Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          ziokIkoHOgSfHhliuOm0howrqE22v8g8uMnLJxw8brI=
Subject key identifier:   ED:72:95:F7:0D:92:5C:37:09:74:74:41:01:F6:AF:B2:18:A2:B5:7F
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       6D55B7D5B5F21E0FA8D022EDDC00FB9F14A81ADA
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS16509.roa
Signing time:             Sun 22 Sep 2024 03:39:59 +0000
ROA not before:           Sun 22 Sep 2024 03:34:59 +0000
ROA not after:            Sun 21 Sep 2025 03:39:59 +0000
asID:                     16509
IP address blocks:        2a0a:6043::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:55:b7:d5:b5:f2:1e:0f:a8:d0:22:ed:dc:00:fb:9f:14:a8:1a:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Sep 22 03:34:59 2024 GMT
            Not After : Sep 21 03:39:59 2025 GMT
        Subject: CN=ED7295F70D925C370974744101F6AFB218A2B57F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f7:b9:69:08:aa:92:de:7d:43:6c:c9:45:0c:
                    a9:68:22:6b:63:86:48:ff:6b:cc:05:9a:1f:ce:29:
                    20:1b:24:79:0f:79:7a:e4:a6:61:f7:4a:26:f5:2f:
                    a9:ab:c0:c6:31:83:81:d3:a8:1c:de:86:7f:ca:78:
                    30:22:c2:1e:1b:9f:4b:f3:69:cc:9f:92:df:4b:43:
                    1b:be:37:18:e2:bf:d9:c1:4a:1a:a3:d3:44:49:5e:
                    1e:b1:a8:98:b9:64:29:f0:b2:89:e2:95:aa:47:0c:
                    ef:ee:c5:c3:08:ed:b7:6a:9f:9d:59:66:67:4c:09:
                    01:07:57:46:22:a9:27:cd:49:77:ae:21:5f:db:49:
                    a7:4c:e9:c7:b6:cd:1d:be:56:51:05:84:64:c6:f4:
                    1d:de:ac:9a:77:81:8a:b1:6a:18:f9:e4:3d:27:26:
                    1b:0c:99:3a:93:f8:25:85:23:7f:d9:c5:9d:16:18:
                    2e:19:09:04:1c:54:b6:00:b2:0e:13:b7:4e:ac:b0:
                    ba:3d:0b:65:16:19:7b:d1:ed:37:05:1d:bd:33:2c:
                    ff:a3:11:c4:f7:f3:13:fd:d6:1e:81:ed:4f:80:91:
                    01:8d:8e:e9:46:8b:6c:f8:44:a9:61:ac:0c:6f:c1:
                    d1:dc:87:b1:a6:2c:21:e3:9e:f5:7f:9c:d1:f7:b6:
                    ab:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:72:95:F7:0D:92:5C:37:09:74:74:41:01:F6:AF:B2:18:A2:B5:7F
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6043::/40

    Signature Algorithm: sha256WithRSAEncryption
         2b:aa:3e:f9:9e:78:5c:fc:2d:87:61:be:ff:45:89:a9:1c:ac:
         1d:93:fb:c8:25:c1:3a:51:b0:3d:7b:ac:9b:2f:0c:18:fa:bf:
         aa:28:a5:dc:89:b4:85:69:d7:35:ca:15:5f:c7:08:3b:b1:36:
         ca:1e:12:b0:8a:ff:84:3d:4a:86:15:1a:32:69:59:bd:9c:f3:
         9c:69:5f:9a:84:be:a6:80:14:cd:31:27:da:95:63:ed:28:e0:
         d1:a0:a5:6e:3d:6f:7f:28:bf:cc:1b:7d:d0:6f:d8:44:0f:69:
         25:22:33:10:0e:3b:1b:50:00:4a:a7:8b:0d:a6:9a:e1:5a:b4:
         98:f0:65:45:39:11:cb:1c:e8:54:00:6f:a2:87:cc:a1:66:93:
         d9:01:3a:bd:15:b4:fe:cf:ef:fc:66:21:27:c9:5e:1d:cb:d5:
         ae:62:6e:cf:34:6a:60:a4:65:86:ce:a7:45:c3:d6:f0:e8:1d:
         2a:de:0a:ff:0a:3a:73:02:98:61:7a:f7:88:ca:ed:d8:6f:af:
         d8:e1:c7:1a:30:f2:72:8a:b2:06:72:0a:1e:c5:90:3f:a9:5d:
         62:e6:de:5f:d1:09:46:78:a2:a5:5f:94:b0:3a:2a:38:eb:52:
         f2:0e:03:1f:c8:a3:2e:03:c2:4c:72:85:34:90:b7:dd:16:1a:
         02:de:f6:cc
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIUbVW31bXyHg+o0CLt3AD7nxSoGtowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA5MjIwMzM0NTlaFw0yNTA5MjEwMzM5NTlaMDMxMTAvBgNV
BAMTKEVENzI5NUY3MEQ5MjVDMzcwOTc0NzQ0MTAxRjZBRkIyMThBMkI1N0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu97lpCKqS3n1DbMlFDKloImtj
hkj/a8wFmh/OKSAbJHkPeXrkpmH3Sib1L6mrwMYxg4HTqBzehn/KeDAiwh4bn0vz
acyfkt9LQxu+Nxjiv9nBShqj00RJXh6xqJi5ZCnwsonilapHDO/uxcMI7bdqn51Z
ZmdMCQEHV0YiqSfNSXeuIV/bSadM6ce2zR2+VlEFhGTG9B3erJp3gYqxahj55D0n
JhsMmTqT+CWFI3/ZxZ0WGC4ZCQQcVLYAsg4Tt06ssLo9C2UWGXvR7TcFHb0zLP+j
EcT38xP91h6B7U+AkQGNjulGi2z4RKlhrAxvwdHch7GmLCHjnvV/nNH3tquDAgMB
AAGjggHwMIIB7DAdBgNVHQ4EFgQU7XKV9w2SXDcJdHRBAfavshiitX8wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTY1MDkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcB
Af8EEjAQMA4EAgACMAgDBgAqCmBDADANBgkqhkiG9w0BAQsFAAOCAQEAK6o++Z54
XPwth2G+/0WJqRysHZP7yCXBOlGwPXusmy8MGPq/qiil3Im0hWnXNcoVX8cIO7E2
yh4SsIr/hD1KhhUaMmlZvZzznGlfmoS+poAUzTEn2pVj7Sjg0aClbj1vfyi/zBt9
0G/YRA9pJSIzEA47G1AASqeLDaaa4Vq0mPBlRTkRyxzoVABvoofMoWaT2QE6vRW0
/s/v/GYhJ8leHcvVrmJuzzRqYKRlhs6nRcPW8OgdKt4K/wo6cwKYYXr3iMrt2G+v
2OHHGjDycoqyBnIKHsWQP6ldYubeX9EJRniipV+UsDoqOOtS8g4DH8ijLgPCTHKF
NJC33RYaAt72zA==
-----END CERTIFICATE-----