Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209101.roa
File:                     AS209101.roa (raw, json)
Hash identifier:          XqzQxq3FUBb8kCuFLraALwTvdZPEBwTjnlV1H5lkNn4=
Subject key identifier:   BD:5E:D5:E7:8D:AC:C8:31:48:19:17:AB:E6:37:E5:F6:84:EE:45:6F
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       46DC399AD3C41FF4E18FC932EBB68D4A7EFAE044
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209101.roa
Signing time:             Tue 12 Nov 2024 22:40:12 +0000
ROA not before:           Tue 12 Nov 2024 22:35:12 +0000
ROA not after:            Tue 11 Nov 2025 22:40:12 +0000
asID:                     209101
IP address blocks:        2a06:a005:2a00::/44 maxlen: 48
                          2a06:a005:2a10::/44 maxlen: 48
                          2a06:a005:2a20::/44 maxlen: 48
                          2a06:a005:2a30::/44 maxlen: 48
                          2a06:a005:2af0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:dc:39:9a:d3:c4:1f:f4:e1:8f:c9:32:eb:b6:8d:4a:7e:fa:e0:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov 12 22:35:12 2024 GMT
            Not After : Nov 11 22:40:12 2025 GMT
        Subject: CN=BD5ED5E78DACC831481917ABE637E5F684EE456F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:df:c1:5e:a8:a2:4b:0a:c8:5d:c4:fd:88:55:
                    84:82:d7:35:ed:4b:e6:96:52:de:62:b3:ac:b1:be:
                    e2:a5:bd:87:4b:af:8e:37:a4:40:04:04:16:5d:d0:
                    78:7c:96:1e:89:f2:2d:f7:1c:25:fe:85:da:e6:52:
                    0a:e6:79:67:b3:2a:db:21:56:4a:5f:ca:42:1d:da:
                    1c:5e:d2:c0:62:01:74:09:56:7e:cc:23:d4:17:c0:
                    82:b4:8b:f7:e8:32:c1:be:6e:1c:55:b6:53:8e:c1:
                    37:65:8a:d1:34:25:ca:47:fc:2f:d7:4d:7d:eb:ab:
                    67:9d:58:0b:96:47:bf:e0:f0:64:f7:3f:fb:dc:bc:
                    61:b3:2d:34:d9:6b:70:0d:97:f4:0b:69:7e:84:3c:
                    9e:18:4d:b9:c4:87:01:c3:a6:82:fc:38:d0:e2:3b:
                    18:4d:7c:24:37:5a:d2:ec:62:04:c5:38:1e:d2:0c:
                    96:0f:aa:40:34:45:bc:bc:e7:11:c0:2a:c8:ed:d6:
                    d3:83:45:8c:5d:1c:be:8b:ed:09:91:07:98:14:1f:
                    5b:a7:d3:3a:c8:e7:71:a1:43:10:86:e1:ec:5c:58:
                    b6:de:a1:71:fc:7f:e2:d9:c4:6e:17:87:e4:4e:5e:
                    af:f5:b7:88:f8:d9:1c:f5:bc:32:95:0e:df:44:28:
                    29:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:5E:D5:E7:8D:AC:C8:31:48:19:17:AB:E6:37:E5:F6:84:EE:45:6F
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209101.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2a00::/42
                  2a06:a005:2af0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6e:95:2c:a1:77:99:b0:06:77:eb:96:0e:ef:e4:2d:c5:03:35:
         ac:8d:67:71:29:20:4b:5c:7d:95:8b:0f:63:ea:06:5d:8f:72:
         20:7f:44:bf:cc:65:82:64:c1:64:16:59:9a:87:ac:da:e1:bb:
         c0:b9:98:36:54:d2:b5:df:d9:9d:b9:98:fb:2a:49:30:48:b9:
         b2:32:b6:e1:98:b6:87:6d:fb:dc:cc:74:48:70:a7:f8:6c:94:
         e3:68:5b:0e:9a:a1:84:76:38:8a:7f:c0:33:e9:a7:b1:76:05:
         17:06:65:35:d7:e1:82:92:63:b9:13:cd:ab:50:ec:b2:df:70:
         d0:0a:19:d2:fe:aa:7d:87:e6:13:6d:a6:3c:77:e1:10:a5:5d:
         aa:70:46:78:3f:e5:22:e3:d6:5b:19:a6:4f:e3:6b:73:84:5d:
         6d:ac:07:76:48:2b:7a:7a:b5:26:49:c9:e2:dc:5c:92:29:05:
         ae:05:df:94:fd:9b:35:d3:3c:e0:fa:b5:e0:ab:c7:a6:17:66:
         93:0e:08:f7:0a:94:11:a6:9a:a5:36:b5:f3:54:78:6a:f9:fe:
         6f:04:ef:62:d2:01:0f:c8:61:28:48:65:96:c9:76:94:1e:30:
         7a:46:14:88:c5:32:0b:76:49:f8:39:70:c7:62:f3:66:30:05:
         1f:d5:9f:03
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIURtw5mtPEH/Thj8ky67aNSn764EQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMTIyMjM1MTJaFw0yNTExMTEyMjQwMTJaMDMxMTAvBgNV
BAMTKEJENUVENUU3OERBQ0M4MzE0ODE5MTdBQkU2MzdFNUY2ODRFRTQ1NkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF38FeqKJLCshdxP2IVYSC1zXt
S+aWUt5is6yxvuKlvYdLr443pEAEBBZd0Hh8lh6J8i33HCX+hdrmUgrmeWezKtsh
VkpfykId2hxe0sBiAXQJVn7MI9QXwIK0i/foMsG+bhxVtlOOwTdlitE0JcpH/C/X
TX3rq2edWAuWR7/g8GT3P/vcvGGzLTTZa3ANl/QLaX6EPJ4YTbnEhwHDpoL8ONDi
OxhNfCQ3WtLsYgTFOB7SDJYPqkA0Rby85xHAKsjt1tODRYxdHL6L7QmRB5gUH1un
0zrI53GhQxCG4excWLbeoXH8f+LZxG4Xh+ROXq/1t4j42Rz1vDKVDt9EKClfAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUvV7V542syDFIGRer5jfl9oTuRW8wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA5MTAxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcGKgagBSoAAwcEKgagBSrwMA0GCSqGSIb3DQEBCwUA
A4IBAQBulSyhd5mwBnfrlg7v5C3FAzWsjWdxKSBLXH2Viw9j6gZdj3Igf0S/zGWC
ZMFkFlmah6za4bvAuZg2VNK139mduZj7KkkwSLmyMrbhmLaHbfvczHRIcKf4bJTj
aFsOmqGEdjiKf8Az6aexdgUXBmU11+GCkmO5E82rUOyy33DQChnS/qp9h+YTbaY8
d+EQpV2qcEZ4P+Ui49ZbGaZP42tzhF1trAd2SCt6erUmScni3FySKQWuBd+U/Zs1
0zzg+rXgq8emF2aTDgj3CpQRppqlNrXzVHhq+f5vBO9i0gEPyGEoSGWWyXaUHjB6
RhSIxTILdkn4OXDHYvNmMAUf1Z8D
-----END CERTIFICATE-----