Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS150249.roa
File:                     AS150249.roa (raw, json)
Hash identifier:          835KJZbMnjA61a32QDPRUnGNhs7LgqzGYdYTJFqNHLI=
Subject key identifier:   52:77:DB:DA:41:51:E5:73:E3:85:BF:24:7F:44:05:9C:FC:CE:7F:11
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       6F0519DC5A5C8EADB207FBAA13B535DB3A6AAD81
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS150249.roa
Signing time:             Mon 02 Sep 2024 15:55:37 +0000
ROA not before:           Mon 02 Sep 2024 15:50:37 +0000
ROA not after:            Mon 01 Sep 2025 15:55:37 +0000
asID:                     150249
IP address blocks:        2a06:9f44::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:05:19:dc:5a:5c:8e:ad:b2:07:fb:aa:13:b5:35:db:3a:6a:ad:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Sep  2 15:50:37 2024 GMT
            Not After : Sep  1 15:55:37 2025 GMT
        Subject: CN=5277DBDA4151E573E385BF247F44059CFCCE7F11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5b:88:66:94:f9:15:c4:e5:17:e9:85:3f:20:
                    f7:34:d3:ee:f2:f2:94:1b:91:24:ac:5e:7f:c8:93:
                    55:79:84:3f:38:d2:a8:b7:3a:ec:2a:98:32:47:c0:
                    db:5c:34:3e:2a:d4:ab:6f:b1:14:cd:89:e7:2e:59:
                    e4:50:5a:6b:81:f0:4a:8a:f3:31:ba:5f:f2:b0:a9:
                    0b:7e:23:12:11:bd:fc:0b:ce:99:0b:fd:bd:a4:ad:
                    7f:1a:b6:43:21:2d:f9:fc:b5:c7:5d:4e:5a:a5:83:
                    5e:45:47:d2:a5:f9:6e:16:39:bf:95:9a:4d:6a:c8:
                    a1:00:3d:f0:b7:71:b3:88:45:6c:62:35:4c:99:f2:
                    ac:b0:19:1e:20:ec:b5:95:d2:47:95:70:e7:6b:0d:
                    21:7a:97:c9:12:e2:29:66:e9:a7:35:6c:3c:65:c8:
                    80:eb:14:eb:34:a1:40:6d:b3:41:51:f6:b9:c5:c8:
                    d5:d6:88:54:ba:c4:0b:d9:bc:2e:df:8b:d3:a3:30:
                    82:be:16:fa:4b:b7:89:29:87:9e:bf:8e:bb:52:e8:
                    d3:dc:fb:c6:60:18:c3:65:22:cd:a6:44:cd:ad:a4:
                    29:9c:91:d7:ef:eb:e0:c4:e7:ce:aa:f8:bd:e3:4b:
                    ca:4a:03:96:69:d7:ba:e6:1e:4d:2b:3d:f1:e9:86:
                    61:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:77:DB:DA:41:51:E5:73:E3:85:BF:24:7F:44:05:9C:FC:CE:7F:11
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS150249.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9f44::/32

    Signature Algorithm: sha256WithRSAEncryption
         9c:85:25:82:a0:44:db:56:0a:41:d2:b7:0f:50:96:b1:c3:ce:
         5e:e4:8f:c5:23:71:f3:94:de:97:f7:de:89:07:0c:04:a5:9b:
         3a:b1:3c:6e:c3:ae:96:c3:58:c8:ef:3b:28:75:93:9c:0f:ae:
         99:e8:33:52:cf:f5:f9:ce:5c:77:4d:d4:7d:a7:da:59:5e:05:
         30:c3:76:15:22:80:ff:d6:bb:22:e2:df:8c:d5:d1:83:92:d4:
         c4:29:a0:78:dd:7e:d5:83:dd:81:61:7e:c6:09:3c:30:29:ba:
         14:92:f7:d7:a0:87:e3:e5:c0:77:33:ca:62:1a:cc:a8:90:c3:
         36:c2:82:5a:5b:44:e7:08:12:68:d7:81:61:e4:0b:e4:36:55:
         fa:67:73:bd:f2:e2:4e:a0:09:7b:f7:d0:cd:a3:6b:43:e6:68:
         9e:35:ec:ab:7f:00:4c:5e:4d:7c:1d:d6:78:48:cc:1c:6e:19:
         52:54:06:be:41:84:39:af:51:ca:ca:42:c2:1d:3f:1f:e7:1a:
         17:82:64:e1:ee:34:29:78:5b:d5:45:b0:02:83:40:d6:9c:47:
         a8:af:42:48:cd:8a:79:94:af:14:32:86:c4:5f:44:82:27:8c:
         ee:68:35:a5:ec:b3:96:33:8d:c7:ac:99:4b:96:9d:6e:8c:08:
         3c:65:ad:39
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIUbwUZ3Fpcjq2yB/uqE7U12zpqrYEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA5MDIxNTUwMzdaFw0yNTA5MDExNTU1MzdaMDMxMTAvBgNV
BAMTKDUyNzdEQkRBNDE1MUU1NzNFMzg1QkYyNDdGNDQwNTlDRkNDRTdGMTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5W4hmlPkVxOUX6YU/IPc00+7y
8pQbkSSsXn/Ik1V5hD840qi3OuwqmDJHwNtcND4q1KtvsRTNiecuWeRQWmuB8EqK
8zG6X/KwqQt+IxIRvfwLzpkL/b2krX8atkMhLfn8tcddTlqlg15FR9Kl+W4WOb+V
mk1qyKEAPfC3cbOIRWxiNUyZ8qywGR4g7LWV0keVcOdrDSF6l8kS4ilm6ac1bDxl
yIDrFOs0oUBts0FR9rnFyNXWiFS6xAvZvC7fi9OjMIK+FvpLt4kph56/jrtS6NPc
+8ZgGMNlIs2mRM2tpCmckdfv6+DE586q+L3jS8pKA5Zp17rmHk0rPfHphmE7AgMB
AAGjggHwMIIB7DAdBgNVHQ4EFgQUUnfb2kFR5XPjhb8kf0QFnPzOfxEwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTUwMjQ5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEH
AQH/BBEwDzANBAIAAjAHAwUAKgafRDANBgkqhkiG9w0BAQsFAAOCAQEAnIUlgqBE
21YKQdK3D1CWscPOXuSPxSNx85Tel/feiQcMBKWbOrE8bsOulsNYyO87KHWTnA+u
megzUs/1+c5cd03UfafaWV4FMMN2FSKA/9a7IuLfjNXRg5LUxCmgeN1+1YPdgWF+
xgk8MCm6FJL316CH4+XAdzPKYhrMqJDDNsKCWltE5wgSaNeBYeQL5DZV+mdzvfLi
TqAJe/fQzaNrQ+ZonjXsq38ATF5NfB3WeEjMHG4ZUlQGvkGEOa9RyspCwh0/H+ca
F4Jk4e40KXhb1UWwAoNA1pxHqK9CSM2KeZSvFDKGxF9EgieM7mg1peyzljONx6yZ
S5adbowIPGWtOQ==
-----END CERTIFICATE-----