Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS8987.roa
File:                     AS8987.roa (raw, json)
Hash identifier:          lScLxIvtwRVBSlWaLoLj02HkcFvtoV00LEJbGofZKYo=
Subject key identifier:   07:FF:D1:58:FE:93:B8:57:E0:7B:B6:69:F2:AF:32:8D:83:60:C1:BC
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       7C3EE37887DA03779D7E998377847180873C3930
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS8987.roa
Signing time:             Sun 22 Sep 2024 03:39:59 +0000
ROA not before:           Sun 22 Sep 2024 03:34:59 +0000
ROA not after:            Sun 21 Sep 2025 03:39:59 +0000
asID:                     8987
IP address blocks:        2a0a:6043::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:3e:e3:78:87:da:03:77:9d:7e:99:83:77:84:71:80:87:3c:39:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Sep 22 03:34:59 2024 GMT
            Not After : Sep 21 03:39:59 2025 GMT
        Subject: CN=07FFD158FE93B857E07BB669F2AF328D8360C1BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:78:97:5b:ef:fe:6f:5f:48:64:6a:9a:19:2d:
                    b6:2f:ae:55:85:eb:18:ce:ed:2e:9e:e2:52:66:8a:
                    c1:7e:ac:af:12:eb:48:97:db:1b:4a:fa:23:4a:da:
                    ba:fe:98:e8:11:a1:7a:f8:43:fd:89:a6:3a:70:0b:
                    96:58:e2:88:d3:44:7b:b6:8a:07:8c:2d:7e:3d:f2:
                    33:68:d7:cb:57:bd:fb:05:9a:0e:fb:a8:93:60:ea:
                    0b:50:a0:85:43:6e:65:74:b7:82:b1:b4:44:78:ee:
                    5a:b0:71:8b:ca:da:af:e3:9d:84:b5:a7:f8:9b:ea:
                    38:5c:40:3f:3a:98:ce:78:ab:fe:7d:8c:aa:27:42:
                    be:f9:2b:b8:3b:1d:7b:c3:8f:d8:fd:83:8b:f8:9c:
                    62:01:11:54:b0:1b:1a:d5:98:13:fb:f5:7f:27:fe:
                    ae:3e:b1:49:42:ab:05:68:19:d7:ba:87:d1:92:5a:
                    21:11:80:2f:d1:78:65:3f:4e:b7:05:13:bf:93:ba:
                    47:e2:7c:b1:01:6f:4e:5e:a4:a8:b3:40:40:86:30:
                    30:eb:4b:08:a3:1e:95:ed:86:3d:17:80:97:97:9d:
                    93:85:37:bc:3e:b1:be:86:24:63:aa:70:d8:77:f2:
                    c5:8e:38:c5:a7:b9:d4:15:0e:04:92:81:29:e5:4e:
                    58:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:FF:D1:58:FE:93:B8:57:E0:7B:B6:69:F2:AF:32:8D:83:60:C1:BC
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS8987.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6043::/40

    Signature Algorithm: sha256WithRSAEncryption
         a8:c4:10:7c:e6:b2:cd:b1:00:3b:1f:6a:d4:56:63:dd:c2:e4:
         8e:5e:3c:3b:67:f5:b3:fd:1a:6c:81:8d:73:41:d4:03:a1:84:
         f1:60:dc:41:46:8d:4c:ba:4d:f4:1d:72:1d:e3:cf:ab:7d:cb:
         5a:47:a3:6a:06:ab:82:ea:96:29:3a:81:1a:7f:e4:36:c2:a9:
         6a:dc:54:1a:df:25:26:38:2a:1f:67:e2:2b:05:30:e7:f6:09:
         a6:e8:32:86:75:ee:07:b0:a9:f7:64:56:64:6c:5c:bb:a5:51:
         4f:82:4c:aa:52:0a:3e:c5:25:40:3a:46:f9:32:d7:46:3a:80:
         43:92:43:3f:2b:40:1a:ea:a3:93:ea:d7:03:97:33:8a:92:9f:
         e8:31:dd:dc:c2:87:5b:d5:45:f0:3a:35:c4:47:09:49:d7:9b:
         42:8e:44:92:9a:7b:4c:ca:6c:9c:44:d5:02:cb:a6:09:8d:05:
         4f:7b:86:cf:4c:aa:81:f3:c2:73:92:16:25:26:ff:b7:8b:4c:
         98:07:ae:f2:9a:a6:db:6d:d8:ff:4c:96:06:d5:61:98:2d:44:
         b3:ec:e8:43:a0:d9:bf:dc:36:ee:0c:18:8d:e6:23:7d:de:63:
         30:9c:1b:1c:14:10:65:18:8e:87:9b:b2:fa:43:01:ba:93:33:
         40:d0:cf:b6
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUfD7jeIfaA3edfpmDd4RxgIc8OTAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA5MjIwMzM0NTlaFw0yNTA5MjEwMzM5NTlaMDMxMTAvBgNV
BAMTKDA3RkZEMTU4RkU5M0I4NTdFMDdCQjY2OUYyQUYzMjhEODM2MEMxQkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqeJdb7/5vX0hkapoZLbYvrlWF
6xjO7S6e4lJmisF+rK8S60iX2xtK+iNK2rr+mOgRoXr4Q/2JpjpwC5ZY4ojTRHu2
igeMLX498jNo18tXvfsFmg77qJNg6gtQoIVDbmV0t4KxtER47lqwcYvK2q/jnYS1
p/ib6jhcQD86mM54q/59jKonQr75K7g7HXvDj9j9g4v4nGIBEVSwGxrVmBP79X8n
/q4+sUlCqwVoGde6h9GSWiERgC/ReGU/TrcFE7+TukfifLEBb05epKizQECGMDDr
SwijHpXthj0XgJeXnZOFN7w+sb6GJGOqcNh38sWOOMWnudQVDgSSgSnlTlgvAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUB//RWP6TuFfge7Zp8q8yjYNgwbwwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBuBggrBgEF
BQcBCwRiMGAwXgYIKwYBBQUHMAuGUnJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
ODk4Ny5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB
/wQSMBAwDgQCAAIwCAMGACoKYEMAMA0GCSqGSIb3DQEBCwUAA4IBAQCoxBB85rLN
sQA7H2rUVmPdwuSOXjw7Z/Wz/RpsgY1zQdQDoYTxYNxBRo1Muk30HXId48+rfcta
R6NqBquC6pYpOoEaf+Q2wqlq3FQa3yUmOCofZ+IrBTDn9gmm6DKGde4HsKn3ZFZk
bFy7pVFPgkyqUgo+xSVAOkb5MtdGOoBDkkM/K0Aa6qOT6tcDlzOKkp/oMd3cwodb
1UXwOjXERwlJ15tCjkSSmntMymycRNUCy6YJjQVPe4bPTKqB88JzkhYlJv+3i0yY
B67ymqbbbdj/TJYG1WGYLUSz7OhDoNm/3DbuDBiN5iN93mMwnBscFBBlGI6Hm7L6
QwG6kzNA0M+2
-----END CERTIFICATE-----