Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS208223.roa
File:                     AS208223.roa (raw, json)
Hash identifier:          3mw8iKpNtsFnQYvmWBW1yx4kKhNFvoECQxAYaYvIZMY=
Subject key identifier:   7D:80:16:E5:91:19:23:59:70:56:59:2F:AE:D1:8C:C7:F1:36:DE:EF
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       0DF7D6C4F106E1EFB13950BCEA70B88E1CBF913D
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS208223.roa
Signing time:             Tue 05 Nov 2024 03:40:09 +0000
ROA not before:           Tue 05 Nov 2024 03:35:09 +0000
ROA not after:            Tue 04 Nov 2025 03:40:09 +0000
asID:                     208223
IP address blocks:        2a06:a005:4de::/48 maxlen: 48
                          2a06:a005:770::/44 maxlen: 48
                          2a06:a005:890::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:f7:d6:c4:f1:06:e1:ef:b1:39:50:bc:ea:70:b8:8e:1c:bf:91:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:09 2024 GMT
            Not After : Nov  4 03:40:09 2025 GMT
        Subject: CN=7D8016E5911923597056592FAED18CC7F136DEEF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:39:94:94:4a:54:53:2a:a8:37:dd:a9:1a:83:
                    a3:f9:a9:33:b3:7c:19:25:16:1a:ee:15:c3:b4:b5:
                    7c:99:8c:d3:2a:44:bd:8d:70:a0:58:c2:3a:b1:67:
                    7f:3a:06:4e:3b:57:21:13:2b:d8:89:bc:01:d1:6d:
                    58:17:9f:62:e5:cf:06:0e:be:27:26:d2:67:b4:01:
                    3f:ad:fa:e5:2b:9a:0a:43:65:6d:dc:59:f8:b5:3f:
                    bc:75:09:20:b1:8c:8d:81:9f:7d:00:16:aa:d3:a0:
                    12:47:53:f5:05:e1:f4:4e:fa:49:90:65:46:79:43:
                    5b:6f:ea:f7:18:8b:32:9f:24:eb:9f:59:4c:56:63:
                    e2:cb:b0:48:3e:9b:2e:90:49:b6:84:d9:dc:ff:ac:
                    b9:aa:c1:72:8f:21:21:b4:3c:cb:2d:89:9f:18:40:
                    f2:74:af:6b:5c:c8:50:d4:84:da:95:a9:e8:fc:bc:
                    ce:06:5b:50:81:53:67:a6:dd:61:5c:0a:66:35:54:
                    b2:af:ed:5b:28:36:85:d0:9a:ad:eb:c7:b9:99:b5:
                    bd:3d:e3:22:fc:6b:35:60:d5:5e:fb:fe:2b:c5:53:
                    6e:89:74:c2:49:a4:5d:d1:ef:da:ef:8c:4b:de:e3:
                    68:19:1a:e8:2b:ef:ed:e6:d6:83:f9:c7:dc:3e:d9:
                    bc:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:80:16:E5:91:19:23:59:70:56:59:2F:AE:D1:8C:C7:F1:36:DE:EF
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS208223.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:4de::/48
                  2a06:a005:770::/44
                  2a06:a005:890::/44

    Signature Algorithm: sha256WithRSAEncryption
         c4:85:ae:f8:9c:db:b2:41:b0:5d:e4:40:86:95:16:9d:f9:31:
         2e:5f:37:1f:d6:8f:bd:ef:79:5b:17:3f:4e:d2:52:d1:8f:cf:
         c1:0c:e3:dd:cc:dc:19:71:7c:2a:88:75:67:de:56:c7:7b:3d:
         4a:e8:62:f6:9d:11:b4:83:3e:fe:63:98:eb:57:ce:44:60:b1:
         59:d1:63:78:a4:5b:eb:e1:1f:c7:96:2c:10:97:13:69:0a:ee:
         36:04:9d:06:d4:2d:43:87:36:c9:90:bb:a4:d3:ee:ff:e0:0f:
         bf:4c:cf:f8:30:1c:7c:9d:04:72:55:44:74:ee:3d:42:48:d2:
         6e:9d:f9:4b:58:dd:2b:b3:90:f8:d8:04:05:da:64:09:99:08:
         88:c9:c5:7a:f2:e6:21:a6:af:fe:56:97:f5:24:51:50:3f:bc:
         6f:27:64:89:29:0e:7e:63:d1:a3:e8:9e:24:8a:58:44:0a:1b:
         35:aa:61:e7:66:23:a5:3c:a5:85:b1:4d:0f:c8:85:67:d8:9f:
         28:b1:1d:4d:90:88:2a:a0:96:01:37:4f:82:af:80:d4:6f:11:
         b4:67:97:06:04:87:07:a8:90:6d:4b:6b:ed:64:4a:09:35:44:
         25:8c:6e:6d:91:77:10:5b:e7:8e:c9:73:e6:40:53:69:ac:5a:
         ab:dc:4f:54
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUDffWxPEG4e+xOVC86nC4jhy/kT0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDlaFw0yNTExMDQwMzQwMDlaMDMxMTAvBgNV
BAMTKDdEODAxNkU1OTExOTIzNTk3MDU2NTkyRkFFRDE4Q0M3RjEzNkRFRUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWOZSUSlRTKqg33akag6P5qTOz
fBklFhruFcO0tXyZjNMqRL2NcKBYwjqxZ386Bk47VyETK9iJvAHRbVgXn2LlzwYO
vicm0me0AT+t+uUrmgpDZW3cWfi1P7x1CSCxjI2Bn30AFqrToBJHU/UF4fRO+kmQ
ZUZ5Q1tv6vcYizKfJOufWUxWY+LLsEg+my6QSbaE2dz/rLmqwXKPISG0PMstiZ8Y
QPJ0r2tcyFDUhNqVqej8vM4GW1CBU2em3WFcCmY1VLKv7VsoNoXQmq3rx7mZtb09
4yL8azVg1V77/ivFU26JdMJJpF3R79rvjEve42gZGugr7+3m1oP5x9w+2bwnAgMB
AAGjggIEMIICADAdBgNVHQ4EFgQUfYAW5ZEZI1lwVlkvrtGMx/E23u8wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA4MjIzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcAKgagBQTeAwcEKgagBQdwAwcEKgagBQiQMA0GCSqG
SIb3DQEBCwUAA4IBAQDEha74nNuyQbBd5ECGlRad+TEuXzcf1o+973lbFz9O0lLR
j8/BDOPdzNwZcXwqiHVn3lbHez1K6GL2nRG0gz7+Y5jrV85EYLFZ0WN4pFvr4R/H
liwQlxNpCu42BJ0G1C1DhzbJkLuk0+7/4A+/TM/4MBx8nQRyVUR07j1CSNJunflL
WN0rs5D42AQF2mQJmQiIycV68uYhpq/+Vpf1JFFQP7xvJ2SJKQ5+Y9Gj6J4kilhE
Chs1qmHnZiOlPKWFsU0PyIVn2J8osR1NkIgqoJYBN0+Cr4DUbxG0Z5cGBIcHqJBt
S2vtZEoJNUQljG5tkXcQW+eOyXPmQFNprFqr3E9U
-----END CERTIFICATE-----