Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS58132.roa
File:                     AS58132.roa (raw, json)
Hash identifier:          zJCp6OfFoSIeQon0NM1P7Id4R2HDBHLi+kkoNXrxYGc=
Subject key identifier:   18:D0:09:48:C7:6B:99:C1:38:CA:7B:E9:3D:CE:8B:4A:21:89:B0:41
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       650C89E4A3CE3B2C539E38D30AF0B363CE2C09FB
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS58132.roa
Signing time:             Tue 05 Dec 2023 02:44:14 +0000
ROA not before:           Tue 05 Dec 2023 02:39:14 +0000
ROA not after:            Tue 03 Dec 2024 02:44:14 +0000
asID:                     58132
IP address blocks:        2a06:a005:2d9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:0c:89:e4:a3:ce:3b:2c:53:9e:38:d3:0a:f0:b3:63:ce:2c:09:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:14 2023 GMT
            Not After : Dec  3 02:44:14 2024 GMT
        Subject: CN=18D00948C76B99C138CA7BE93DCE8B4A2189B041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:af:75:b1:e8:31:54:fa:b7:53:39:e8:0d:3a:
                    2e:06:e2:08:85:05:ea:33:ee:42:e2:4e:d5:c2:77:
                    a0:ad:ee:9a:ca:b7:ff:ae:6b:0f:f8:79:0b:d7:3a:
                    ea:42:4c:a4:16:29:1e:5e:44:5a:83:ea:d0:2e:e0:
                    2c:bd:3a:6c:04:7b:56:d1:07:9f:83:fc:6d:40:0e:
                    cb:b2:42:f5:98:3b:b8:d5:4b:20:0e:bd:ae:f9:c5:
                    40:cf:89:77:f6:bd:f8:21:d6:46:cb:53:22:e4:35:
                    01:ea:73:64:ca:e4:25:23:fd:ab:53:03:6b:8b:e2:
                    3b:99:cb:2e:9b:28:84:1a:c6:af:c2:ea:29:8b:42:
                    f3:3a:94:43:ef:53:46:27:66:c4:9c:ab:01:43:a1:
                    ef:26:32:fa:53:c9:11:b8:72:11:fe:ab:f3:49:39:
                    c6:66:e2:ae:b2:ed:77:d4:27:9e:b0:2a:c8:1e:24:
                    d8:4f:db:19:7c:e4:5a:64:a3:82:81:c8:70:32:d0:
                    dc:85:74:f5:e8:f0:c4:69:27:11:23:87:c8:05:8b:
                    86:04:84:58:ca:d2:b8:3c:20:18:c2:29:ab:d0:d9:
                    7f:95:08:95:9a:05:c1:87:d8:88:35:51:83:22:8f:
                    cf:f3:8c:29:31:9f:25:d4:a6:74:1b:90:e5:e9:41:
                    df:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:D0:09:48:C7:6B:99:C1:38:CA:7B:E9:3D:CE:8B:4A:21:89:B0:41
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS58132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2d9::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:12:77:ed:e4:e9:de:28:dd:03:32:1c:5e:2b:cd:4e:3c:f4:
         f8:49:30:72:1f:a6:7e:e1:a0:26:60:ca:44:8e:b8:c0:13:72:
         7e:97:92:ec:38:c7:9b:36:03:ac:ce:ad:b9:88:94:36:c6:20:
         cb:c1:27:16:4a:6e:04:60:29:ba:4b:cb:3c:b8:43:99:e3:65:
         c6:c1:20:13:e6:82:83:2b:1c:8f:2a:56:6b:79:e6:bf:87:b1:
         e9:3d:f0:4d:c3:96:0c:e7:95:42:77:f3:23:2e:b2:6e:9d:83:
         23:12:ed:aa:8b:aa:c1:57:dc:a9:b3:77:34:1c:4b:b1:3e:32:
         3b:7e:ea:63:5c:cb:47:b5:82:ae:ee:30:db:50:8d:7c:e0:d1:
         1d:97:1b:62:ab:9c:4d:41:7f:b3:9b:f3:f2:90:c4:4d:9b:c5:
         21:c9:e7:4f:be:56:2f:48:e8:28:ff:c4:3b:72:4b:7e:e4:07:
         59:72:5b:e6:c5:eb:41:07:3f:8b:1f:76:07:86:74:70:8e:83:
         36:ee:ad:8f:20:5d:05:b5:86:ce:aa:88:c3:e6:d3:a4:b0:3d:
         4b:63:44:c4:3f:6b:66:62:b8:94:c0:2e:69:f4:e3:6d:37:4f:
         2a:12:09:53:20:6d:32:c2:a1:11:ac:82:71:be:4a:b2:bf:87:
         6e:bd:1e:6a
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUZQyJ5KPOOyxTnjjTCvCzY84sCfswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTRaFw0yNDEyMDMwMjQ0MTRaMDMxMTAvBgNV
BAMTKDE4RDAwOTQ4Qzc2Qjk5QzEzOENBN0JFOTNEQ0U4QjRBMjE4OUIwNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5r3Wx6DFU+rdTOegNOi4G4giF
Beoz7kLiTtXCd6Ct7prKt/+uaw/4eQvXOupCTKQWKR5eRFqD6tAu4Cy9OmwEe1bR
B5+D/G1ADsuyQvWYO7jVSyAOva75xUDPiXf2vfgh1kbLUyLkNQHqc2TK5CUj/atT
A2uL4juZyy6bKIQaxq/C6imLQvM6lEPvU0YnZsScqwFDoe8mMvpTyRG4chH+q/NJ
OcZm4q6y7XfUJ56wKsgeJNhP2xl85Fpko4KByHAy0NyFdPXo8MRpJxEjh8gFi4YE
hFjK0rg8IBjCKavQ2X+VCJWaBcGH2Ig1UYMij8/zjCkxnyXUpnQbkOXpQd8xAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUGNAJSMdrmcE4ynvpPc6LSiGJsEEwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
NTgxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwAqBqAFAtkwDQYJKoZIhvcNAQELBQADggEBAKISd+3k
6d4o3QMyHF4rzU489PhJMHIfpn7hoCZgykSOuMATcn6Xkuw4x5s2A6zOrbmIlDbG
IMvBJxZKbgRgKbpLyzy4Q5njZcbBIBPmgoMrHI8qVmt55r+Hsek98E3DlgznlUJ3
8yMusm6dgyMS7aqLqsFX3KmzdzQcS7E+Mjt+6mNcy0e1gq7uMNtQjXzg0R2XG2Kr
nE1Bf7Ob8/KQxE2bxSHJ50++Vi9I6Cj/xDtyS37kB1lyW+bF60EHP4sfdgeGdHCO
gzburY8gXQW1hs6qiMPm06SwPUtjRMQ/a2ZiuJTALmn04203TyoSCVMgbTLCoRGs
gnG+SrK/h269Hmo=
-----END CERTIFICATE-----