Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209101.roa
File:                     AS209101.roa (raw, json)
Hash identifier:          LHMK9YJ5zx1gzO9iRx/HuoYcZU7c/wU/sjRoN6R67Q0=
Subject key identifier:   B6:52:BC:FF:E1:8F:04:BF:CC:5A:12:EE:E9:3D:FF:28:57:41:30:C7
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       75BE1FFCCE463CDF864F6B609F7A25F135192534
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209101.roa
Signing time:             Tue 12 Dec 2023 21:44:21 +0000
ROA not before:           Tue 12 Dec 2023 21:39:21 +0000
ROA not after:            Tue 10 Dec 2024 21:44:21 +0000
asID:                     209101
IP address blocks:        2a06:a005:2a00::/44 maxlen: 48
                          2a06:a005:2a10::/44 maxlen: 48
                          2a06:a005:2a20::/44 maxlen: 48
                          2a06:a005:2a30::/44 maxlen: 48
                          2a06:a005:2af0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:be:1f:fc:ce:46:3c:df:86:4f:6b:60:9f:7a:25:f1:35:19:25:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec 12 21:39:21 2023 GMT
            Not After : Dec 10 21:44:21 2024 GMT
        Subject: CN=B652BCFFE18F04BFCC5A12EEE93DFF28574130C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:92:cd:20:3a:8a:05:53:a5:47:f5:b9:6d:bd:
                    67:dc:e3:78:85:48:d1:a0:31:56:ba:68:56:e8:c7:
                    11:dd:47:da:81:e1:24:4f:98:3c:7d:5a:e3:c4:43:
                    f2:fa:fd:bf:ac:ae:57:fc:f7:07:74:54:3b:80:e8:
                    59:db:ba:81:8b:96:c1:88:bc:a6:8b:17:ce:22:ff:
                    79:7d:fe:bc:61:6f:ff:77:ba:43:f0:7d:34:e2:10:
                    8d:3b:98:82:e6:ce:01:a2:65:ee:25:0e:03:a6:f7:
                    d1:aa:1e:d9:4e:b7:4c:1a:0e:f3:56:bb:ca:b0:03:
                    4f:77:b2:21:c3:e0:cf:fd:34:17:68:04:08:44:3d:
                    56:23:29:f7:77:4f:56:5f:3c:d7:37:83:26:be:52:
                    7b:61:65:2f:0c:5f:bb:54:63:d0:d5:91:a3:84:3e:
                    f2:90:55:63:db:bd:77:dc:a2:b6:2e:58:d1:65:10:
                    a6:ad:c5:d3:7b:56:fa:06:a0:fa:9b:0a:4b:b1:6d:
                    f4:82:03:04:a9:4b:2e:06:b1:06:25:40:55:66:d1:
                    c1:f2:54:0d:a1:84:20:c4:99:53:ff:ad:2a:04:ec:
                    49:46:cf:98:c4:30:89:0d:c9:0b:ac:b9:db:45:de:
                    ee:24:ff:6b:3f:b1:d5:58:ea:a1:dc:78:c8:5e:99:
                    b5:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:52:BC:FF:E1:8F:04:BF:CC:5A:12:EE:E9:3D:FF:28:57:41:30:C7
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209101.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2a00::/42
                  2a06:a005:2af0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4d:ef:07:dd:fc:d4:4c:e9:da:b5:51:7b:f5:93:21:8d:d5:a0:
         50:6b:da:3e:a4:67:7f:87:31:dc:d1:cd:35:19:0f:df:b6:95:
         bd:44:e5:2d:2a:7b:f2:69:86:0a:8e:c0:ab:ff:f1:93:a8:fd:
         79:6a:bf:75:4b:f1:30:7e:17:3f:a2:12:12:3a:93:83:8e:f0:
         88:6e:af:5b:77:5f:59:db:68:8f:2e:2f:5f:31:1a:35:57:10:
         a5:02:86:0c:75:8c:42:01:8f:4b:52:a0:54:f8:9f:16:46:8c:
         d2:95:28:00:21:32:0d:7d:60:28:a5:45:23:42:6b:98:b1:c3:
         b2:82:78:23:ce:52:49:fe:a2:69:55:d6:90:9c:f1:f0:c0:2d:
         ad:14:1b:fd:9b:4f:77:6c:76:48:f1:df:ea:c0:7b:25:08:66:
         02:4f:5d:d8:3c:a3:20:f6:c4:18:a7:b6:63:dc:b0:26:8c:ae:
         6e:e6:1e:18:fa:fb:f6:a2:54:22:30:89:22:3f:7f:2a:da:ac:
         62:88:24:a1:f9:2f:26:a4:0f:22:cd:28:29:6e:9e:8f:4f:2e:
         2d:e6:f9:12:bf:7e:92:b7:b8:cb:45:37:22:fb:ac:bb:14:68:
         85:76:a5:ab:d3:3c:c2:3c:de:fb:86:8a:21:5a:46:0f:37:86:
         a5:e1:fe:fc
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUdb4f/M5GPN+GT2tgn3ol8TUZJTQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMTIyMTM5MjFaFw0yNDEyMTAyMTQ0MjFaMDMxMTAvBgNV
BAMTKEI2NTJCQ0ZGRTE4RjA0QkZDQzVBMTJFRUU5M0RGRjI4NTc0MTMwQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoks0gOooFU6VH9bltvWfc43iF
SNGgMVa6aFboxxHdR9qB4SRPmDx9WuPEQ/L6/b+srlf89wd0VDuA6FnbuoGLlsGI
vKaLF84i/3l9/rxhb/93ukPwfTTiEI07mILmzgGiZe4lDgOm99GqHtlOt0waDvNW
u8qwA093siHD4M/9NBdoBAhEPVYjKfd3T1ZfPNc3gya+UnthZS8MX7tUY9DVkaOE
PvKQVWPbvXfcorYuWNFlEKatxdN7VvoGoPqbCkuxbfSCAwSpSy4GsQYlQFVm0cHy
VA2hhCDEmVP/rSoE7ElGz5jEMIkNyQusudtF3u4k/2s/sdVY6qHceMhembVdAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUtlK8/+GPBL/MWhLu6T3/KFdBMMcwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA5MTAxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcGKgagBSoAAwcEKgagBSrwMA0GCSqGSIb3DQEBCwUA
A4IBAQBN7wfd/NRM6dq1UXv1kyGN1aBQa9o+pGd/hzHc0c01GQ/ftpW9ROUtKnvy
aYYKjsCr//GTqP15ar91S/Ewfhc/ohISOpODjvCIbq9bd19Z22iPLi9fMRo1VxCl
AoYMdYxCAY9LUqBU+J8WRozSlSgAITINfWAopUUjQmuYscOygngjzlJJ/qJpVdaQ
nPHwwC2tFBv9m093bHZI8d/qwHslCGYCT13YPKMg9sQYp7Zj3LAmjK5u5h4Y+vv2
olQiMIkiP38q2qxiiCSh+S8mpA8izSgpbp6PTy4t5vkSv36St7jLRTci+6y7FGiF
dqWr0zzCPN77hoohWkYPN4al4f78
-----END CERTIFICATE-----