Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS208680.roa
File:                     AS208680.roa (raw, json)
Hash identifier:          0Dg5e4lM5kPVvvuEpw/y8RU/QHSiDvaqAIVi/upUYSM=
Subject key identifier:   E5:9E:54:5E:47:CA:C1:D4:08:A5:51:3F:36:47:AD:F9:5F:5D:19:F3
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       3201BC6CC69D1617F0703D65B1A7C5FF3001E42E
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS208680.roa
Signing time:             Tue 05 Nov 2024 03:40:08 +0000
ROA not before:           Tue 05 Nov 2024 03:35:08 +0000
ROA not after:            Tue 04 Nov 2025 03:40:08 +0000
asID:                     208680
IP address blocks:        2a06:a005:2f0::/44 maxlen: 48
                          2a06:a005:300::/44 maxlen: 48
                          2a06:a005:310::/44 maxlen: 48
                          2a06:a005:320::/44 maxlen: 48
                          2a06:a005:330::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:01:bc:6c:c6:9d:16:17:f0:70:3d:65:b1:a7:c5:ff:30:01:e4:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:08 2024 GMT
            Not After : Nov  4 03:40:08 2025 GMT
        Subject: CN=E59E545E47CAC1D408A5513F3647ADF95F5D19F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:87:bf:45:df:50:c1:7a:ca:ce:c3:f0:ed:56:
                    7e:4f:a3:d8:e1:7e:aa:8d:8b:82:5e:73:69:a8:c6:
                    94:d5:63:ca:db:d2:2a:30:48:92:5f:f5:a4:da:e9:
                    6c:5f:36:4e:49:5d:42:51:99:70:ef:b2:52:c4:4b:
                    51:bd:06:e7:c8:71:fd:50:5f:21:8f:70:0e:b6:5a:
                    0b:d3:a9:81:e7:e5:95:49:6e:da:3a:a0:3e:42:23:
                    d6:ed:52:39:41:53:54:ae:5e:43:27:b5:88:d2:71:
                    33:28:a8:a0:26:08:3c:90:cd:fe:7d:53:3e:cd:b1:
                    25:be:61:39:bb:e5:0f:5c:25:e0:3b:47:0d:2c:00:
                    84:af:df:b0:e2:07:ab:d0:04:76:5e:d8:bb:df:c5:
                    04:92:0c:4b:8b:af:ab:4b:55:3d:b8:c0:f0:3f:1f:
                    48:0e:e3:70:5c:ba:7d:85:b1:39:fc:34:36:08:7a:
                    c6:a4:2a:9e:b2:b1:cb:ad:6b:86:c3:6b:d6:4f:b9:
                    96:b9:6a:e6:5d:d3:73:09:ef:84:d5:86:a1:4e:c7:
                    b1:4a:0e:c6:71:52:cb:8c:04:fa:98:ba:b5:80:85:
                    43:0c:fb:76:16:20:1e:cc:80:cc:99:af:fb:e7:55:
                    aa:a1:b1:2b:a6:ab:e8:49:d7:47:09:64:b6:a3:4e:
                    5c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:9E:54:5E:47:CA:C1:D4:08:A5:51:3F:36:47:AD:F9:5F:5D:19:F3
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS208680.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2f0::-2a06:a005:33f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         3c:9b:88:79:7f:e7:17:22:a6:12:c2:b7:7c:bc:93:9c:56:c0:
         c5:9d:c3:02:6e:c0:6e:0b:df:7f:65:1d:d7:90:d0:df:78:b6:
         a4:84:4d:b4:c2:4c:51:f3:9f:08:16:24:04:38:51:6a:62:59:
         c8:ea:dc:dd:37:52:43:56:fb:07:9a:15:89:db:8a:ad:a1:33:
         80:8b:5f:57:f1:e8:3f:f1:1b:b5:50:e4:da:4c:88:2a:37:be:
         9f:5d:7c:ef:b1:32:f2:fa:ae:3e:88:ac:83:e0:e2:58:ff:73:
         7f:84:28:46:7b:24:78:c1:93:e7:88:f3:1b:ba:83:c7:25:83:
         9c:ed:d2:4d:d8:88:c9:21:f8:55:dc:08:4b:af:07:41:93:a3:
         21:31:d8:06:8a:17:91:59:1d:6d:94:7d:e5:2e:2a:a8:4f:d9:
         1f:2b:64:9a:84:99:0c:8d:01:f1:a9:fd:35:9a:2d:e2:28:68:
         e0:8e:53:62:49:16:8c:38:45:f8:b3:65:a6:bc:ab:89:96:bb:
         9c:c5:88:bf:d3:74:04:bc:76:d6:41:7a:42:0d:75:8f:9a:a9:
         b6:09:b0:b9:01:3d:9d:b3:9f:fa:43:56:ff:3c:c9:85:6a:8c:
         e9:ec:e7:3c:e5:75:72:ac:65:f2:36:08:16:cc:b6:44:53:87:
         43:07:35:29
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUMgG8bMadFhfwcD1lsafF/zAB5C4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDhaFw0yNTExMDQwMzQwMDhaMDMxMTAvBgNV
BAMTKEU1OUU1NDVFNDdDQUMxRDQwOEE1NTEzRjM2NDdBREY5NUY1RDE5RjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGh79F31DBesrOw/DtVn5Po9jh
fqqNi4Jec2moxpTVY8rb0iowSJJf9aTa6WxfNk5JXUJRmXDvslLES1G9BufIcf1Q
XyGPcA62WgvTqYHn5ZVJbto6oD5CI9btUjlBU1SuXkMntYjScTMoqKAmCDyQzf59
Uz7NsSW+YTm75Q9cJeA7Rw0sAISv37DiB6vQBHZe2LvfxQSSDEuLr6tLVT24wPA/
H0gO43Bcun2FsTn8NDYIesakKp6yscuta4bDa9ZPuZa5auZd03MJ74TVhqFOx7FK
DsZxUsuMBPqYurWAhUMM+3YWIB7MgMyZr/vnVaqhsSumq+hJ10cJZLajTlxJAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQU5Z5UXkfKwdQIpVE/Nket+V9dGfMwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA4NjgwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEH
AQH/BB4wHDAaBAIAAjAUMBIDBwQqBqAFAvADBwYqBqAFAwAwDQYJKoZIhvcNAQEL
BQADggEBADybiHl/5xciphLCt3y8k5xWwMWdwwJuwG4L339lHdeQ0N94tqSETbTC
TFHznwgWJAQ4UWpiWcjq3N03UkNW+weaFYnbiq2hM4CLX1fx6D/xG7VQ5NpMiCo3
vp9dfO+xMvL6rj6IrIPg4lj/c3+EKEZ7JHjBk+eI8xu6g8clg5zt0k3YiMkh+FXc
CEuvB0GToyEx2AaKF5FZHW2UfeUuKqhP2R8rZJqEmQyNAfGp/TWaLeIoaOCOU2JJ
Fow4RfizZaa8q4mWu5zFiL/TdAS8dtZBekINdY+aqbYJsLkBPZ2zn/pDVv88yYVq
jOns5zzldXKsZfI2CBbMtkRTh0MHNSk=
-----END CERTIFICATE-----