Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS924.roa
File:                     AS924.roa (raw, json)
Hash identifier:          WZX2HcjCUSGH9umwEkzjHGii1XHuDYSMsT6j1IPAp6Y=
Subject key identifier:   CB:A7:25:66:8D:AB:8E:6E:46:27:EF:60:0A:30:C8:63:17:64:5B:5A
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       1875F04B86680617F1F97105FDE7EA32CAD8283D
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS924.roa
Signing time:             Tue 05 Nov 2024 03:40:09 +0000
ROA not before:           Tue 05 Nov 2024 03:35:09 +0000
ROA not after:            Tue 04 Nov 2025 03:40:09 +0000
asID:                     924
IP address blocks:        2a06:a005:d30::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:75:f0:4b:86:68:06:17:f1:f9:71:05:fd:e7:ea:32:ca:d8:28:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:09 2024 GMT
            Not After : Nov  4 03:40:09 2025 GMT
        Subject: CN=CBA725668DAB8E6E4627EF600A30C86317645B5A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ae:31:72:45:8a:dc:9e:45:da:61:11:08:68:
                    a8:02:0c:21:b5:cb:bd:b6:30:94:fe:ee:9f:87:8e:
                    98:d8:3f:c6:ea:32:77:5a:cd:1b:1d:28:9d:60:37:
                    36:70:fe:ee:d1:b5:93:65:31:59:b3:54:4c:64:ab:
                    2b:d4:54:3e:6e:fb:1b:0c:fb:ee:be:c6:1a:7e:5d:
                    65:47:1c:7c:fd:ba:df:2e:65:7e:37:01:1f:f3:b3:
                    cb:69:a4:50:62:db:21:bb:96:54:df:86:ae:b8:5e:
                    07:c3:fd:c6:40:a4:cd:96:93:59:cc:b3:fc:b9:3c:
                    5f:7d:d5:2c:b7:fc:c1:e6:41:35:9b:cc:93:6c:b9:
                    3a:9e:8a:0a:6a:1c:69:dc:cf:c4:5e:4c:d0:f9:f6:
                    84:d9:c7:75:b8:6d:0f:df:ee:94:a8:42:e5:ef:c2:
                    72:2f:b0:63:75:de:23:d5:80:53:4e:a2:4b:12:9d:
                    e4:9a:1e:7b:76:80:f5:9e:25:4a:a7:9f:c2:0c:9c:
                    0e:67:8b:09:cc:ba:af:35:cd:67:9e:f0:86:51:a9:
                    97:50:b8:c7:9e:27:f9:57:57:e1:24:81:ab:3e:ca:
                    2e:28:40:de:56:80:9e:a8:9c:0b:22:f8:8a:73:47:
                    59:ce:d8:d4:bd:8a:bc:87:00:e3:5b:03:75:37:55:
                    51:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:A7:25:66:8D:AB:8E:6E:46:27:EF:60:0A:30:C8:63:17:64:5B:5A
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS924.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:d30::/44

    Signature Algorithm: sha256WithRSAEncryption
         78:4f:1c:ac:47:53:67:3e:5d:b0:5f:f9:f3:57:f2:d6:97:2e:
         0a:90:57:6f:6d:90:1a:dd:7a:0f:39:7c:8b:cc:4e:d1:f5:8a:
         ba:dc:8e:18:cf:79:8e:6f:a1:70:c4:d1:2b:2a:55:0d:5d:a9:
         37:04:8b:b0:d6:1f:4b:01:14:52:ae:e8:55:82:7e:83:3e:10:
         b9:3a:35:a7:57:09:43:f5:4b:db:5a:f5:9d:5d:86:4e:a5:39:
         1a:83:03:b5:e6:05:e7:85:ba:70:a6:2c:af:c0:71:c6:78:2c:
         d6:55:5b:df:62:8f:d4:11:4a:ce:50:7c:c1:5b:51:01:3e:19:
         e5:51:c9:e6:33:f3:da:d1:69:34:13:d4:ac:67:ea:fb:21:a4:
         7e:d2:6c:6a:49:18:9f:2a:4e:8a:90:92:f1:1b:43:65:09:6d:
         49:14:7c:bf:37:8d:77:15:68:8c:75:db:13:51:89:b4:d6:d6:
         1a:07:f8:4c:0e:1c:db:73:41:cb:b2:6c:9a:33:e0:dd:d7:c3:
         bb:03:0f:8d:d3:84:85:48:23:ac:2a:10:67:a6:f1:4d:34:70:
         90:02:41:6b:bd:86:58:64:37:5e:ab:fa:f2:4e:7b:ec:e0:ec:
         2e:db:fd:cb:48:07:a1:04:80:e2:72:ad:1b:8f:b7:51:a9:36:
         89:94:36:2a
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUGHXwS4ZoBhfx+XEF/efqMsrYKD0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDlaFw0yNTExMDQwMzQwMDlaMDMxMTAvBgNV
BAMTKENCQTcyNTY2OERBQjhFNkU0NjI3RUY2MDBBMzBDODYzMTc2NDVCNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIrjFyRYrcnkXaYREIaKgCDCG1
y722MJT+7p+HjpjYP8bqMndazRsdKJ1gNzZw/u7RtZNlMVmzVExkqyvUVD5u+xsM
++6+xhp+XWVHHHz9ut8uZX43AR/zs8tppFBi2yG7llTfhq64XgfD/cZApM2Wk1nM
s/y5PF991Sy3/MHmQTWbzJNsuTqeigpqHGncz8ReTND59oTZx3W4bQ/f7pSoQuXv
wnIvsGN13iPVgFNOoksSneSaHnt2gPWeJUqnn8IMnA5niwnMuq81zWee8IZRqZdQ
uMeeJ/lXV+Ekgas+yi4oQN5WgJ6onAsi+IpzR1nO2NS9iryHAONbA3U3VVFFAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUy6clZo2rjm5GJ+9gCjDIYxdkW1owHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBtBggrBgEF
BQcBCwRhMF8wXQYIKwYBBQUHMAuGUXJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
OTI0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/
BBMwETAPBAIAAjAJAwcEKgagBQ0wMA0GCSqGSIb3DQEBCwUAA4IBAQB4TxysR1Nn
Pl2wX/nzV/LWly4KkFdvbZAa3XoPOXyLzE7R9Yq63I4Yz3mOb6FwxNErKlUNXak3
BIuw1h9LARRSruhVgn6DPhC5OjWnVwlD9UvbWvWdXYZOpTkagwO15gXnhbpwpiyv
wHHGeCzWVVvfYo/UEUrOUHzBW1EBPhnlUcnmM/Pa0Wk0E9SsZ+r7IaR+0mxqSRif
Kk6KkJLxG0NlCW1JFHy/N413FWiMddsTUYm01tYaB/hMDhzbc0HLsmyaM+Dd18O7
Aw+N04SFSCOsKhBnpvFNNHCQAkFrvYZYZDdeq/ryTnvs4Owu2/3LSAehBIDicq0b
j7dRqTaJlDYq
-----END CERTIFICATE-----