Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS208796.roa
File:                     AS208796.roa (raw, json)
Hash identifier:          sMSWQRuO8fbusnyLmuoWbcA6RLvDJUF3Ehp+F6sgbL4=
Subject key identifier:   D2:E8:0E:05:DE:B9:2A:89:9A:D0:65:81:95:1C:BE:6B:07:40:22:FE
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       7EB917CD642901580EE44BC1C6678F851C4374D5
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS208796.roa
Signing time:             Fri 08 Nov 2024 22:40:12 +0000
ROA not before:           Fri 08 Nov 2024 22:35:12 +0000
ROA not after:            Fri 07 Nov 2025 22:40:12 +0000
asID:                     208796
IP address blocks:        2a06:a005:d4f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:b9:17:cd:64:29:01:58:0e:e4:4b:c1:c6:67:8f:85:1c:43:74:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  8 22:35:12 2024 GMT
            Not After : Nov  7 22:40:12 2025 GMT
        Subject: CN=D2E80E05DEB92A899AD06581951CBE6B074022FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:05:2e:e5:42:21:45:35:de:a7:01:00:f5:04:
                    d8:e6:88:b9:42:b2:12:95:3e:d5:dd:4b:15:13:dc:
                    44:dd:44:67:d4:fb:6e:7b:53:26:76:83:48:b5:7a:
                    f8:ea:a3:7e:47:55:84:22:f6:18:b3:eb:d4:3e:cb:
                    c4:28:7c:3d:b3:d3:24:57:ea:9e:a2:19:cd:8b:3d:
                    1f:a3:13:7b:01:2f:a7:22:97:29:e6:25:f2:cf:5d:
                    d4:9c:88:a8:81:58:8e:11:ef:5b:2e:08:c8:a6:7a:
                    a8:d1:ab:66:f7:72:4d:84:e1:7d:18:f6:76:b1:62:
                    8d:cf:8f:9c:9c:e0:aa:c0:5b:57:61:80:b6:4d:3c:
                    a4:3c:30:ae:72:5a:95:a2:10:62:e0:f8:9d:f1:76:
                    92:fa:2b:48:d9:0a:ac:c9:44:60:3b:0e:5f:a3:2d:
                    17:48:a2:49:49:08:56:e9:a3:9f:16:3a:d7:6f:22:
                    63:17:d8:de:e2:dd:35:5c:7e:75:19:72:6e:c6:33:
                    01:1f:f5:cb:7a:ae:9d:97:92:c7:db:90:24:91:3b:
                    71:39:e9:ac:5a:d1:72:e0:ee:d8:c1:da:55:a0:5b:
                    2e:96:50:32:56:a5:3f:a5:38:fc:d0:4c:74:cc:dc:
                    17:98:43:4f:b5:95:d8:61:00:dd:38:b3:73:8e:b2:
                    d1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:E8:0E:05:DE:B9:2A:89:9A:D0:65:81:95:1C:BE:6B:07:40:22:FE
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS208796.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:d4f::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:a4:d9:3d:12:ef:d5:37:f0:2d:81:50:22:0e:83:49:db:b6:
         6f:db:e1:63:e0:41:3d:a7:f2:26:b7:64:4d:77:79:e7:78:8a:
         b6:47:7a:08:8b:42:e8:da:64:ee:3b:52:ae:02:e7:05:6b:24:
         8f:22:66:df:04:f5:02:5e:df:a4:09:a5:5c:44:35:18:4b:f4:
         e4:7f:46:c1:b4:03:d5:e5:d5:73:42:b7:23:95:d3:f7:60:40:
         8f:8a:3e:98:d2:93:70:b6:c0:5e:fa:72:28:f9:aa:24:4d:23:
         ac:e3:cf:ec:b3:c1:e5:44:05:52:b2:c8:25:53:e4:73:7d:0b:
         32:13:ea:99:83:67:17:90:7b:60:49:b8:2a:ed:d3:3c:8e:01:
         c7:25:cd:4e:47:02:88:34:62:a8:e2:d0:fd:af:8a:74:fb:3d:
         13:32:9d:0b:9d:5d:9c:1e:12:28:7c:e9:48:7a:86:a7:db:e6:
         da:a8:4d:80:aa:1d:ea:81:85:56:3f:26:6d:08:e2:c0:a0:68:
         86:65:37:f6:07:ba:51:b1:0b:60:7b:44:f1:73:50:7d:c8:a5:
         b4:88:ec:3c:fd:ba:7f:c4:22:92:b2:9a:b0:59:d5:08:c4:05:
         9a:1b:b7:c0:82:d3:25:eb:44:c3:c4:6d:5b:ed:43:1d:8c:d1:
         7f:3e:3c:e7
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUfrkXzWQpAVgO5EvBxmePhRxDdNUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDgyMjM1MTJaFw0yNTExMDcyMjQwMTJaMDMxMTAvBgNV
BAMTKEQyRTgwRTA1REVCOTJBODk5QUQwNjU4MTk1MUNCRTZCMDc0MDIyRkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiBS7lQiFFNd6nAQD1BNjmiLlC
shKVPtXdSxUT3ETdRGfU+257UyZ2g0i1evjqo35HVYQi9hiz69Q+y8QofD2z0yRX
6p6iGc2LPR+jE3sBL6cilynmJfLPXdSciKiBWI4R71suCMimeqjRq2b3ck2E4X0Y
9naxYo3Pj5yc4KrAW1dhgLZNPKQ8MK5yWpWiEGLg+J3xdpL6K0jZCqzJRGA7Dl+j
LRdIoklJCFbpo58WOtdvImMX2N7i3TVcfnUZcm7GMwEf9ct6rp2XksfbkCSRO3E5
6axa0XLg7tjB2lWgWy6WUDJWpT+lOPzQTHTM3BeYQ0+1ldhhAN04s3OOstE7AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU0ugOBd65Koma0GWBlRy+awdAIv4wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA4Nzk2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQ1PMA0GCSqGSIb3DQEBCwUAA4IBAQBXpNk9
Eu/VN/AtgVAiDoNJ27Zv2+Fj4EE9p/Imt2RNd3nneIq2R3oIi0Lo2mTuO1KuAucF
aySPImbfBPUCXt+kCaVcRDUYS/Tkf0bBtAPV5dVzQrcjldP3YECPij6Y0pNwtsBe
+nIo+aokTSOs48/ss8HlRAVSssglU+RzfQsyE+qZg2cXkHtgSbgq7dM8jgHHJc1O
RwKINGKo4tD9r4p0+z0TMp0LnV2cHhIofOlIeoan2+baqE2Aqh3qgYVWPyZtCOLA
oGiGZTf2B7pRsQtge0Txc1B9yKW0iOw8/bp/xCKSspqwWdUIxAWaG7fAgtMl60TD
xG1b7UMdjNF/Pjzn
-----END CERTIFICATE-----