Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS198408.roa
File:                     AS198408.roa (raw, json)
Hash identifier:          vFpkRx8NHciUp+Isn8tBbXM3L+X5KyMVewhQWqDf4MA=
Subject key identifier:   3B:D4:71:EF:EE:1D:B6:90:80:53:D9:F0:5E:E8:C0:27:E9:B2:63:25
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       537DFE66C714BBFF722B9EB3A8538B950AE008A5
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS198408.roa
Signing time:             Tue 05 Dec 2023 02:44:14 +0000
ROA not before:           Tue 05 Dec 2023 02:39:14 +0000
ROA not after:            Tue 03 Dec 2024 02:44:14 +0000
asID:                     198408
IP address blocks:        2a06:a005:858::/46 maxlen: 48
                          2a06:a005:1190::/44 maxlen: 48
                          2a06:a005:26c4::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:7d:fe:66:c7:14:bb:ff:72:2b:9e:b3:a8:53:8b:95:0a:e0:08:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:14 2023 GMT
            Not After : Dec  3 02:44:14 2024 GMT
        Subject: CN=3BD471EFEE1DB6908053D9F05EE8C027E9B26325
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:01:ce:23:7d:23:0b:a3:9f:9d:e5:59:72:08:
                    63:51:0b:19:a5:a9:08:6b:11:08:b6:29:c6:67:fa:
                    34:55:82:17:63:ca:3a:ca:c3:6a:0c:55:c7:f9:b2:
                    c2:ce:67:81:cf:11:d3:89:16:2d:7d:25:b0:ca:11:
                    a5:cd:bc:eb:d0:15:06:5e:cf:34:c6:94:93:bc:24:
                    51:50:b6:0d:63:c0:54:89:b6:48:46:73:a9:16:2b:
                    4a:6f:ad:ca:c0:1d:03:00:6a:0c:62:6b:24:82:2e:
                    23:de:d1:ae:4d:44:39:e1:f4:6e:7c:03:8d:c2:5a:
                    e4:dc:67:c2:a4:58:48:68:a4:21:bc:bc:8a:17:39:
                    2c:65:68:cb:16:2d:e5:41:6e:b1:1c:74:9a:d6:d2:
                    8c:e4:af:d0:3d:14:46:c7:99:6b:14:99:b0:7c:7b:
                    5b:ed:09:fc:04:8a:0a:48:13:61:f5:0e:a1:75:8a:
                    99:67:8e:b3:42:16:55:01:04:0d:a1:89:98:08:31:
                    48:10:ed:46:3f:58:f6:ec:40:bf:b9:7c:78:13:3e:
                    72:b8:d2:17:07:59:7f:b0:17:3f:5c:a8:eb:91:e2:
                    40:97:f4:c7:9d:a5:58:4a:38:95:b5:e2:ce:54:34:
                    fa:93:27:9b:11:8a:d4:f9:72:5f:94:0e:ba:51:80:
                    62:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D4:71:EF:EE:1D:B6:90:80:53:D9:F0:5E:E8:C0:27:E9:B2:63:25
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS198408.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:858::/46
                  2a06:a005:1190::/44
                  2a06:a005:26c4::/46

    Signature Algorithm: sha256WithRSAEncryption
         82:b4:a1:8f:0c:a0:04:96:9a:b3:59:9c:c7:db:ba:70:f8:f2:
         2e:a2:5c:ec:36:cf:b8:9f:b6:1c:46:ac:a9:83:01:4a:0a:14:
         f2:13:e6:c1:2f:35:1c:20:ce:0e:35:36:24:ac:88:ed:13:d9:
         49:1a:81:33:2f:00:b1:db:06:f9:1e:94:1c:d9:4c:f9:f6:4f:
         a7:bf:83:81:84:2c:67:5d:ba:6d:ca:30:ab:92:c9:2b:46:f7:
         48:51:66:24:49:25:6a:91:c8:fa:32:4d:b1:82:02:39:13:f0:
         9e:5c:6d:86:f1:df:fd:0e:e5:ec:6e:d5:48:f4:e3:02:da:7e:
         8e:2c:bd:4f:55:85:c4:98:b1:a2:9c:d4:f0:32:68:5b:cc:8b:
         87:23:9e:92:42:d8:fd:99:48:30:29:74:dd:e8:6f:74:e2:62:
         15:cd:f8:42:84:ca:57:ac:db:a9:3b:bb:b2:49:d6:6a:7b:0a:
         cc:ef:9d:14:24:0e:c2:23:01:84:fa:fb:fe:1d:f3:9f:34:75:
         0a:36:11:d9:3c:47:03:3a:91:5c:31:c8:5f:98:18:14:d1:f7:
         83:e2:a7:69:7d:bf:8f:c5:c9:19:ce:ae:da:6b:8b:b8:cd:48:
         9b:29:6f:4d:ba:57:d7:c2:86:03:bf:15:ad:f4:da:b7:1b:bb:
         d2:64:62:45
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUU33+ZscUu/9yK56zqFOLlQrgCKUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTRaFw0yNDEyMDMwMjQ0MTRaMDMxMTAvBgNV
BAMTKDNCRDQ3MUVGRUUxREI2OTA4MDUzRDlGMDVFRThDMDI3RTlCMjYzMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMAc4jfSMLo5+d5VlyCGNRCxml
qQhrEQi2KcZn+jRVghdjyjrKw2oMVcf5ssLOZ4HPEdOJFi19JbDKEaXNvOvQFQZe
zzTGlJO8JFFQtg1jwFSJtkhGc6kWK0pvrcrAHQMAagxiaySCLiPe0a5NRDnh9G58
A43CWuTcZ8KkWEhopCG8vIoXOSxlaMsWLeVBbrEcdJrW0ozkr9A9FEbHmWsUmbB8
e1vtCfwEigpIE2H1DqF1iplnjrNCFlUBBA2hiZgIMUgQ7UY/WPbsQL+5fHgTPnK4
0hcHWX+wFz9cqOuR4kCX9MedpVhKOJW14s5UNPqTJ5sRitT5cl+UDrpRgGJpAgMB
AAGjggIEMIICADAdBgNVHQ4EFgQUO9Rx7+4dtpCAU9nwXujAJ+myYyUwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTk4NDA4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcCKgagBQhYAwcEKgagBRGQAwcCKgagBSbEMA0GCSqG
SIb3DQEBCwUAA4IBAQCCtKGPDKAElpqzWZzH27pw+PIuolzsNs+4n7YcRqypgwFK
ChTyE+bBLzUcIM4ONTYkrIjtE9lJGoEzLwCx2wb5HpQc2Uz59k+nv4OBhCxnXbpt
yjCrkskrRvdIUWYkSSVqkcj6Mk2xggI5E/CeXG2G8d/9DuXsbtVI9OMC2n6OLL1P
VYXEmLGinNTwMmhbzIuHI56SQtj9mUgwKXTd6G904mIVzfhChMpXrNupO7uySdZq
ewrM750UJA7CIwGE+vv+HfOfNHUKNhHZPEcDOpFcMchfmBgU0feD4qdpfb+PxckZ
zq7aa4u4zUibKW9NulfXwoYDvxWt9Nq3G7vSZGJF
-----END CERTIFICATE-----