Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS54148.roa
File:                     AS54148.roa (raw, json)
Hash identifier:          OFbVIXawiuQIJDLN9zDoqyC/mlIodoICcrpv82i2MII=
Subject key identifier:   2E:C6:A1:76:C5:0A:BD:B8:4B:B2:DB:65:9A:48:F5:E5:36:95:E1:C3
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       58BA572A64CE3120A5761FC48276C08C0CD84ABB
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS54148.roa
Signing time:             Tue 04 Jun 2024 03:39:14 +0000
ROA not before:           Tue 04 Jun 2024 03:34:14 +0000
ROA not after:            Tue 03 Jun 2025 03:39:14 +0000
asID:                     54148
IP address blocks:        2a06:a005:2720::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 02:53:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:ba:57:2a:64:ce:31:20:a5:76:1f:c4:82:76:c0:8c:0c:d8:4a:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jun  4 03:34:14 2024 GMT
            Not After : Jun  3 03:39:14 2025 GMT
        Subject: CN=2EC6A176C50ABDB84BB2DB659A48F5E53695E1C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:bf:35:e5:5a:e6:83:2c:38:aa:f6:d6:5e:0e:
                    9c:77:9b:ce:f8:68:5b:39:dc:97:93:73:74:59:ed:
                    e5:cc:c6:03:60:43:d6:b1:a7:0e:5b:1d:8e:99:2d:
                    84:7a:f6:b4:45:f4:53:a0:1f:cc:e5:b6:b7:c4:cc:
                    77:0d:60:15:38:34:dd:e5:4a:e1:13:ca:f5:c8:63:
                    0f:39:69:32:78:5e:70:84:96:46:a0:b6:a4:ff:26:
                    9c:75:4c:ae:b2:b0:64:74:01:ef:ea:3c:ad:0b:8f:
                    2b:c3:15:df:c1:87:c0:86:6e:21:1e:0a:cd:d0:c8:
                    30:a2:c0:00:66:66:28:ce:a2:68:10:09:eb:f7:03:
                    db:fd:94:c3:65:b4:0f:d9:aa:9e:b6:73:ec:91:04:
                    00:8a:64:9b:80:38:ce:5e:99:a5:df:23:b3:d9:7e:
                    d0:4a:9a:ae:59:82:da:dc:11:73:ba:74:6b:5a:30:
                    10:18:44:60:e9:ba:4c:dd:78:4b:7a:10:91:fc:ab:
                    9f:ed:54:cd:b0:cc:c8:61:b7:52:50:13:b7:76:3d:
                    2e:8f:89:ae:5f:3a:98:7f:9e:34:70:c6:04:2d:94:
                    a3:3d:86:73:d3:93:74:9e:fa:5b:f8:ee:b5:7d:2c:
                    00:ca:92:7e:cf:2a:79:7b:a4:4f:84:1a:dd:33:56:
                    4d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:C6:A1:76:C5:0A:BD:B8:4B:B2:DB:65:9A:48:F5:E5:36:95:E1:C3
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS54148.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2720::/44

    Signature Algorithm: sha256WithRSAEncryption
         cd:14:72:c8:01:f1:cd:1d:c1:64:02:a9:87:a1:d0:89:6e:20:
         66:b0:1a:a6:8b:77:af:9e:b5:36:68:d2:1b:a5:a9:8b:45:47:
         2b:e4:01:0f:63:d1:b7:d7:92:8e:9a:1d:ea:0b:0a:b6:b4:f5:
         2c:d3:43:80:ec:31:57:45:84:fe:c2:e2:1a:0b:a4:da:2e:15:
         88:18:84:df:ba:12:81:68:60:65:d7:b4:f7:a9:1d:55:f8:3d:
         5d:2c:03:17:11:7f:ec:c5:99:d6:96:cc:8c:88:a4:7d:28:3f:
         b4:27:ac:fe:d6:41:89:00:67:76:ef:54:d0:a6:3f:80:0c:50:
         5b:b7:3c:8c:f0:81:d8:93:57:8d:20:a1:97:be:e4:aa:02:41:
         db:6a:72:a3:3d:30:ce:6a:c9:92:aa:0f:5a:1c:e7:66:e1:e1:
         b4:e9:b4:1d:c8:db:71:f6:63:0b:30:29:fe:65:81:13:e4:58:
         25:db:3b:50:3e:c4:bb:cb:91:5d:87:8e:04:92:06:c6:09:d1:
         f2:46:d5:7c:33:5a:47:7b:6f:10:7e:18:26:b0:06:c9:0d:8f:
         90:ee:fc:d5:09:10:01:c9:06:39:d6:bd:41:46:ee:f5:28:13:
         3a:b0:fd:79:32:2d:7c:5f:a3:d7:4f:7d:85:16:d4:b9:52:da:
         82:35:51:e6
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUWLpXKmTOMSCldh/EgnbAjAzYSrswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA2MDQwMzM0MTRaFw0yNTA2MDMwMzM5MTRaMDMxMTAvBgNV
BAMTKDJFQzZBMTc2QzUwQUJEQjg0QkIyREI2NTlBNDhGNUU1MzY5NUUxQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlvzXlWuaDLDiq9tZeDpx3m874
aFs53JeTc3RZ7eXMxgNgQ9axpw5bHY6ZLYR69rRF9FOgH8zltrfEzHcNYBU4NN3l
SuETyvXIYw85aTJ4XnCElkagtqT/Jpx1TK6ysGR0Ae/qPK0LjyvDFd/Bh8CGbiEe
Cs3QyDCiwABmZijOomgQCev3A9v9lMNltA/Zqp62c+yRBACKZJuAOM5emaXfI7PZ
ftBKmq5ZgtrcEXO6dGtaMBAYRGDpukzdeEt6EJH8q5/tVM2wzMhht1JQE7d2PS6P
ia5fOph/njRwxgQtlKM9hnPTk3Se+lv47rV9LADKkn7PKnl7pE+EGt0zVk3JAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQULsahdsUKvbhLsttlmkj15TaV4cMwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
NTQxNDgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwQqBqAFJyAwDQYJKoZIhvcNAQELBQADggEBAM0UcsgB
8c0dwWQCqYeh0IluIGawGqaLd6+etTZo0hulqYtFRyvkAQ9j0bfXko6aHeoLCra0
9SzTQ4DsMVdFhP7C4hoLpNouFYgYhN+6EoFoYGXXtPepHVX4PV0sAxcRf+zFmdaW
zIyIpH0oP7QnrP7WQYkAZ3bvVNCmP4AMUFu3PIzwgdiTV40goZe+5KoCQdtqcqM9
MM5qyZKqD1oc52bh4bTptB3I23H2YwswKf5lgRPkWCXbO1A+xLvLkV2HjgSSBsYJ
0fJG1XwzWkd7bxB+GCawBskNj5Du/NUJEAHJBjnWvUFG7vUoEzqw/XkyLXxfo9dP
fYUW1LlS2oI1UeY=
-----END CERTIFICATE-----