Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209218.roa
File:                     AS209218.roa (raw, json)
Hash identifier:          DC7G9WzyRs59iTE8dubnMwo9m8lf8kGw5p5zanXl/Ws=
Subject key identifier:   C8:74:A5:E0:72:D7:B7:2B:86:A4:16:06:D4:34:74:3F:6C:94:5B:18
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       16204F077B420873F3EF57E34040F48CEDC1742E
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209218.roa
Signing time:             Tue 05 Dec 2023 02:44:14 +0000
ROA not before:           Tue 05 Dec 2023 02:39:14 +0000
ROA not after:            Tue 03 Dec 2024 02:44:14 +0000
asID:                     209218
IP address blocks:        2a06:a005:910::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:20:4f:07:7b:42:08:73:f3:ef:57:e3:40:40:f4:8c:ed:c1:74:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:14 2023 GMT
            Not After : Dec  3 02:44:14 2024 GMT
        Subject: CN=C874A5E072D7B72B86A41606D434743F6C945B18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:82:cc:cc:eb:b2:97:2f:c2:89:f0:c1:3d:1e:
                    06:31:60:aa:c5:83:2d:da:c2:08:47:04:e2:96:d9:
                    03:cb:af:ee:0c:9c:fd:c5:a0:04:32:b8:11:b0:3a:
                    17:b8:e7:ee:f4:02:9c:73:ba:ed:2f:6f:3b:df:f0:
                    36:49:f7:3f:54:61:03:84:4b:82:4f:2c:d4:c6:ae:
                    b4:a1:0e:0f:4e:b2:f8:7f:2a:8b:46:a5:52:a0:12:
                    d1:d3:d9:21:3e:df:65:f0:06:2a:1c:76:b4:56:a3:
                    b2:74:91:ad:23:96:99:e7:69:19:75:0b:c1:e4:a6:
                    a7:3e:ff:51:73:1b:f9:4a:a0:83:53:8c:f1:d2:db:
                    85:67:66:8f:39:f5:84:a0:fe:ba:b4:2e:43:2b:6b:
                    5d:79:76:0f:60:a5:28:18:57:70:a7:dc:59:b7:f0:
                    62:c3:13:31:13:72:7d:d6:cc:8d:88:05:42:aa:6c:
                    07:17:a4:0e:43:e4:8d:b8:81:88:7c:e1:bd:52:91:
                    9d:00:57:76:54:94:8c:b7:fd:1a:81:a8:36:6a:cc:
                    a6:7d:c6:79:a9:ac:70:a8:29:12:b1:c5:22:8e:0b:
                    27:4e:c0:8d:84:75:e1:f2:76:e1:a0:25:e0:f5:9d:
                    41:c9:42:94:49:7e:a8:86:63:71:b2:e5:2c:eb:98:
                    f9:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:74:A5:E0:72:D7:B7:2B:86:A4:16:06:D4:34:74:3F:6C:94:5B:18
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209218.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:910::/44

    Signature Algorithm: sha256WithRSAEncryption
         d3:f2:05:dd:ec:5f:d1:b5:61:f7:9e:39:57:7b:53:8f:99:f9:
         d7:4d:9a:04:3e:60:5f:2e:67:55:29:80:3d:07:75:95:ad:29:
         45:5a:02:df:61:a7:73:f3:79:5c:ab:f8:bf:02:34:4e:54:31:
         e7:63:91:1a:e4:c4:92:5b:8e:55:5b:2b:f5:f3:59:5c:a7:0b:
         c4:18:f3:97:6f:a2:02:9b:9b:26:1a:c1:da:39:42:c4:7c:2d:
         78:90:93:b8:fb:e9:72:86:5c:7c:d1:ca:01:ec:86:cd:8c:e1:
         30:14:df:35:2f:a5:9f:a0:92:d1:75:ea:f9:14:a3:8e:24:5e:
         f1:28:44:a9:69:34:af:06:f2:c5:21:bf:32:5c:94:17:87:af:
         b9:51:ea:83:ff:70:fa:79:87:de:f8:6f:0d:d1:59:05:d7:24:
         42:32:22:f7:7d:49:21:b2:56:0f:4e:05:8d:6d:c0:2d:fe:f0:
         68:a4:8b:c6:ff:92:ed:0b:05:0a:fc:4d:20:f7:80:56:8a:42:
         b0:26:75:b6:72:0d:45:67:a3:56:88:e8:e0:8d:ff:ea:81:4c:
         49:cb:91:93:4b:41:93:5a:72:49:af:b2:4f:70:4a:a6:8a:1e:
         2b:56:05:51:23:d5:42:6b:61:a6:98:96:ac:e2:0f:96:3d:a7:
         2e:36:5d:3d
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUFiBPB3tCCHPz71fjQED0jO3BdC4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTRaFw0yNDEyMDMwMjQ0MTRaMDMxMTAvBgNV
BAMTKEM4NzRBNUUwNzJEN0I3MkI4NkE0MTYwNkQ0MzQ3NDNGNkM5NDVCMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzgszM67KXL8KJ8ME9HgYxYKrF
gy3awghHBOKW2QPLr+4MnP3FoAQyuBGwOhe45+70Apxzuu0vbzvf8DZJ9z9UYQOE
S4JPLNTGrrShDg9Osvh/KotGpVKgEtHT2SE+32XwBiocdrRWo7J0ka0jlpnnaRl1
C8Hkpqc+/1FzG/lKoINTjPHS24VnZo859YSg/rq0LkMra115dg9gpSgYV3Cn3Fm3
8GLDEzETcn3WzI2IBUKqbAcXpA5D5I24gYh84b1SkZ0AV3ZUlIy3/RqBqDZqzKZ9
xnmprHCoKRKxxSKOCydOwI2EdeHyduGgJeD1nUHJQpRJfqiGY3Gy5SzrmPknAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUyHSl4HLXtyuGpBYG1DR0P2yUWxgwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA5MjE4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQkQMA0GCSqGSIb3DQEBCwUAA4IBAQDT8gXd
7F/RtWH3njlXe1OPmfnXTZoEPmBfLmdVKYA9B3WVrSlFWgLfYadz83lcq/i/AjRO
VDHnY5Ea5MSSW45VWyv181lcpwvEGPOXb6ICm5smGsHaOULEfC14kJO4++lyhlx8
0coB7IbNjOEwFN81L6WfoJLRder5FKOOJF7xKESpaTSvBvLFIb8yXJQXh6+5UeqD
/3D6eYfe+G8N0VkF1yRCMiL3fUkhslYPTgWNbcAt/vBopIvG/5LtCwUK/E0g94BW
ikKwJnW2cg1FZ6NWiOjgjf/qgUxJy5GTS0GTWnJJr7JPcEqmih4rVgVRI9VCa2Gm
mJas4g+WPacuNl09
-----END CERTIFICATE-----