Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS208529.roa
File:                     AS208529.roa (raw, json)
Hash identifier:          iXEVXdRn6fT9hefqF+wEAPmNL+3gG7YoD5LLXefxwv8=
Subject key identifier:   55:58:CE:3F:54:25:22:1C:05:C2:40:B3:B0:71:0C:D0:E6:8A:D1:C2
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       069C6ACA181CE1E36CC9502B8A5BA6B523DA8656
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS208529.roa
Signing time:             Sat 09 Dec 2023 21:44:21 +0000
ROA not before:           Sat 09 Dec 2023 21:39:21 +0000
ROA not after:            Sat 07 Dec 2024 21:44:21 +0000
asID:                     208529
IP address blocks:        2a06:a005:5e7::/48 maxlen: 48
                          2a06:a005:c60::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:9c:6a:ca:18:1c:e1:e3:6c:c9:50:2b:8a:5b:a6:b5:23:da:86:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  9 21:39:21 2023 GMT
            Not After : Dec  7 21:44:21 2024 GMT
        Subject: CN=5558CE3F5425221C05C240B3B0710CD0E68AD1C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:c7:7a:95:b7:b9:79:a4:8c:ec:bd:43:0a:c1:
                    3d:8a:ba:f2:1c:44:59:f2:ba:fb:af:58:9f:f4:9e:
                    f8:3f:0a:8e:97:04:35:aa:34:98:ac:b4:76:4c:37:
                    00:11:d9:6c:d2:0e:9e:b5:79:62:08:f7:3a:96:0a:
                    a6:a5:c1:3d:9a:46:3d:4f:ac:09:c1:a9:f9:ac:3b:
                    0c:31:67:25:e2:1e:a5:32:9d:af:ad:6b:35:86:1f:
                    29:e7:9a:fe:92:a0:e1:85:a0:31:7c:b5:bb:e9:e1:
                    12:62:08:c8:3c:0b:2f:2c:3a:3c:bc:dd:90:66:bd:
                    0d:30:e8:2d:cb:ed:72:09:90:f8:18:83:5e:f2:3c:
                    9b:07:9d:4b:28:6b:b7:1d:b1:a3:ec:da:e8:51:d4:
                    e2:c6:c0:34:c7:41:aa:5e:98:8f:04:33:14:86:6e:
                    8c:90:12:a6:3d:20:e6:a2:33:f2:04:23:d1:10:16:
                    81:71:83:f1:c9:70:4a:9d:e9:ec:ce:f0:68:aa:5b:
                    65:df:24:07:88:0f:29:6c:e1:e4:8f:9c:80:55:82:
                    6a:77:ab:be:49:90:0a:15:ca:64:c4:06:a6:c3:1e:
                    3b:c1:9b:34:52:38:a2:cc:2b:00:7e:26:07:d8:16:
                    95:67:4c:e7:dc:70:de:ec:32:09:0e:4f:23:f6:95:
                    9d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:58:CE:3F:54:25:22:1C:05:C2:40:B3:B0:71:0C:D0:E6:8A:D1:C2
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS208529.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5e7::/48
                  2a06:a005:c60::/44

    Signature Algorithm: sha256WithRSAEncryption
         67:05:9f:7f:9f:5c:0a:af:31:75:b7:2b:ce:1f:c2:2e:81:ca:
         19:8e:09:59:70:c5:4e:f2:4b:a0:93:6d:a7:eb:2f:ef:6f:1e:
         6d:b2:65:17:ec:39:aa:70:a6:94:79:12:8b:b2:e1:cf:96:be:
         26:68:58:03:5a:54:ce:61:86:b3:3f:1f:f6:ea:bd:3c:0b:67:
         66:8c:3c:b5:7d:fd:58:d2:57:cb:7d:fb:21:65:53:f3:d4:34:
         73:30:8a:d0:ca:fc:c1:55:d0:fa:7b:81:6f:dc:18:73:6f:11:
         7c:70:27:24:22:c5:2e:d6:df:10:0e:7b:24:db:ee:0a:37:ac:
         b1:77:ab:c2:b3:cc:76:0a:c4:cd:3a:75:6f:ae:dc:66:6c:77:
         be:7e:fa:94:8f:be:63:9c:2d:34:da:ba:61:ac:2d:ca:34:74:
         1f:a1:8d:52:bc:51:f6:7b:2b:bb:a9:b0:52:e5:fe:4c:5d:b2:
         02:de:a6:25:62:3a:c9:88:9e:91:95:58:07:c9:eb:a2:bc:3c:
         a0:e3:bb:87:93:18:28:56:91:b9:a1:aa:22:84:d8:6e:e3:6d:
         d5:b4:0e:b9:79:c2:a0:72:56:3f:cd:87:27:7d:1a:5e:e9:38:
         cf:93:0a:f7:67:c3:ee:4e:c9:f1:eb:0c:bc:74:a2:e5:cd:1e:
         3d:27:31:31
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUBpxqyhgc4eNsyVArilumtSPahlYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDkyMTM5MjFaFw0yNDEyMDcyMTQ0MjFaMDMxMTAvBgNV
BAMTKDU1NThDRTNGNTQyNTIyMUMwNUMyNDBCM0IwNzEwQ0QwRTY4QUQxQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRx3qVt7l5pIzsvUMKwT2KuvIc
RFnyuvuvWJ/0nvg/Co6XBDWqNJistHZMNwAR2WzSDp61eWII9zqWCqalwT2aRj1P
rAnBqfmsOwwxZyXiHqUyna+tazWGHynnmv6SoOGFoDF8tbvp4RJiCMg8Cy8sOjy8
3ZBmvQ0w6C3L7XIJkPgYg17yPJsHnUsoa7cdsaPs2uhR1OLGwDTHQapemI8EMxSG
boyQEqY9IOaiM/IEI9EQFoFxg/HJcEqd6ezO8GiqW2XfJAeIDyls4eSPnIBVgmp3
q75JkAoVymTEBqbDHjvBmzRSOKLMKwB+JgfYFpVnTOfccN7sMgkOTyP2lZ27AgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUVVjOP1QlIhwFwkCzsHEM0OaK0cIwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA4NTI5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQXnAwcEKgagBQxgMA0GCSqGSIb3DQEBCwUA
A4IBAQBnBZ9/n1wKrzF1tyvOH8IugcoZjglZcMVO8kugk22n6y/vbx5tsmUX7Dmq
cKaUeRKLsuHPlr4maFgDWlTOYYazPx/26r08C2dmjDy1ff1Y0lfLffshZVPz1DRz
MIrQyvzBVdD6e4Fv3BhzbxF8cCckIsUu1t8QDnsk2+4KN6yxd6vCs8x2CsTNOnVv
rtxmbHe+fvqUj75jnC002rphrC3KNHQfoY1SvFH2eyu7qbBS5f5MXbIC3qYlYjrJ
iJ6RlVgHyeuivDyg47uHkxgoVpG5oaoihNhu423VtA65ecKgclY/zYcnfRpe6TjP
kwr3Z8PuTsnx6wy8dKLlzR49JzEx
-----END CERTIFICATE-----