Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          UqSPfebCqs4MShAiMnV8LtVJs9FzWFhg8nJUNnRj3v0=
Subject key identifier:   E6:7B:D8:B3:4E:DC:D6:2D:6A:CD:96:1A:9E:9D:82:20:7F:FA:1E:B5
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       4C58D0882AD5A7C3E045941FF5433CE309A8AB29
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS16509.roa
Signing time:             Sun 22 Oct 2023 03:35:16 +0000
ROA not before:           Sun 22 Oct 2023 03:30:16 +0000
ROA not after:            Sun 20 Oct 2024 03:35:16 +0000
asID:                     16509
IP address blocks:        2a0a:6043::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:58:d0:88:2a:d5:a7:c3:e0:45:94:1f:f5:43:3c:e3:09:a8:ab:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Oct 22 03:30:16 2023 GMT
            Not After : Oct 20 03:35:16 2024 GMT
        Subject: CN=E67BD8B34EDCD62D6ACD961A9E9D82207FFA1EB5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:ff:89:3e:f7:23:51:f2:3d:db:c8:c1:a1:e8:
                    1c:05:98:bd:75:06:4c:62:a3:f4:d6:f9:5b:3b:df:
                    2a:68:dd:a8:8e:3d:f3:7b:67:17:b8:85:f4:a0:3d:
                    ae:96:97:9d:1f:87:55:8b:97:64:46:9c:aa:5b:64:
                    f7:9f:fd:82:06:19:ef:01:d5:19:c3:26:37:c5:fd:
                    2e:1e:92:89:d7:e1:02:c4:52:66:ae:0e:d0:f0:5a:
                    cf:be:cd:ef:40:3f:e9:c2:da:07:20:89:63:84:8c:
                    34:95:0f:61:df:cc:41:c5:c0:b6:72:99:16:62:40:
                    20:c6:18:a2:da:e8:da:59:13:a8:61:16:65:1f:31:
                    99:33:84:8d:9d:28:02:f3:0f:a8:f6:77:13:d2:41:
                    78:81:14:8b:b0:4b:0b:c8:f1:cc:86:d2:cc:2f:d4:
                    07:97:55:6a:7c:c4:9c:e3:c1:c6:1c:17:36:3f:ed:
                    b1:64:12:6f:86:82:b0:80:48:91:c7:86:c7:69:11:
                    3d:02:8d:3f:31:f9:c3:b0:ac:5b:10:fd:a3:b8:49:
                    cc:b1:7e:7b:d8:de:e8:c0:2d:26:18:d2:71:be:25:
                    09:80:8d:8a:3c:18:b9:32:0f:62:c8:67:bc:a7:4f:
                    da:54:5e:25:f4:be:98:4f:3c:52:1c:65:85:38:a5:
                    8d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:7B:D8:B3:4E:DC:D6:2D:6A:CD:96:1A:9E:9D:82:20:7F:FA:1E:B5
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6043::/40

    Signature Algorithm: sha256WithRSAEncryption
         69:b1:9e:65:73:9a:2f:16:5b:0e:0f:06:b8:18:f4:b2:34:d8:
         42:53:ff:9c:0a:0e:17:d6:69:da:36:db:26:3e:f1:06:40:dd:
         d3:ca:7b:e0:98:2c:88:f1:7f:a0:d4:20:0d:2f:3e:7a:6d:02:
         ff:d6:26:64:0f:06:fd:2b:10:b1:77:db:5a:4f:4a:78:66:0f:
         ed:cc:ba:a0:0d:cd:cd:79:d2:82:42:40:8d:96:63:e8:98:10:
         03:6f:cc:3c:d2:f6:52:f7:97:26:69:5d:9b:4e:07:40:27:c6:
         c1:6c:4e:7b:c8:49:b8:bd:f2:cc:09:a3:02:b5:6e:81:6a:5c:
         92:21:32:46:3e:22:f3:b4:5c:0a:02:5d:31:53:f9:6f:aa:18:
         ee:6d:d2:91:72:35:8f:ef:d4:26:ce:cf:b2:e7:53:a9:b0:87:
         fa:aa:80:07:da:54:c8:65:ed:b1:5a:e6:ae:df:5c:27:30:06:
         8f:36:66:2a:9c:bc:fb:95:ae:25:71:39:a5:91:cb:17:52:6a:
         46:54:5a:21:ef:56:0a:2e:f6:d0:43:11:2c:69:4f:c1:18:97:
         df:51:f2:60:63:d6:91:70:cc:57:c0:03:8f:44:d7:2b:09:7c:
         bd:30:8d:6d:f2:0d:fe:4f:4a:ae:c5:63:e3:b5:04:70:67:d6:
         8f:9d:0d:29
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIUTFjQiCrVp8PgRZQf9UM84wmoqykwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEwMjIwMzMwMTZaFw0yNDEwMjAwMzM1MTZaMDMxMTAvBgNV
BAMTKEU2N0JEOEIzNEVEQ0Q2MkQ2QUNEOTYxQTlFOUQ4MjIwN0ZGQTFFQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDo/4k+9yNR8j3byMGh6BwFmL11
Bkxio/TW+Vs73ypo3aiOPfN7Zxe4hfSgPa6Wl50fh1WLl2RGnKpbZPef/YIGGe8B
1RnDJjfF/S4ekonX4QLEUmauDtDwWs++ze9AP+nC2gcgiWOEjDSVD2HfzEHFwLZy
mRZiQCDGGKLa6NpZE6hhFmUfMZkzhI2dKALzD6j2dxPSQXiBFIuwSwvI8cyG0swv
1AeXVWp8xJzjwcYcFzY/7bFkEm+GgrCASJHHhsdpET0CjT8x+cOwrFsQ/aO4Scyx
fnvY3ujALSYY0nG+JQmAjYo8GLkyD2LIZ7ynT9pUXiX0vphPPFIcZYU4pY1NAgMB
AAGjggHwMIIB7DAdBgNVHQ4EFgQU5nvYs07c1i1qzZYanp2CIH/6HrUwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTY1MDkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcB
Af8EEjAQMA4EAgACMAgDBgAqCmBDADANBgkqhkiG9w0BAQsFAAOCAQEAabGeZXOa
LxZbDg8GuBj0sjTYQlP/nAoOF9Zp2jbbJj7xBkDd08p74JgsiPF/oNQgDS8+em0C
/9YmZA8G/SsQsXfbWk9KeGYP7cy6oA3NzXnSgkJAjZZj6JgQA2/MPNL2UveXJmld
m04HQCfGwWxOe8hJuL3yzAmjArVugWpckiEyRj4i87RcCgJdMVP5b6oY7m3SkXI1
j+/UJs7PsudTqbCH+qqAB9pUyGXtsVrmrt9cJzAGjzZmKpy8+5WuJXE5pZHLF1Jq
RlRaIe9WCi720EMRLGlPwRiX31HyYGPWkXDMV8ADj0TXKwl8vTCNbfIN/k9KrsVj
47UEcGfWj50NKQ==
-----END CERTIFICATE-----