Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS9267.roa
File:                     AS9267.roa (raw, json)
Hash identifier:          be4xP7xmqtLna6oQghAL5+64fLDERpaSzZJk/VsodN4=
Subject key identifier:   F8:8E:14:D5:C9:48:9D:F0:16:A0:1A:00:1A:9F:B5:44:AE:3D:3C:96
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       1DD7A5F3B47803A49ABE9B5E68FF2BF2101EA377
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS9267.roa
Signing time:             Tue 05 Nov 2024 03:40:07 +0000
ROA not before:           Tue 05 Nov 2024 03:35:07 +0000
ROA not after:            Tue 04 Nov 2025 03:40:07 +0000
asID:                     9267
IP address blocks:        2a06:a005:200::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 11:21:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:d7:a5:f3:b4:78:03:a4:9a:be:9b:5e:68:ff:2b:f2:10:1e:a3:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:07 2024 GMT
            Not After : Nov  4 03:40:07 2025 GMT
        Subject: CN=F88E14D5C9489DF016A01A001A9FB544AE3D3C96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:53:03:b2:bb:6c:7d:b9:bc:72:32:62:f2:75:
                    ab:66:4d:70:9f:99:cc:8e:10:f1:a9:7e:0b:72:0a:
                    5f:76:c1:f1:ab:6f:13:93:2c:30:a6:a1:5d:c9:46:
                    a9:8a:9b:23:79:51:87:33:79:42:29:aa:a9:84:d7:
                    39:d5:9e:62:a1:e9:69:77:0a:64:64:ae:9d:c2:21:
                    ad:2a:f0:77:36:7c:17:36:37:a5:17:6b:5d:85:14:
                    88:18:e2:ab:4d:d9:c1:d0:49:1d:9e:ea:75:a0:1f:
                    9f:2e:69:6b:fe:40:f5:1a:fc:ba:a1:d7:00:06:7b:
                    f7:59:6f:51:7d:1f:bc:41:59:44:27:35:b2:3b:cf:
                    aa:22:e3:be:7d:af:99:78:ac:09:10:a2:71:b2:aa:
                    b7:a7:1c:53:ec:ef:28:e1:bd:b1:7a:87:5a:3d:69:
                    33:70:92:30:84:b6:11:eb:31:82:e8:4d:4e:84:b8:
                    1a:7c:24:bb:12:a9:c2:7b:dd:44:cb:e6:4f:32:a0:
                    ec:f8:3d:eb:d7:5f:30:cf:86:8c:ab:a9:5f:fd:e8:
                    db:7c:b9:53:15:00:ab:8f:c5:06:4a:40:a3:fc:f6:
                    42:3a:56:cd:db:14:69:a4:72:c7:b6:08:ad:a8:de:
                    dc:16:fa:5f:35:a3:91:8e:8a:3b:cc:03:17:e5:36:
                    71:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:8E:14:D5:C9:48:9D:F0:16:A0:1A:00:1A:9F:B5:44:AE:3D:3C:96
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS9267.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:200::/44

    Signature Algorithm: sha256WithRSAEncryption
         1e:4e:1d:22:92:e0:a8:2f:bc:b9:5b:3a:35:8d:17:b9:89:ff:
         4b:f9:b0:74:5d:c0:35:e6:8a:d6:cc:1c:9b:43:91:32:bc:2b:
         ca:d9:c4:c0:63:da:f6:24:a8:6e:43:b6:56:83:d8:f3:16:6c:
         5c:a1:f0:fc:97:d6:8c:5f:14:22:3c:81:5a:1c:e9:41:fe:85:
         fc:e4:f4:72:4e:84:a5:af:90:f9:04:c6:fd:9a:d0:72:01:c3:
         09:bc:c0:ae:ea:27:24:48:61:fe:5f:e9:03:d2:c5:0e:78:e6:
         df:36:80:1f:97:93:a2:b3:53:c3:5b:1a:1f:ff:1b:c7:dd:04:
         b3:f0:53:29:99:f5:02:81:4f:51:bb:6a:e8:8e:52:03:ac:b4:
         56:66:c1:b9:20:34:1b:08:6f:c6:f4:1c:6e:9c:04:70:5d:0b:
         5a:9c:2f:59:07:d0:c3:8f:be:88:4e:a8:e3:54:85:9f:fc:67:
         17:29:31:84:26:d5:6d:42:17:15:1f:3a:6b:12:4a:d9:a1:07:
         8f:4f:ab:da:52:eb:3a:ed:b4:35:62:4a:7d:64:20:03:ba:d9:
         d5:4c:20:15:7b:80:8b:80:c3:56:a5:c8:e3:35:97:0a:ff:04:
         aa:a8:1a:ff:a8:06:67:19:5a:db:d2:39:16:37:8c:f4:ef:df:
         9c:66:2d:13
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIUHdel87R4A6SavpteaP8r8hAeo3cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDdaFw0yNTExMDQwMzQwMDdaMDMxMTAvBgNV
BAMTKEY4OEUxNEQ1Qzk0ODlERjAxNkEwMUEwMDFBOUZCNTQ0QUUzRDNDOTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwUwOyu2x9ubxyMmLydatmTXCf
mcyOEPGpfgtyCl92wfGrbxOTLDCmoV3JRqmKmyN5UYczeUIpqqmE1znVnmKh6Wl3
CmRkrp3CIa0q8Hc2fBc2N6UXa12FFIgY4qtN2cHQSR2e6nWgH58uaWv+QPUa/Lqh
1wAGe/dZb1F9H7xBWUQnNbI7z6oi4759r5l4rAkQonGyqrenHFPs7yjhvbF6h1o9
aTNwkjCEthHrMYLoTU6EuBp8JLsSqcJ73UTL5k8yoOz4PevXXzDPhoyrqV/96Nt8
uVMVAKuPxQZKQKP89kI6Vs3bFGmkcse2CK2o3twW+l81o5GOijvMAxflNnH9AgMB
AAGjggHwMIIB7DAdBgNVHQ4EFgQU+I4U1clInfAWoBoAGp+1RK49PJYwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBuBggrBgEF
BQcBCwRiMGAwXgYIKwYBBQUHMAuGUnJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
OTI2Ny5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB
/wQTMBEwDwQCAAIwCQMHBCoGoAUCADANBgkqhkiG9w0BAQsFAAOCAQEAHk4dIpLg
qC+8uVs6NY0XuYn/S/mwdF3ANeaK1swcm0ORMrwrytnEwGPa9iSobkO2VoPY8xZs
XKHw/JfWjF8UIjyBWhzpQf6F/OT0ck6Epa+Q+QTG/ZrQcgHDCbzAruonJEhh/l/p
A9LFDnjm3zaAH5eTorNTw1saH/8bx90Es/BTKZn1AoFPUbtq6I5SA6y0VmbBuSA0
GwhvxvQcbpwEcF0LWpwvWQfQw4++iE6o41SFn/xnFykxhCbVbUIXFR86axJK2aEH
j0+r2lLrOu20NWJKfWQgA7rZ1UwgFXuAi4DDVqXI4zWXCv8Eqqga/6gGZxla29I5
FjeM9O/fnGYtEw==
-----END CERTIFICATE-----