Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS139989.roa
File:                     AS139989.roa (raw, json)
Hash identifier:          OP+PqRpPUUCR/xZgwtdZDTbcUZcfeI9mPKV4t/Hpj+M=
Subject key identifier:   95:F6:70:F8:6F:DC:D1:ED:86:DD:FB:A7:9E:20:EE:21:C2:6F:72:A8
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       6DBBD8A0EC28E4B1CB6A4D5ECB2D4523C2148F84
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS139989.roa
Signing time:             Tue 05 Dec 2023 02:44:20 +0000
ROA not before:           Tue 05 Dec 2023 02:39:20 +0000
ROA not after:            Tue 03 Dec 2024 02:44:20 +0000
asID:                     139989
IP address blocks:        2a06:a005:a10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:bb:d8:a0:ec:28:e4:b1:cb:6a:4d:5e:cb:2d:45:23:c2:14:8f:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:20 2023 GMT
            Not After : Dec  3 02:44:20 2024 GMT
        Subject: CN=95F670F86FDCD1ED86DDFBA79E20EE21C26F72A8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e7:f2:b0:98:dc:d5:c0:bf:51:f2:b0:53:5c:
                    4e:c5:6f:ee:0d:5e:ef:a2:e0:4d:99:2c:39:b8:b1:
                    c3:4a:00:cb:39:73:68:ab:ad:41:01:4d:ac:61:96:
                    00:94:d0:a9:6a:a3:06:2a:55:dd:15:af:98:3c:3e:
                    83:fc:d8:ca:68:70:eb:34:15:53:ec:18:d2:65:2b:
                    ae:8a:23:b7:2e:41:21:9d:90:98:8b:04:15:f4:e4:
                    ab:24:65:fe:04:e1:fd:d6:6f:f0:bf:8d:b2:c1:a2:
                    6e:78:bc:dc:57:bc:16:a0:e3:2a:ec:e0:05:4d:47:
                    36:cf:cc:f9:f0:3e:d3:87:7f:83:e2:35:e7:fc:fb:
                    7a:af:98:09:4a:44:44:e1:b5:78:3b:e1:dd:8c:ae:
                    07:8f:a0:62:ea:1e:57:b7:28:3e:d5:0a:50:10:c7:
                    29:5e:33:21:7c:1d:a1:90:21:dc:a5:ac:e8:17:54:
                    73:32:74:7b:da:8b:2c:88:b2:80:c9:04:54:d0:6d:
                    04:3e:1f:89:d5:b6:73:78:9c:b8:0c:9e:67:dc:70:
                    93:c5:a8:37:be:2e:e2:45:d7:0c:e3:36:43:bb:48:
                    28:8f:11:c4:d0:50:68:aa:0f:f5:1a:83:11:54:17:
                    57:fd:53:d3:77:f3:68:da:e7:5e:52:e7:c2:8f:d2:
                    d8:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:F6:70:F8:6F:DC:D1:ED:86:DD:FB:A7:9E:20:EE:21:C2:6F:72:A8
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS139989.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:a10::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:22:5c:f0:cd:ed:a0:34:77:87:4e:4a:f3:c0:7c:b6:8e:34:
         55:33:d1:65:40:71:e6:8d:08:71:83:31:01:5f:6c:6f:65:d9:
         cb:3d:52:6d:5e:9b:17:c4:1e:0e:03:b6:3d:db:f3:90:10:f8:
         40:49:14:8f:60:95:fd:66:21:e6:59:2f:40:60:a6:29:e4:e5:
         14:3f:70:55:91:60:af:eb:ad:15:67:7a:a8:66:4b:c5:7b:0b:
         cf:5b:ee:8b:10:29:76:b9:07:cc:a1:57:42:58:19:c5:2c:0d:
         61:81:2c:20:14:72:a6:24:1b:89:f3:ca:79:cd:8d:fa:1b:0f:
         04:da:9d:04:97:c4:4e:e5:b9:f3:1e:f6:ab:99:11:75:90:6c:
         5d:5b:a6:17:89:39:60:20:85:70:76:ca:48:35:84:b1:2b:e1:
         28:3c:ad:5b:c7:58:f2:b5:3f:79:5f:83:a2:cc:cf:0c:d3:f0:
         aa:0d:09:e0:d2:47:ad:52:a7:e5:c0:f6:33:73:ab:b6:65:d3:
         6d:6a:fd:cc:7a:6c:0a:05:30:da:61:c1:37:f0:68:5c:9c:35:
         10:5f:cc:ae:af:c0:a4:66:16:97:fb:3d:8a:4a:25:c1:5d:ed:
         cb:99:00:c5:a7:c0:42:97:d0:a5:e5:ed:e1:32:f0:00:a0:3a:
         49:bb:ce:38
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUbbvYoOwo5LHLak1eyy1FI8IUj4QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MjBaFw0yNDEyMDMwMjQ0MjBaMDMxMTAvBgNV
BAMTKDk1RjY3MEY4NkZEQ0QxRUQ4NkRERkJBNzlFMjBFRTIxQzI2RjcyQTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm5/KwmNzVwL9R8rBTXE7Fb+4N
Xu+i4E2ZLDm4scNKAMs5c2irrUEBTaxhlgCU0KlqowYqVd0Vr5g8PoP82MpocOs0
FVPsGNJlK66KI7cuQSGdkJiLBBX05KskZf4E4f3Wb/C/jbLBom54vNxXvBag4yrs
4AVNRzbPzPnwPtOHf4PiNef8+3qvmAlKREThtXg74d2MrgePoGLqHle3KD7VClAQ
xyleMyF8HaGQIdylrOgXVHMydHvaiyyIsoDJBFTQbQQ+H4nVtnN4nLgMnmfccJPF
qDe+LuJF1wzjNkO7SCiPEcTQUGiqD/UagxFUF1f9U9N382ja515S58KP0tgjAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUlfZw+G/c0e2G3funniDuIcJvcqgwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTM5OTg5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQoQMA0GCSqGSIb3DQEBCwUAA4IBAQA7Ilzw
ze2gNHeHTkrzwHy2jjRVM9FlQHHmjQhxgzEBX2xvZdnLPVJtXpsXxB4OA7Y92/OQ
EPhASRSPYJX9ZiHmWS9AYKYp5OUUP3BVkWCv660VZ3qoZkvFewvPW+6LECl2uQfM
oVdCWBnFLA1hgSwgFHKmJBuJ88p5zY36Gw8E2p0El8RO5bnzHvarmRF1kGxdW6YX
iTlgIIVwdspINYSxK+EoPK1bx1jytT95X4OizM8M0/CqDQng0ketUqflwPYzc6u2
ZdNtav3MemwKBTDaYcE38GhcnDUQX8yur8CkZhaX+z2KSiXBXe3LmQDFp8BCl9Cl
5e3hMvAAoDpJu844
-----END CERTIFICATE-----