Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS149296.roa
File:                     AS149296.roa (raw, json)
Hash identifier:          xarSy8SIwZEwfsR/FG7u5OPCFwRoAJWO3QpwxqpcQPE=
Subject key identifier:   9A:E3:57:FA:32:B5:F0:FA:E5:93:11:89:37:02:2B:03:15:F2:C2:F3
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       2282F4DF28BEA314645DB194533810D9A4E787AD
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS149296.roa
Signing time:             Tue 05 Dec 2023 02:44:18 +0000
ROA not before:           Tue 05 Dec 2023 02:39:18 +0000
ROA not after:            Tue 03 Dec 2024 02:44:18 +0000
asID:                     149296
IP address blocks:        2a06:a005:3c0::/44 maxlen: 48
                          2a06:a005:3d0::/44 maxlen: 48
                          2a06:a005:3e0::/44 maxlen: 48
                          2a06:a005:3f0::/44 maxlen: 48
                          2a06:a005:410::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:82:f4:df:28:be:a3:14:64:5d:b1:94:53:38:10:d9:a4:e7:87:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:18 2023 GMT
            Not After : Dec  3 02:44:18 2024 GMT
        Subject: CN=9AE357FA32B5F0FAE593118937022B0315F2C2F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:40:29:7d:05:78:a2:4e:7c:87:36:7e:44:79:
                    f6:1c:0e:2c:fd:e0:45:bf:d0:28:a0:f8:a9:59:bf:
                    66:6f:e8:38:7c:94:81:d9:4d:10:7e:5a:32:4c:15:
                    a9:fa:bb:71:08:15:e1:47:6c:44:83:2a:eb:73:60:
                    fa:af:bf:97:c1:59:c4:bd:12:45:5a:81:70:42:3c:
                    a9:a5:38:c8:0a:c3:9d:d8:d5:50:0e:ed:62:1d:fe:
                    68:2e:4b:3e:73:d8:65:41:fb:04:fe:1b:bf:04:21:
                    44:ca:b4:09:f1:fe:81:64:97:55:c7:a7:78:87:ae:
                    ab:c2:7e:d8:f5:66:57:af:a5:54:af:bc:ff:73:05:
                    fa:f7:fb:7d:c6:d2:43:00:40:1f:35:05:5f:53:99:
                    8f:72:19:7a:88:e2:0c:e0:be:2c:c0:e2:ca:91:32:
                    f3:12:8d:d7:dc:7f:56:35:4d:af:79:75:74:61:2a:
                    b3:c4:4c:f2:00:ee:74:09:99:0a:ff:ab:f2:51:e3:
                    9e:4a:0b:66:97:49:3a:7b:c5:c1:2a:dc:55:92:c3:
                    c7:86:5d:e7:61:64:11:95:45:26:a7:4e:ad:01:c6:
                    31:a5:18:b1:04:d1:4f:44:da:16:2a:b2:97:de:bd:
                    85:49:aa:61:fd:25:08:98:25:ed:d9:dd:cb:a3:e0:
                    c4:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:E3:57:FA:32:B5:F0:FA:E5:93:11:89:37:02:2B:03:15:F2:C2:F3
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS149296.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:3c0::/42
                  2a06:a005:410::/44

    Signature Algorithm: sha256WithRSAEncryption
         81:f2:6e:c9:6c:78:65:72:e3:39:69:22:ec:ce:98:8f:bb:bc:
         41:61:8f:6f:0f:0c:6c:35:61:ee:01:ea:56:33:10:89:d7:a9:
         40:6d:1e:f9:6f:6a:39:bd:e2:e3:dd:9b:53:53:fe:01:46:7d:
         69:d1:f7:14:78:d5:e7:5d:47:1d:28:0e:39:d5:a9:d6:92:da:
         5e:9f:c0:cc:e5:11:dd:cd:94:da:c2:ab:c8:3f:a0:6b:fa:39:
         a5:05:83:6a:26:6d:1b:54:f8:95:0b:58:62:46:a2:b5:48:b8:
         ae:6f:30:6e:fa:ca:32:25:27:31:a7:99:25:48:20:d1:64:0b:
         d9:cc:2a:2d:31:41:5b:19:e2:d3:b5:06:8b:57:fe:bd:e6:16:
         32:3c:b2:8d:ee:4e:31:71:c1:ee:76:54:f8:44:a9:14:73:05:
         32:2b:ae:b4:55:ba:a4:81:a0:5c:d2:ea:b9:4b:5f:7b:d0:0a:
         22:18:fc:ba:40:a5:b9:dd:03:68:f4:2d:83:8d:f0:21:dc:7f:
         ba:42:2d:4d:28:89:fe:41:09:75:4d:bb:7e:6c:7b:8e:2f:2b:
         0a:ac:21:82:f6:3e:7f:8b:43:a6:be:3b:98:a6:3e:59:e2:b8:
         c4:e0:b1:26:55:4c:a6:71:4e:b1:76:b1:37:ce:45:32:07:49:
         dd:bd:bd:7d
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUIoL03yi+oxRkXbGUUzgQ2aTnh60wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MThaFw0yNDEyMDMwMjQ0MThaMDMxMTAvBgNV
BAMTKDlBRTM1N0ZBMzJCNUYwRkFFNTkzMTE4OTM3MDIyQjAzMTVGMkMyRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRQCl9BXiiTnyHNn5EefYcDiz9
4EW/0Cig+KlZv2Zv6Dh8lIHZTRB+WjJMFan6u3EIFeFHbESDKutzYPqvv5fBWcS9
EkVagXBCPKmlOMgKw53Y1VAO7WId/mguSz5z2GVB+wT+G78EIUTKtAnx/oFkl1XH
p3iHrqvCftj1ZlevpVSvvP9zBfr3+33G0kMAQB81BV9TmY9yGXqI4gzgvizA4sqR
MvMSjdfcf1Y1Ta95dXRhKrPETPIA7nQJmQr/q/JR455KC2aXSTp7xcEq3FWSw8eG
XedhZBGVRSanTq0BxjGlGLEE0U9E2hYqspfevYVJqmH9JQiYJe3Z3cuj4MT/AgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUmuNX+jK18PrlkxGJNwIrAxXywvMwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTQ5Mjk2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcGKgagBQPAAwcEKgagBQQQMA0GCSqGSIb3DQEBCwUA
A4IBAQCB8m7JbHhlcuM5aSLszpiPu7xBYY9vDwxsNWHuAepWMxCJ16lAbR75b2o5
veLj3ZtTU/4BRn1p0fcUeNXnXUcdKA451anWktpen8DM5RHdzZTawqvIP6Br+jml
BYNqJm0bVPiVC1hiRqK1SLiubzBu+soyJScxp5klSCDRZAvZzCotMUFbGeLTtQaL
V/695hYyPLKN7k4xccHudlT4RKkUcwUyK660VbqkgaBc0uq5S1970AoiGPy6QKW5
3QNo9C2DjfAh3H+6Qi1NKIn+QQl1Tbt+bHuOLysKrCGC9j5/i0OmvjuYpj5Z4rjE
4LEmVUymcU6xdrE3zkUyB0ndvb19
-----END CERTIFICATE-----