Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS199914.roa
File:                     AS199914.roa (raw, json)
Hash identifier:          v6bJBy7fGxdpFcgrP+zflOTxsMOC/2XC/tpUHw3OExY=
Subject key identifier:   5C:9C:EE:0F:56:8D:86:5F:94:A1:85:26:56:90:50:EC:11:C6:6C:42
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       2BBFC22E20BDB357C904EEB267640788E5297E2D
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS199914.roa
Signing time:             Tue 16 Jan 2024 21:44:21 +0000
ROA not before:           Tue 16 Jan 2024 21:39:21 +0000
ROA not after:            Tue 14 Jan 2025 21:44:21 +0000
asID:                     199914
IP address blocks:        2a06:a005:1808::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:bf:c2:2e:20:bd:b3:57:c9:04:ee:b2:67:64:07:88:e5:29:7e:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan 16 21:39:21 2024 GMT
            Not After : Jan 14 21:44:21 2025 GMT
        Subject: CN=5C9CEE0F568D865F94A18526569050EC11C66C42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e2:9c:cd:bd:9b:1e:de:14:00:22:c9:eb:b8:
                    87:5c:bf:0d:1f:cb:f9:9d:1a:66:5c:d2:a5:bd:88:
                    59:8e:ec:81:e0:06:c1:c9:b3:8b:dd:22:47:77:e1:
                    39:ca:8f:1f:20:26:a1:5c:62:3a:9b:92:19:ad:5b:
                    6c:dc:a8:fc:af:83:67:1f:06:37:96:0e:db:c8:b1:
                    48:15:ec:2a:17:ff:51:ce:3e:b8:e3:44:05:1a:45:
                    21:a5:17:b4:8b:1b:af:de:10:38:15:28:41:b9:b7:
                    bf:07:82:81:85:6e:b2:68:b3:e1:67:16:a1:26:40:
                    9b:c9:7d:47:9e:a0:f1:c8:3b:86:f7:c7:78:6f:b0:
                    48:66:06:8a:d9:c8:42:75:9e:6e:e4:9e:dc:4d:76:
                    1b:be:ef:2d:ce:ec:9e:00:78:c0:69:d4:9c:5d:ef:
                    60:fe:32:49:cc:a3:62:a8:55:ef:d7:da:78:69:bf:
                    2e:9c:48:d2:83:aa:01:7a:55:ca:b2:bf:9a:50:27:
                    99:2f:8d:67:26:4f:9e:e5:8e:f0:cf:2a:76:b2:77:
                    28:61:6f:35:9e:c6:c7:95:03:b5:53:be:6c:61:33:
                    19:3a:75:1a:57:b4:db:0b:be:04:de:6b:59:33:96:
                    1d:dc:74:d5:d0:20:d1:09:57:f7:b0:a7:01:6f:36:
                    c3:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:9C:EE:0F:56:8D:86:5F:94:A1:85:26:56:90:50:EC:11:C6:6C:42
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS199914.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1808::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:11:55:72:02:60:eb:08:74:45:a7:4c:b4:f5:96:3e:6d:5a:
         4b:dc:b9:08:0e:be:07:06:2a:00:03:67:1e:11:bd:67:c3:21:
         8a:ac:8a:d8:7f:92:24:90:61:44:a5:dc:d0:d6:15:d0:2b:e8:
         11:bc:2c:1b:49:f4:8b:97:fb:75:57:5d:ec:ab:5e:cc:d4:0a:
         f1:c7:bc:e9:e6:b6:91:94:b0:60:47:b2:2a:e6:64:f0:b7:27:
         f5:a6:21:c4:25:12:57:33:25:2f:9f:9d:e5:fa:c8:aa:c8:d3:
         c1:8b:3b:95:31:35:3b:76:58:29:8c:ab:4b:fa:3c:57:68:89:
         62:e3:f5:10:61:d7:5a:64:bc:3b:df:eb:98:52:3c:0a:98:5f:
         fe:67:fc:e5:c7:2b:5c:31:09:a1:a4:7a:e7:74:52:53:0c:a9:
         52:19:ca:15:ba:dc:98:6d:6c:af:4a:a2:a5:df:dc:77:03:90:
         e1:d6:6a:ca:17:6a:20:73:fb:1b:8e:bd:a4:b8:67:03:98:a4:
         cd:f2:ec:e3:14:ff:57:1a:b4:5a:0d:ba:2d:8b:ea:9a:be:5c:
         6b:f6:67:2e:eb:c4:2f:41:20:98:01:de:df:51:92:6e:aa:c1:
         ee:f4:c6:80:5a:fb:ca:c4:ed:12:4e:2d:0c:56:bd:24:c7:9b:
         41:4b:76:e0
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUK7/CLiC9s1fJBO6yZ2QHiOUpfi0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMTYyMTM5MjFaFw0yNTAxMTQyMTQ0MjFaMDMxMTAvBgNV
BAMTKDVDOUNFRTBGNTY4RDg2NUY5NEExODUyNjU2OTA1MEVDMTFDNjZDNDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt4pzNvZse3hQAIsnruIdcvw0f
y/mdGmZc0qW9iFmO7IHgBsHJs4vdIkd34TnKjx8gJqFcYjqbkhmtW2zcqPyvg2cf
BjeWDtvIsUgV7CoX/1HOPrjjRAUaRSGlF7SLG6/eEDgVKEG5t78HgoGFbrJos+Fn
FqEmQJvJfUeeoPHIO4b3x3hvsEhmBorZyEJ1nm7kntxNdhu+7y3O7J4AeMBp1Jxd
72D+MknMo2KoVe/X2nhpvy6cSNKDqgF6Vcqyv5pQJ5kvjWcmT57ljvDPKnaydyhh
bzWexseVA7VTvmxhMxk6dRpXtNsLvgTea1kzlh3cdNXQINEJV/ewpwFvNsPzAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUXJzuD1aNhl+UoYUmVpBQ7BHGbEIwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MTk5OTE0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBRgIMA0GCSqGSIb3DQEBCwUAA4IBAQCUEVVy
AmDrCHRFp0y09ZY+bVpL3LkIDr4HBioAA2ceEb1nwyGKrIrYf5IkkGFEpdzQ1hXQ
K+gRvCwbSfSLl/t1V13sq17M1Arxx7zp5raRlLBgR7Iq5mTwtyf1piHEJRJXMyUv
n53l+siqyNPBizuVMTU7dlgpjKtL+jxXaIli4/UQYddaZLw73+uYUjwKmF/+Z/zl
xytcMQmhpHrndFJTDKlSGcoVutyYbWyvSqKl39x3A5Dh1mrKF2ogc/sbjr2kuGcD
mKTN8uzjFP9XGrRaDboti+qavlxr9mcu68QvQSCYAd7fUZJuqsHu9MaAWvvKxO0S
Ti0MVr0kx5tBS3bg
-----END CERTIFICATE-----