Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS1012.roa
File:                     AS1012.roa (raw, json)
Hash identifier:          wC6gfLCq2Etj8vp4lNS+vaAzJQc35OitYkV6U5/tvlE=
Subject key identifier:   8C:9D:2B:4C:20:26:FF:54:DF:FD:8D:BA:8D:DC:22:D8:56:D6:12:AF
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       477ED7B462119240CFFE1EEA9ED2A5F8622D2692
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS1012.roa
Signing time:             Tue 05 Nov 2024 03:40:08 +0000
ROA not before:           Tue 05 Nov 2024 03:35:08 +0000
ROA not after:            Tue 04 Nov 2025 03:40:08 +0000
asID:                     1012
IP address blocks:        2a06:a005:1c80::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:7e:d7:b4:62:11:92:40:cf:fe:1e:ea:9e:d2:a5:f8:62:2d:26:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:08 2024 GMT
            Not After : Nov  4 03:40:08 2025 GMT
        Subject: CN=8C9D2B4C2026FF54DFFD8DBA8DDC22D856D612AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e8:0c:bb:00:7e:9d:09:93:76:55:48:48:e6:
                    37:9e:4c:ac:a6:6a:de:46:d2:ac:64:92:6f:58:0e:
                    b1:37:94:4d:08:44:f3:5d:31:2b:67:62:8a:87:af:
                    c2:4f:6c:7d:e8:5f:f7:64:bc:60:2f:55:e2:d2:11:
                    30:0e:16:0f:51:7a:b3:e6:51:0e:14:c7:58:57:46:
                    35:df:ba:66:d9:8b:23:a6:54:76:58:cc:aa:b9:75:
                    dc:8b:58:1b:40:3b:de:14:99:3f:85:61:9b:9f:76:
                    7a:e0:b1:e3:3e:2a:6f:fd:32:eb:c2:bb:7b:0b:35:
                    c5:34:14:1a:fd:b7:c5:af:a5:e7:3f:82:8e:04:e9:
                    13:27:b9:8f:9f:2b:3c:5b:25:58:71:8d:22:f9:e1:
                    11:80:fb:ca:a2:7a:01:c3:b2:a8:6c:e1:d2:27:a3:
                    da:d2:ad:86:98:f0:bf:7b:59:41:9a:ba:c1:72:0a:
                    66:f8:48:8c:be:30:12:bb:86:23:e8:b0:2b:c0:60:
                    f5:6f:81:31:99:e0:5e:ad:0b:cf:50:68:54:4a:31:
                    45:8f:da:0c:b4:74:86:14:bc:5a:12:2e:d1:8e:7f:
                    1e:b7:ad:2f:0e:9c:61:e2:d5:ea:d7:2a:28:c7:98:
                    da:f2:4f:cc:75:01:46:79:3b:03:10:fc:3b:4a:77:
                    65:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:9D:2B:4C:20:26:FF:54:DF:FD:8D:BA:8D:DC:22:D8:56:D6:12:AF
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS1012.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1c80::/44

    Signature Algorithm: sha256WithRSAEncryption
         c3:3f:f4:4f:b4:86:23:91:b7:f7:2a:e5:cc:86:a1:c0:0b:69:
         cf:c4:9f:9c:59:96:40:62:8a:a8:a5:e4:d0:9e:95:e2:63:30:
         2f:1b:c2:da:89:46:85:12:c1:dd:55:7d:00:ff:87:43:cf:30:
         7c:51:0f:4d:e9:7d:f5:4a:99:1a:20:77:20:c9:3a:dd:cb:de:
         0e:86:e6:a8:11:57:34:0f:8d:3f:8c:84:4a:dc:1a:19:d0:39:
         83:f8:02:8c:9c:f1:b3:89:cf:06:71:c3:68:2c:d6:cc:bf:46:
         4b:ef:aa:1e:a0:df:a9:69:00:5b:d5:65:1b:81:8c:2e:bd:65:
         a8:e2:3c:3e:dd:a4:3e:57:9d:55:23:d6:c4:24:a8:e7:56:b8:
         5e:d8:fe:67:37:84:e4:1a:5d:6f:df:c4:fd:27:cc:13:8a:07:
         dc:2b:71:44:fa:2a:fa:eb:dc:49:4f:62:67:06:dc:ca:3d:6e:
         21:80:7c:1e:a0:14:4b:22:f3:3a:64:70:54:1d:c2:8c:cc:83:
         f5:b3:cb:e5:1c:a0:8b:45:c0:ad:d4:a4:83:66:be:12:07:76:
         73:3c:02:07:b3:45:ef:60:69:cf:ce:52:57:00:8a:c4:f2:8c:
         b3:b6:4d:dc:c7:2e:9c:9b:6f:bd:14:40:0c:f6:46:b6:d2:63:
         b8:56:31:89
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIUR37XtGIRkkDP/h7qntKl+GItJpIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDhaFw0yNTExMDQwMzQwMDhaMDMxMTAvBgNV
BAMTKDhDOUQyQjRDMjAyNkZGNTRERkZEOERCQThEREMyMkQ4NTZENjEyQUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ6Ay7AH6dCZN2VUhI5jeeTKym
at5G0qxkkm9YDrE3lE0IRPNdMStnYoqHr8JPbH3oX/dkvGAvVeLSETAOFg9RerPm
UQ4Ux1hXRjXfumbZiyOmVHZYzKq5ddyLWBtAO94UmT+FYZufdnrgseM+Km/9MuvC
u3sLNcU0FBr9t8Wvpec/go4E6RMnuY+fKzxbJVhxjSL54RGA+8qiegHDsqhs4dIn
o9rSrYaY8L97WUGausFyCmb4SIy+MBK7hiPosCvAYPVvgTGZ4F6tC89QaFRKMUWP
2gy0dIYUvFoSLtGOfx63rS8OnGHi1erXKijHmNryT8x1AUZ5OwMQ/DtKd2UJAgMB
AAGjggHwMIIB7DAdBgNVHQ4EFgQUjJ0rTCAm/1Tf/Y26jdwi2FbWEq8wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBuBggrBgEF
BQcBCwRiMGAwXgYIKwYBBQUHMAuGUnJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTAxMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB
/wQTMBEwDwQCAAIwCQMHBCoGoAUcgDANBgkqhkiG9w0BAQsFAAOCAQEAwz/0T7SG
I5G39yrlzIahwAtpz8SfnFmWQGKKqKXk0J6V4mMwLxvC2olGhRLB3VV9AP+HQ88w
fFEPTel99UqZGiB3IMk63cveDobmqBFXNA+NP4yEStwaGdA5g/gCjJzxs4nPBnHD
aCzWzL9GS++qHqDfqWkAW9VlG4GMLr1lqOI8Pt2kPledVSPWxCSo51a4Xtj+ZzeE
5Bpdb9/E/SfME4oH3CtxRPoq+uvcSU9iZwbcyj1uIYB8HqAUSyLzOmRwVB3CjMyD
9bPL5Rygi0XArdSkg2a+Egd2czwCB7NF72Bpz85SVwCKxPKMs7ZN3McunJtvvRRA
DPZGttJjuFYxiQ==
-----END CERTIFICATE-----