Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS139989.roa
File:                     AS139989.roa (raw, json)
Hash identifier:          +JDMhq89za93E9uMFCFykwmmVuJ7F2AQOrHsOVrift0=
Subject key identifier:   59:4E:23:1D:35:1A:AD:ED:99:E2:E1:DC:2E:4D:22:BA:50:0F:EB:12
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       7706FA49DC74E69A9F5152C10C1955DE84B5054B
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS139989.roa
Signing time:             Tue 05 Nov 2024 03:40:08 +0000
ROA not before:           Tue 05 Nov 2024 03:35:08 +0000
ROA not after:            Tue 04 Nov 2025 03:40:08 +0000
asID:                     139989
IP address blocks:        2a06:a005:a10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 11:21:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:06:fa:49:dc:74:e6:9a:9f:51:52:c1:0c:19:55:de:84:b5:05:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:08 2024 GMT
            Not After : Nov  4 03:40:08 2025 GMT
        Subject: CN=594E231D351AADED99E2E1DC2E4D22BA500FEB12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b9:b8:16:c9:87:ba:49:fc:20:ba:fe:2d:e6:
                    92:bd:1b:2f:f1:1f:6d:2b:5b:8b:60:46:45:65:35:
                    07:97:59:bb:da:32:65:3f:0c:56:ca:6d:f3:aa:87:
                    2d:55:04:51:cc:42:96:b6:d9:f2:1e:ca:1c:77:61:
                    6f:4e:cd:59:7c:f5:e4:b8:be:13:17:2c:31:6f:21:
                    1d:66:d5:66:89:d6:ae:a5:52:6e:0d:62:d7:72:e3:
                    25:60:c4:cf:ac:84:23:2b:dd:d6:d0:4e:19:01:8d:
                    5d:82:f2:0e:42:18:8d:3a:40:e7:a0:bd:08:57:18:
                    b0:ca:40:ef:18:4e:0e:03:f6:d1:ef:d0:9e:5f:15:
                    f8:ef:41:72:3d:4d:52:2d:2a:c6:53:e2:da:06:7c:
                    1b:b1:22:e3:36:f8:5a:2f:57:9e:01:bd:af:6d:07:
                    02:f9:b1:3c:ab:af:21:4b:0f:10:83:60:2c:6c:e1:
                    2d:59:f8:a3:bf:6e:b9:80:ac:d6:eb:5e:4e:26:5c:
                    95:a3:7e:af:82:81:11:9d:bc:c0:82:54:4d:c2:f1:
                    30:44:a3:48:89:c9:73:02:d5:17:f4:19:25:eb:f6:
                    22:f0:86:46:7a:59:78:c1:d5:f9:6a:3d:c7:30:3d:
                    1b:43:bf:bc:d5:e6:80:b7:09:d7:4e:fb:34:d3:0d:
                    fc:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:4E:23:1D:35:1A:AD:ED:99:E2:E1:DC:2E:4D:22:BA:50:0F:EB:12
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS139989.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:a10::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:91:f4:0c:73:04:7d:a0:03:ec:3b:d2:4a:5f:f1:cb:9e:73:
         fe:d5:fb:9f:1f:e2:22:3b:d9:3b:9a:e8:9b:94:f1:69:c9:cd:
         17:76:30:83:8c:cd:7f:ef:a7:9a:0b:80:a3:38:b2:62:ce:89:
         ed:51:d3:62:b0:88:4a:93:c1:4d:f5:14:a6:43:1e:ca:94:4d:
         f9:1c:29:01:57:b2:d7:cd:95:14:b4:a9:5a:be:1c:b7:83:3c:
         04:2e:c1:aa:95:0a:7f:a0:ae:c3:6d:4c:de:18:98:78:0b:63:
         51:7b:81:6b:c0:3a:0a:a5:10:8e:af:0d:f0:98:e7:e2:1d:80:
         52:ac:59:2e:18:8a:f7:1b:38:0a:73:01:cf:03:d3:81:df:b5:
         17:ad:51:10:ea:ed:bb:4f:ba:28:10:89:b1:50:0f:d6:b9:49:
         a0:9f:31:22:53:27:6e:98:7f:c5:89:61:48:8c:21:2f:22:df:
         81:8a:8b:fa:34:d3:41:d4:52:24:c9:78:38:ca:19:2b:4b:69:
         cc:d2:52:e8:95:45:6c:6f:55:37:8f:56:fe:3f:d8:b2:98:5c:
         b7:3d:3c:80:f9:4a:81:19:36:b3:9d:59:cd:c2:ba:8e:08:04:
         df:05:12:10:5a:63:e2:4b:a7:4f:7c:83:5e:7d:5e:41:b3:01:
         a4:ae:b5:e2
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUdwb6Sdx05pqfUVLBDBlV3oS1BUswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDhaFw0yNTExMDQwMzQwMDhaMDMxMTAvBgNV
BAMTKDU5NEUyMzFEMzUxQUFERUQ5OUUyRTFEQzJFNEQyMkJBNTAwRkVCMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTubgWyYe6Sfwguv4t5pK9Gy/x
H20rW4tgRkVlNQeXWbvaMmU/DFbKbfOqhy1VBFHMQpa22fIeyhx3YW9OzVl89eS4
vhMXLDFvIR1m1WaJ1q6lUm4NYtdy4yVgxM+shCMr3dbQThkBjV2C8g5CGI06QOeg
vQhXGLDKQO8YTg4D9tHv0J5fFfjvQXI9TVItKsZT4toGfBuxIuM2+FovV54Bva9t
BwL5sTyrryFLDxCDYCxs4S1Z+KO/brmArNbrXk4mXJWjfq+CgRGdvMCCVE3C8TBE
o0iJyXMC1Rf0GSXr9iLwhkZ6WXjB1flqPccwPRtDv7zV5oC3CddO+zTTDfztAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUWU4jHTUare2Z4uHcLk0iulAP6xIwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTM5OTg5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQoQMA0GCSqGSIb3DQEBCwUAA4IBAQAFkfQM
cwR9oAPsO9JKX/HLnnP+1fufH+IiO9k7muiblPFpyc0XdjCDjM1/76eaC4CjOLJi
zontUdNisIhKk8FN9RSmQx7KlE35HCkBV7LXzZUUtKlavhy3gzwELsGqlQp/oK7D
bUzeGJh4C2NRe4FrwDoKpRCOrw3wmOfiHYBSrFkuGIr3GzgKcwHPA9OB37UXrVEQ
6u27T7ooEImxUA/WuUmgnzEiUydumH/FiWFIjCEvIt+Biov6NNNB1FIkyXg4yhkr
S2nM0lLolUVsb1U3j1b+P9iymFy3PTyA+UqBGTaznVnNwrqOCATfBRIQWmPiS6dP
fINefV5BswGkrrXi
-----END CERTIFICATE-----