ad:4d:b9:47:cf:bd:a1:b6:
                    2b:dd:24:75:6a:64:94:4d:0a:4f:87:bd:3e:32:0b:
                    c9:e8:63:fd:05:ef:e8:63:c7:7a:f7:39:45:cc:60:
                    86:96:29:41:da:e5:3c:24:b6:8e:38:c0:4c:91:6e:
                    0a:9f:7e:c9:91:6f:8a:ea:58:61:ba:7e:c0:14:d0:
                    50:c3:c6:b7:31:ad:ed:14:f0:26:b5:99:1f:cf:7d:
                    66:45:c9:31:a0:0d:2c:d7:7b:97:ea:de:2f:88:ba:
                    14:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:65:38:76:BE:51:9E:52:93:59:06:13:B9:BB:6C:F4:DD:BA:B3:C8
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS53667.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a001:a0e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         72:c3:4f:fe:88:9a:6f:de:3a:67:e8:9b:2e:95:e5:5f:2a:83:
         6c:d1:d1:9c:09:36:2c:ef:2a:fd:01:31:24:a6:7e:86:41:3b:
         87:8f:99:f7:3d:be:6d:9a:93:9a:1c:32:86:ff:1a:ea:84:dd:
         b5:5a:45:68:b5:6a:6b:c7:37:47:b9:8b:b3:d6:9b:ed:20:33:
         cb:51:ed:f0:16:86:c2:40:cb:a0:ab:62:38:5c:6b:9c:27:37:
         32:50:21:aa:d0:3d:02:cb:33:a2:a1:de:e8:db:5d:04:e4:99:
         d3:24:fd:3f:a9:e6:64:13:cf:76:6b:e3:42:8d:b2:37:2d:b3:
         5b:bd:1d:2c:6d:db:8e:a3:7a:c4:70:25:12:f5:06:e2:90:e7:
         b0:6c:64:53:04:10:34:64:a4:e3:ef:f9:58:32:b6:7e:30:55:
         d6:56:68:63:77:af:87:cd:38:90:da:75:0f:a2:6c:d7:41:28:
         29:96:83:00:07:66:9b:7b:04:b2:57:bf:4e:4e:ac:1b:6e:79:
         bc:48:7f:92:41:bd:74:3c:ac:1f:92:88:b1:82:7d:ce:37:4f:
         90:71:d9:7b:ab:5b:76:62:69:f1:e0:af:3b:51:e9:46:33:5d:
         0c:6d:e5:6a:96:b0:c8:fb:55:d3:58:8c:1a:32:4d:9f:7e:6e:
         45:a2:e7:b9
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUdOItMMpdbxsqx2ytSomfK/NMltUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA0MTYxMjM5MjRaFw0yNTA0MTUxMjQ0MjRaMDMxMTAvBgNV
BAMTKDM5NjUzODc2QkU1MTlFNTI5MzU5MDYxM0I5QkI2Q0Y0RERCQUIzQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG1+qnA6b04Jf2tYdcPRdXX6Le
dtZoVZr1z7wOBYtTdZZYqVWmGE6aNtJsFbWIwKOuLYmBxpRhA9hEcnni/np2HZEi
QrnJp1yl9sea/lnR0RNMWKxV0tJAauyokX0Q0N3lju/QDzGL7AmvSoD5XEEuChH2
5G5wPjusb8IqABoSEFDJBz1SNnALszEAi4qeF53vgDsab752Q2BZT3utTblHz72h
tivdJHVqZJRNCk+HvT4yC8noY/0F7+hjx3r3OUXMYIaWKUHa5Twkto44wEyRbgqf
fsmRb4rqWGG6fsAU0FDDxrcxre0U8Ca1mR/PfWZFyTGgDSzXe5fq3i+IuhQHAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUOWU4dr5RnlKTWQYTubts9N26s8gwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
NTM2Njcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwQqBqABoOAwDQYJKoZIhvcNAQELBQADggEBAHLDT/6I
mm/eOmfomy6V5V8qg2zR0ZwJNizvKv0BMSSmfoZBO4ePmfc9vm2ak5ocMob/GuqE
3bVaRWi1amvHN0e5i7PWm+0gM8tR7fAWhsJAy6CrYjhca5wnNzJQIarQPQLLM6Kh
3ujbXQTkmdMk/T+p5mQTz3Zr40KNsjcts1u9HSxt246jesRwJRL1BuKQ57BsZFME
EDRkpOPv+Vgytn4wVdZWaGN3r4fNOJDadQ+ibNdBKCmWgwAHZpt7BLJXv05OrBtu
ebxIf5JBvXQ8rB+SiLGCfc43T5Bx2XurW3ZiafHgrztR6UYzXQxt5WqWsMj7VdNY
jBoyTZ9+bkWi57k=
-----END CERTIFICATE-----