Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS1239.roa
File:                     AS1239.roa (raw, json)
Hash identifier:          x7osMHQOsPSrC5ppG9oTtKOtnnt+4C0pQPCaGre/6Rw=
Subject key identifier:   E3:DA:C3:49:C8:C7:83:4D:66:E9:AE:DA:3A:31:29:D0:B1:DF:C5:33
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       7EDECAF834840158C664EC99E02EC7FD5F95314B
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS1239.roa
Signing time:             Mon 30 Sep 2024 01:01:02 +0000
ROA not before:           Mon 30 Sep 2024 00:56:02 +0000
ROA not after:            Mon 29 Sep 2025 01:01:02 +0000
asID:                     1239
IP address blocks:        2a09:54c1::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Oct 2024 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:de:ca:f8:34:84:01:58:c6:64:ec:99:e0:2e:c7:fd:5f:95:31:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Sep 30 00:56:02 2024 GMT
            Not After : Sep 29 01:01:02 2025 GMT
        Subject: CN=E3DAC349C8C7834D66E9AEDA3A3129D0B1DFC533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c5:7b:f1:22:8a:af:9f:7e:80:79:05:07:c2:
                    83:7f:58:5c:37:42:23:4e:6b:8e:4d:5e:0a:96:69:
                    ce:3b:d9:da:53:a5:cb:ab:70:92:df:53:3f:98:e3:
                    7d:58:17:0b:7a:08:5b:5b:b4:18:a9:de:83:3e:8d:
                    2f:fc:cb:db:19:b5:c3:0f:6c:16:c2:74:ce:3a:49:
                    55:80:80:56:d5:b7:5f:30:2a:7b:16:8d:68:5f:bf:
                    70:99:02:5a:8a:09:62:17:2b:2b:0d:b0:5b:26:45:
                    1f:33:ed:68:ac:d0:2d:8e:2b:6b:cc:47:94:86:ac:
                    c9:da:20:8e:43:f3:a4:cc:7d:05:33:55:01:2b:3c:
                    7a:93:d4:61:b2:4a:10:40:ab:2a:60:cb:01:72:f0:
                    19:ac:9c:e6:78:2d:40:c3:5f:00:eb:14:4c:96:53:
                    b0:d1:f3:20:b9:4f:38:18:6f:e7:b8:af:87:31:b9:
                    34:7c:13:25:00:b7:ef:68:1f:19:db:9b:c0:48:7a:
                    d3:9d:86:6f:78:56:88:16:e4:b1:f2:f7:0a:49:3c:
                    f2:80:9a:4f:29:9b:e3:c2:13:65:28:bc:2b:b6:f5:
                    c3:0c:08:de:0b:42:00:93:4c:e4:d9:20:c4:15:b9:
                    d5:d5:f8:87:fe:be:40:94:e7:e8:ff:d6:0c:ba:94:
                    c5:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:DA:C3:49:C8:C7:83:4D:66:E9:AE:DA:3A:31:29:D0:B1:DF:C5:33
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS1239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:54c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         a2:b6:f4:94:64:e2:1d:ba:51:67:05:d8:e0:1b:bc:c7:88:d9:
         3b:43:ed:fd:8b:17:a6:75:37:cb:a7:7b:fe:d2:56:40:1e:c1:
         df:22:5f:40:99:9b:8a:7c:74:56:5a:62:dc:4c:4b:d9:c9:18:
         ff:0b:3f:2a:79:cf:09:e0:65:1d:b9:b9:a3:50:05:cc:9f:d4:
         30:17:cc:3c:b5:e7:34:c4:a3:0c:28:98:82:1a:9e:1d:8d:2b:
         59:2f:c5:14:0d:bc:11:f1:21:42:9d:ce:29:96:93:db:17:e2:
         5e:06:c5:21:3d:01:84:8c:6f:93:22:fc:c7:6e:e4:00:ab:2b:
         3f:67:94:87:08:30:3a:cc:44:15:12:6c:9e:34:35:b3:94:4c:
         26:3d:60:59:33:63:4a:c4:87:c2:1f:e0:90:27:fb:28:fd:18:
         40:bf:94:36:aa:53:83:36:04:54:99:59:13:a8:f9:02:88:0e:
         f6:55:f9:27:3d:29:20:80:10:27:cc:79:e6:83:80:06:08:2c:
         65:bb:c6:c4:10:bb:26:c2:ab:03:ff:04:93:c9:25:6d:60:78:
         59:13:37:b0:1b:ff:32:3c:5c:07:09:52:af:85:45:ce:14:c9:
         9e:a3:ba:bc:58:94:63:df:0a:d5:57:63:24:c1:1d:c1:f2:2b:
         8c:03:e2:a0
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUft7K+DSEAVjGZOyZ4C7H/V+VMUswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA5MzAwMDU2MDJaFw0yNTA5MjkwMTAxMDJaMDMxMTAvBgNV
BAMTKEUzREFDMzQ5QzhDNzgzNEQ2NkU5QUVEQTNBMzEyOUQwQjFERkM1MzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuxXvxIoqvn36AeQUHwoN/WFw3
QiNOa45NXgqWac472dpTpcurcJLfUz+Y431YFwt6CFtbtBip3oM+jS/8y9sZtcMP
bBbCdM46SVWAgFbVt18wKnsWjWhfv3CZAlqKCWIXKysNsFsmRR8z7Wis0C2OK2vM
R5SGrMnaII5D86TMfQUzVQErPHqT1GGyShBAqypgywFy8BmsnOZ4LUDDXwDrFEyW
U7DR8yC5TzgYb+e4r4cxuTR8EyUAt+9oHxnbm8BIetOdhm94VogW5LHy9wpJPPKA
mk8pm+PCE2UovCu29cMMCN4LQgCTTOTZIMQVudXV+If+vkCU5+j/1gy6lMV5AgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQU49rDScjHg01m6a7aOjEp0LHfxTMwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBuBggrBgEF
BQcBCwRiMGAwXgYIKwYBBQUHMAuGUnJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTIzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB
/wQRMA8wDQQCAAIwBwMFACoJVMEwDQYJKoZIhvcNAQELBQADggEBAKK29JRk4h26
UWcF2OAbvMeI2TtD7f2LF6Z1N8une/7SVkAewd8iX0CZm4p8dFZaYtxMS9nJGP8L
Pyp5zwngZR25uaNQBcyf1DAXzDy15zTEowwomIIanh2NK1kvxRQNvBHxIUKdzimW
k9sX4l4GxSE9AYSMb5Mi/Mdu5ACrKz9nlIcIMDrMRBUSbJ40NbOUTCY9YFkzY0rE
h8If4JAn+yj9GEC/lDaqU4M2BFSZWROo+QKIDvZV+Sc9KSCAECfMeeaDgAYILGW7
xsQQuybCqwP/BJPJJW1geFkTN7Ab/zI8XAcJUq+FRc4UyZ6jurxYlGPfCtVXYyTB
HcHyK4wD4qA=
-----END CERTIFICATE-----