Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS199680.roa
File:                     AS199680.roa (raw, json)
Hash identifier:          AGx9ud0XJJSykr2ORr0nLZLjq43iVhRq6eZDVeHrgxI=
Subject key identifier:   35:D3:C3:AA:E4:FD:5A:85:6F:9B:D1:2E:B9:FD:6C:21:0F:C6:D0:8A
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       55135F87983A86CA89816FC12C44D2BC961881EE
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS199680.roa
Signing time:             Wed 31 Jan 2024 12:44:24 +0000
ROA not before:           Wed 31 Jan 2024 12:39:24 +0000
ROA not after:            Wed 29 Jan 2025 12:44:24 +0000
asID:                     199680
IP address blocks:        2a06:a005:180e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:13:5f:87:98:3a:86:ca:89:81:6f:c1:2c:44:d2:bc:96:18:81:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan 31 12:39:24 2024 GMT
            Not After : Jan 29 12:44:24 2025 GMT
        Subject: CN=35D3C3AAE4FD5A856F9BD12EB9FD6C210FC6D08A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:12:76:b3:d1:e7:91:d4:bb:07:13:cd:ff:a1:
                    68:bd:9f:e1:7f:a9:1d:41:b3:7f:86:c3:c6:6a:33:
                    20:7b:96:9f:ee:53:f5:29:26:21:6e:f4:3d:6e:a7:
                    33:9a:45:d2:53:1d:8b:09:b7:68:a4:b1:89:97:72:
                    04:88:3e:e7:a7:40:79:46:99:e0:fd:96:5a:a4:3d:
                    15:35:50:dd:3d:a2:d0:85:da:59:9b:19:3a:18:93:
                    c7:5f:56:55:ad:46:dd:05:22:a1:db:7a:22:01:60:
                    1b:ea:9e:37:55:d1:82:f1:2f:90:74:6f:74:b4:c2:
                    52:1d:91:ac:cc:be:4a:7a:57:17:2f:b8:ab:29:4c:
                    40:02:5b:5a:42:1f:79:77:74:12:7d:8b:e3:9f:98:
                    87:11:02:59:1b:9c:53:71:75:93:bf:53:b2:ca:0c:
                    ad:5d:a2:31:65:99:ba:80:39:85:e2:81:c2:cc:c4:
                    73:59:f6:6d:c2:16:b3:af:3e:32:fc:4c:66:dd:10:
                    6e:e1:e6:73:e7:33:ce:c0:6d:4f:a7:bf:92:33:f9:
                    b0:b8:6e:3e:35:7d:3d:27:39:69:f3:2f:5d:47:4f:
                    65:71:96:ef:22:c6:64:45:e3:02:c8:ba:6f:68:d6:
                    2b:28:56:8d:ca:45:20:2f:23:a2:21:e2:84:17:94:
                    10:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:D3:C3:AA:E4:FD:5A:85:6F:9B:D1:2E:B9:FD:6C:21:0F:C6:D0:8A
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS199680.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:180e::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:81:ef:0f:ed:41:06:b9:da:2e:b9:2b:8d:d6:45:76:fa:e1:
         76:bb:42:34:25:e6:eb:a9:91:1f:0b:74:a6:81:71:f2:d3:44:
         16:27:5d:eb:73:99:c2:fe:b9:38:0c:11:c2:4e:44:91:09:51:
         af:f9:c4:bc:aa:ec:2c:ac:26:02:d2:8d:aa:5d:99:3d:73:df:
         6d:ca:a6:04:3b:69:e8:e3:7b:55:18:55:c6:a8:22:d8:44:e6:
         72:29:1d:59:d1:4c:fc:e6:7e:7a:ac:de:b7:31:cd:ab:26:6d:
         d4:c9:98:26:7e:3e:df:27:47:f9:91:ee:88:1f:00:6a:40:62:
         e2:de:73:43:3d:ca:25:61:16:ba:80:3d:1a:0b:4e:d5:25:53:
         2b:e1:05:70:8b:c7:2e:53:15:70:b3:02:69:6d:79:dc:1f:fa:
         59:4c:af:d3:1e:a8:a1:dc:70:8b:83:a6:7b:6a:87:50:db:e0:
         ee:90:7e:7e:a4:f0:ef:42:7a:bb:93:29:74:b1:46:76:c7:49:
         3a:b2:bf:d6:67:32:00:a0:50:75:32:c6:a2:f0:6a:10:d5:65:
         63:af:41:33:3f:e3:3d:b4:d6:ef:d8:bf:24:a9:92:48:f0:8e:
         96:fc:95:82:7e:1f:f8:d5:e1:8c:fa:e2:f1:d6:bc:30:b2:62:
         44:d7:6a:0d
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUVRNfh5g6hsqJgW/BLETSvJYYge4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMzExMjM5MjRaFw0yNTAxMjkxMjQ0MjRaMDMxMTAvBgNV
BAMTKDM1RDNDM0FBRTRGRDVBODU2RjlCRDEyRUI5RkQ2QzIxMEZDNkQwOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7Enaz0eeR1LsHE83/oWi9n+F/
qR1Bs3+Gw8ZqMyB7lp/uU/UpJiFu9D1upzOaRdJTHYsJt2iksYmXcgSIPuenQHlG
meD9llqkPRU1UN09otCF2lmbGToYk8dfVlWtRt0FIqHbeiIBYBvqnjdV0YLxL5B0
b3S0wlIdkazMvkp6VxcvuKspTEACW1pCH3l3dBJ9i+OfmIcRAlkbnFNxdZO/U7LK
DK1dojFlmbqAOYXigcLMxHNZ9m3CFrOvPjL8TGbdEG7h5nPnM87AbU+nv5Iz+bC4
bj41fT0nOWnzL11HT2Vxlu8ixmRF4wLIum9o1isoVo3KRSAvI6Ih4oQXlBC5AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUNdPDquT9WoVvm9Euuf1sIQ/G0IowHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTk5NjgwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBRgOMA0GCSqGSIb3DQEBCwUAA4IBAQAKge8P
7UEGudouuSuN1kV2+uF2u0I0JebrqZEfC3SmgXHy00QWJ13rc5nC/rk4DBHCTkSR
CVGv+cS8quwsrCYC0o2qXZk9c99tyqYEO2no43tVGFXGqCLYROZyKR1Z0Uz85n56
rN63Mc2rJm3UyZgmfj7fJ0f5ke6IHwBqQGLi3nNDPcolYRa6gD0aC07VJVMr4QVw
i8cuUxVwswJpbXncH/pZTK/THqih3HCLg6Z7aodQ2+DukH5+pPDvQnq7kyl0sUZ2
x0k6sr/WZzIAoFB1Msai8GoQ1WVjr0EzP+M9tNbv2L8kqZJI8I6W/JWCfh/41eGM
+uLx1rwwsmJE12oN
-----END CERTIFICATE-----