Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS149296.roa
File:                     AS149296.roa (raw, json)
Hash identifier:          AvkjMWDbh4R5I8yaZi+fMMqPqeD1RjHYBeQ9IL2tjEA=
Subject key identifier:   FA:1D:E6:34:12:B9:4F:EF:0B:03:2C:D3:55:5B:B1:53:10:53:6B:4E
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       42B22D4A5DA80B9A6A119B6311668093D7719D99
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS149296.roa
Signing time:             Tue 05 Nov 2024 03:40:00 +0000
ROA not before:           Tue 05 Nov 2024 03:35:00 +0000
ROA not after:            Tue 04 Nov 2025 03:40:00 +0000
asID:                     149296
IP address blocks:        2a06:a005:3c0::/44 maxlen: 48
                          2a06:a005:3d0::/44 maxlen: 48
                          2a06:a005:3e0::/44 maxlen: 48
                          2a06:a005:3f0::/44 maxlen: 48
                          2a06:a005:410::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:b2:2d:4a:5d:a8:0b:9a:6a:11:9b:63:11:66:80:93:d7:71:9d:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:00 2024 GMT
            Not After : Nov  4 03:40:00 2025 GMT
        Subject: CN=FA1DE63412B94FEF0B032CD3555BB15310536B4E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ee:a1:11:3c:d4:02:74:39:15:d5:3b:63:c4:
                    60:5b:4a:02:07:f9:45:ba:b3:78:75:de:53:1b:c6:
                    cd:2c:be:56:bc:b6:48:b3:4c:8b:6e:c5:9e:3d:ef:
                    65:4f:d5:5f:f5:45:82:64:f6:44:65:fe:c9:65:54:
                    5c:f6:4b:31:fb:02:66:2c:a6:6d:cf:30:d9:43:c5:
                    a9:79:96:5e:cf:05:10:bd:fd:f0:9c:b4:03:43:e8:
                    7e:e9:96:13:4f:1f:aa:59:e4:f2:b9:a1:e2:33:b1:
                    a7:fc:1b:63:59:7b:01:92:80:79:26:b2:00:48:8e:
                    53:54:8a:bb:92:e6:a2:ea:7b:d7:47:cf:3f:81:b3:
                    88:d4:bf:b2:5e:a1:e1:3d:0a:30:4c:7b:4b:7d:fc:
                    89:86:c7:76:ca:79:74:06:e3:27:f4:82:c3:67:41:
                    9a:3f:80:cb:fe:8e:34:95:ab:a8:b9:e6:61:84:af:
                    97:4e:7f:d0:54:29:0d:3c:ad:02:40:4b:aa:43:83:
                    fc:b1:69:ca:af:12:0a:de:5c:fe:ad:36:97:35:85:
                    3e:0b:b9:37:84:6c:d6:93:a1:02:02:05:4e:a4:41:
                    14:1b:01:d0:30:57:b1:08:7a:3a:e3:bf:c9:b8:2f:
                    5c:e0:53:30:d4:10:b5:05:93:6f:54:c3:7e:da:91:
                    14:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:1D:E6:34:12:B9:4F:EF:0B:03:2C:D3:55:5B:B1:53:10:53:6B:4E
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS149296.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:3c0::/42
                  2a06:a005:410::/44

    Signature Algorithm: sha256WithRSAEncryption
         28:e4:ba:c8:f3:02:19:dc:58:c8:5b:2e:c1:c9:fe:81:a0:f7:
         86:45:8c:44:57:e3:da:d2:df:da:88:ea:88:b1:0c:39:dc:9f:
         42:b8:b8:c4:87:24:6f:02:2e:1e:9b:fc:93:6d:c3:ca:a6:f3:
         eb:a4:69:48:7c:d6:0f:2a:5f:51:bf:a2:fb:bb:9e:bf:53:75:
         a1:0b:a6:3c:41:e0:df:66:b2:d1:6a:71:d3:1a:00:08:15:e7:
         10:50:21:0a:fd:8e:26:6a:61:bd:b4:a8:43:e3:26:d2:cc:f2:
         b4:c4:d2:6a:9e:bd:2f:c8:52:dd:94:50:02:b1:c0:c7:07:3f:
         fd:c3:cd:58:60:29:aa:a6:ad:29:ce:05:3b:e7:6d:42:93:d3:
         60:6a:f1:64:79:65:3e:2e:d5:fa:05:11:05:32:80:f4:7c:70:
         ff:1f:8f:ea:96:52:13:0c:86:8f:ef:fd:3b:01:96:0b:61:2e:
         18:e0:c0:cb:a0:58:e2:8e:dc:99:79:e3:ef:30:d0:af:10:9a:
         f9:84:0e:e0:1d:f7:2d:a8:3d:f5:73:f8:1f:6e:96:7c:6f:1e:
         bd:04:06:b1:c2:e5:1e:e4:b0:32:bc:00:8e:18:5b:f7:32:19:
         55:7c:a8:fe:b6:1a:f3:bc:b7:23:4a:5c:00:ee:8f:b3:75:6b:
         7f:1b:4f:01
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUQrItSl2oC5pqEZtjEWaAk9dxnZkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDBaFw0yNTExMDQwMzQwMDBaMDMxMTAvBgNV
BAMTKEZBMURFNjM0MTJCOTRGRUYwQjAzMkNEMzU1NUJCMTUzMTA1MzZCNEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM7qERPNQCdDkV1TtjxGBbSgIH
+UW6s3h13lMbxs0svla8tkizTItuxZ4972VP1V/1RYJk9kRl/sllVFz2SzH7AmYs
pm3PMNlDxal5ll7PBRC9/fCctAND6H7plhNPH6pZ5PK5oeIzsaf8G2NZewGSgHkm
sgBIjlNUiruS5qLqe9dHzz+Bs4jUv7JeoeE9CjBMe0t9/ImGx3bKeXQG4yf0gsNn
QZo/gMv+jjSVq6i55mGEr5dOf9BUKQ08rQJAS6pDg/yxacqvEgreXP6tNpc1hT4L
uTeEbNaToQICBU6kQRQbAdAwV7EIejrjv8m4L1zgUzDUELUFk29Uw37akRSRAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQU+h3mNBK5T+8LAyzTVVuxUxBTa04wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTQ5Mjk2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcGKgagBQPAAwcEKgagBQQQMA0GCSqGSIb3DQEBCwUA
A4IBAQAo5LrI8wIZ3FjIWy7Byf6BoPeGRYxEV+Pa0t/aiOqIsQw53J9CuLjEhyRv
Ai4em/yTbcPKpvPrpGlIfNYPKl9Rv6L7u56/U3WhC6Y8QeDfZrLRanHTGgAIFecQ
UCEK/Y4mamG9tKhD4ybSzPK0xNJqnr0vyFLdlFACscDHBz/9w81YYCmqpq0pzgU7
521Ck9NgavFkeWU+LtX6BREFMoD0fHD/H4/qllITDIaP7/07AZYLYS4Y4MDLoFji
jtyZeePvMNCvEJr5hA7gHfctqD31c/gfbpZ8bx69BAaxwuUe5LAyvACOGFv3MhlV
fKj+thrzvLcjSlwA7o+zdWt/G08B
-----END CERTIFICATE-----