Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS149953.roa
File:                     AS149953.roa (raw, json)
Hash identifier:          whJWklCP4mCes6R7/6mV0oNUFGXGR8mWdl//l72KpfE=
Subject key identifier:   E8:18:78:BB:44:A1:22:1A:D5:9C:D2:CD:80:F9:7F:0E:0A:B0:60:78
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       6091F887AE94B064DB7A344E91D900F58D9BDA6F
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS149953.roa
Signing time:             Thu 18 Jan 2024 16:44:24 +0000
ROA not before:           Thu 18 Jan 2024 16:39:24 +0000
ROA not after:            Thu 16 Jan 2025 16:44:24 +0000
asID:                     149953
IP address blocks:        2a06:a005:d2e::/48 maxlen: 48
                          2a06:a005:1081::/48 maxlen: 48
                          2a06:a005:1809::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:91:f8:87:ae:94:b0:64:db:7a:34:4e:91:d9:00:f5:8d:9b:da:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan 18 16:39:24 2024 GMT
            Not After : Jan 16 16:44:24 2025 GMT
        Subject: CN=E81878BB44A1221AD59CD2CD80F97F0E0AB06078
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:da:5d:4c:a7:6e:df:02:29:73:22:3c:72:68:
                    3e:61:bf:fe:64:7f:5b:53:61:ac:d6:65:29:ae:cb:
                    3f:92:47:9a:69:ee:de:01:52:7e:00:1a:c9:7f:9d:
                    ff:e1:28:7d:2e:5c:d4:49:69:a1:dc:22:e8:85:8d:
                    5b:e1:e1:e9:6d:ef:71:0f:e6:06:e9:f8:a3:47:d4:
                    0f:5d:3c:bc:b1:15:0a:cd:d3:3e:78:98:24:14:17:
                    f6:68:a7:a9:b2:e2:48:2e:35:93:3f:5a:f1:4e:bf:
                    da:69:a6:68:53:b1:ff:0d:38:8c:bc:6e:91:12:8d:
                    26:69:cb:ed:ad:b0:33:35:60:fa:9d:94:b6:66:e8:
                    d7:81:f6:be:ff:ed:f7:23:eb:66:6b:d4:69:e7:3d:
                    78:5a:3b:b2:5d:59:4d:6c:b4:64:4b:12:d9:c8:58:
                    e2:d9:fe:0c:2c:68:b0:57:a9:20:f3:2f:e4:47:db:
                    f1:bd:62:12:e0:e1:d6:08:f9:d3:03:4f:bd:24:82:
                    43:8f:ed:a8:1f:bf:96:d9:9e:ab:13:17:13:1b:db:
                    54:7d:f4:36:8f:36:08:35:c5:d3:fa:08:72:d2:73:
                    31:b1:8b:02:19:4f:9c:64:f2:e5:37:08:9e:c1:a3:
                    6a:2f:e7:4e:78:83:ed:78:57:8b:bc:d9:80:fd:3a:
                    40:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:18:78:BB:44:A1:22:1A:D5:9C:D2:CD:80:F9:7F:0E:0A:B0:60:78
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS149953.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:d2e::/48
                  2a06:a005:1081::/48
                  2a06:a005:1809::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:61:f4:d7:c7:71:f4:7a:67:6a:1d:0c:e3:60:77:d3:2f:73:
         f0:3b:64:67:2e:11:f6:0d:a9:a7:54:14:34:22:93:b8:bb:d3:
         b4:fb:6a:7a:a7:1a:d4:80:35:b9:62:7e:01:ea:56:7c:ef:d6:
         05:34:85:ca:e5:4e:f9:c7:eb:9e:ee:37:f3:42:92:41:10:b5:
         5d:af:13:83:2b:52:fd:0d:a3:0e:6d:34:5a:5b:9a:be:50:14:
         bc:aa:a6:4f:19:d8:fe:7b:5d:ca:a1:6b:ce:9a:85:4d:a2:b2:
         30:35:ff:e5:3c:89:a6:5c:2a:fc:58:22:c4:c2:04:bd:1a:70:
         19:e1:83:1e:83:56:f5:77:e5:58:49:01:1c:b6:49:82:0c:88:
         2e:83:d8:ec:34:4e:cf:b0:5b:bd:04:0f:5a:65:31:dc:2f:46:
         e4:af:b8:0a:64:d1:f6:d3:33:7a:21:e2:c3:f1:2d:58:1e:fd:
         cd:20:78:23:da:61:79:44:86:f4:1d:7d:8b:a7:d7:e3:93:27:
         0e:a5:2f:49:5e:fe:dc:ef:a4:48:ba:28:78:8c:10:a2:55:61:
         0a:23:46:a6:eb:bf:31:bb:4c:84:c3:be:a6:bb:40:21:cc:ca:
         b0:af:44:c9:ce:c3:29:ba:48:7e:df:4a:ed:9e:58:0a:10:5b:
         3a:8e:f6:28
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUYJH4h66UsGTbejROkdkA9Y2b2m8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMTgxNjM5MjRaFw0yNTAxMTYxNjQ0MjRaMDMxMTAvBgNV
BAMTKEU4MTg3OEJCNDRBMTIyMUFENTlDRDJDRDgwRjk3RjBFMEFCMDYwNzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDd2l1Mp27fAilzIjxyaD5hv/5k
f1tTYazWZSmuyz+SR5pp7t4BUn4AGsl/nf/hKH0uXNRJaaHcIuiFjVvh4elt73EP
5gbp+KNH1A9dPLyxFQrN0z54mCQUF/Zop6my4kguNZM/WvFOv9pppmhTsf8NOIy8
bpESjSZpy+2tsDM1YPqdlLZm6NeB9r7/7fcj62Zr1GnnPXhaO7JdWU1stGRLEtnI
WOLZ/gwsaLBXqSDzL+RH2/G9YhLg4dYI+dMDT70kgkOP7agfv5bZnqsTFxMb21R9
9DaPNgg1xdP6CHLSczGxiwIZT5xk8uU3CJ7Bo2ov5054g+14V4u82YD9OkCHAgMB
AAGjggIEMIICADAdBgNVHQ4EFgQU6Bh4u0ShIhrVnNLNgPl/DgqwYHgwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTQ5OTUzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcAKgagBQ0uAwcAKgagBRCBAwcAKgagBRgJMA0GCSqG
SIb3DQEBCwUAA4IBAQBUYfTXx3H0emdqHQzjYHfTL3PwO2RnLhH2DamnVBQ0IpO4
u9O0+2p6pxrUgDW5Yn4B6lZ879YFNIXK5U75x+ue7jfzQpJBELVdrxODK1L9DaMO
bTRaW5q+UBS8qqZPGdj+e13KoWvOmoVNorIwNf/lPImmXCr8WCLEwgS9GnAZ4YMe
g1b1d+VYSQEctkmCDIgug9jsNE7PsFu9BA9aZTHcL0bkr7gKZNH20zN6IeLD8S1Y
Hv3NIHgj2mF5RIb0HX2Lp9fjkycOpS9JXv7c76RIuih4jBCiVWEKI0am678xu0yE
w76mu0AhzMqwr0TJzsMpukh+30rtnlgKEFs6jvYo
-----END CERTIFICATE-----