Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209218.roa
File:                     AS209218.roa (raw, json)
Hash identifier:          kKn805hBWLhJ47nXsmERvti7UUIqIPOWJuNxw8UVIiU=
Subject key identifier:   7F:A4:E3:9E:85:9E:4E:08:80:A6:F8:5F:0B:FE:75:B1:DC:87:F9:AF
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       2A67B1A2C599AFEFDF04378223C87CEF9D9551A0
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209218.roa
Signing time:             Tue 05 Nov 2024 03:40:10 +0000
ROA not before:           Tue 05 Nov 2024 03:35:10 +0000
ROA not after:            Tue 04 Nov 2025 03:40:10 +0000
asID:                     209218
IP address blocks:        2a06:a005:910::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:67:b1:a2:c5:99:af:ef:df:04:37:82:23:c8:7c:ef:9d:95:51:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:10 2024 GMT
            Not After : Nov  4 03:40:10 2025 GMT
        Subject: CN=7FA4E39E859E4E0880A6F85F0BFE75B1DC87F9AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:18:11:a0:a1:95:2e:fa:b4:dd:db:49:ed:66:
                    db:10:0b:e5:c7:6a:bd:60:9c:a9:f4:66:86:25:30:
                    2f:bf:e6:b9:33:fc:e5:dc:8e:8b:51:f0:19:05:2e:
                    c3:dc:5a:0e:ea:7f:26:16:37:08:af:de:26:4b:40:
                    42:b3:f2:ef:5b:6b:0b:c2:da:65:d8:49:92:1a:3e:
                    93:56:b3:31:dc:79:dd:17:24:50:69:6b:74:dc:c2:
                    1d:96:aa:fd:50:9d:6a:36:e8:11:5b:d5:6c:6c:23:
                    63:83:83:b6:c1:f4:95:11:e6:2c:7a:08:42:4e:55:
                    4e:a7:6e:b4:6e:b8:9c:b1:49:09:6e:d2:97:c4:57:
                    36:a7:97:c1:2b:50:62:eb:eb:32:44:52:d2:1c:f8:
                    c4:9a:b9:0f:3f:ef:21:c8:67:e5:36:b4:fb:79:a4:
                    60:6f:14:e7:c9:a9:f9:d8:f2:26:b1:10:81:41:0e:
                    a6:25:d4:3a:13:31:8b:23:5e:66:c1:ec:a7:b8:ed:
                    4a:56:15:7d:ff:16:66:bc:e4:04:41:e7:06:cf:d3:
                    0c:d8:ca:c7:36:65:64:96:e4:4e:a4:23:fd:54:09:
                    45:dd:a4:15:aa:9d:df:77:87:20:c6:b8:a1:11:c1:
                    06:69:60:29:68:a5:0f:e5:f0:bd:b9:94:05:fc:3b:
                    d5:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:A4:E3:9E:85:9E:4E:08:80:A6:F8:5F:0B:FE:75:B1:DC:87:F9:AF
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209218.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:910::/44

    Signature Algorithm: sha256WithRSAEncryption
         ca:ac:2d:1f:3e:5f:aa:f3:60:be:f0:33:11:72:aa:62:ec:53:
         a6:f7:ef:33:6d:96:c3:1f:e2:b8:f0:9e:b3:09:89:bc:d0:8d:
         37:71:e7:ef:70:b4:a2:09:a3:d4:ef:54:13:c1:78:4d:a7:f9:
         27:bd:f9:38:e5:af:5f:6d:fd:84:dc:6c:eb:1f:38:98:c0:82:
         46:e5:34:82:91:2c:c4:8e:23:3f:20:07:6c:21:2e:68:d7:4f:
         a6:b5:01:07:a8:3f:db:78:47:77:15:15:e4:a6:c9:38:ed:38:
         e4:00:f5:31:e5:ea:a7:56:b8:0b:76:51:58:37:ef:da:0f:02:
         6a:93:7b:11:20:10:e0:5c:e2:13:bc:b0:07:86:aa:94:b4:8d:
         15:98:a5:ea:e8:2c:fe:28:d0:e5:97:e0:cd:1a:c9:d6:cf:40:
         9d:eb:80:0e:f6:04:b3:10:32:05:9f:c6:39:ce:8b:2c:94:d6:
         1b:12:96:6b:76:8f:66:a5:66:ef:3a:e4:bd:05:8f:a8:ab:d2:
         1f:ad:80:bb:70:58:22:c2:a9:b0:c5:63:26:36:fd:c0:c6:c6:
         4e:0b:25:90:7c:00:ac:0d:4c:9a:e9:2e:74:70:d2:5f:95:f1:
         f9:a0:20:ac:ed:52:02:37:97:bc:71:9f:63:8a:3a:60:1c:5f:
         11:f2:ba:e8
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUKmexosWZr+/fBDeCI8h8752VUaAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MTBaFw0yNTExMDQwMzQwMTBaMDMxMTAvBgNV
BAMTKDdGQTRFMzlFODU5RTRFMDg4MEE2Rjg1RjBCRkU3NUIxREM4N0Y5QUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRGBGgoZUu+rTd20ntZtsQC+XH
ar1gnKn0ZoYlMC+/5rkz/OXcjotR8BkFLsPcWg7qfyYWNwiv3iZLQEKz8u9bawvC
2mXYSZIaPpNWszHced0XJFBpa3Tcwh2Wqv1QnWo26BFb1WxsI2ODg7bB9JUR5ix6
CEJOVU6nbrRuuJyxSQlu0pfEVzanl8ErUGLr6zJEUtIc+MSauQ8/7yHIZ+U2tPt5
pGBvFOfJqfnY8iaxEIFBDqYl1DoTMYsjXmbB7Ke47UpWFX3/Fma85ARB5wbP0wzY
ysc2ZWSW5E6kI/1UCUXdpBWqnd93hyDGuKERwQZpYClopQ/l8L25lAX8O9X7AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUf6TjnoWeTgiApvhfC/51sdyH+a8wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA5MjE4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQkQMA0GCSqGSIb3DQEBCwUAA4IBAQDKrC0f
Pl+q82C+8DMRcqpi7FOm9+8zbZbDH+K48J6zCYm80I03cefvcLSiCaPU71QTwXhN
p/knvfk45a9fbf2E3GzrHziYwIJG5TSCkSzEjiM/IAdsIS5o10+mtQEHqD/beEd3
FRXkpsk47TjkAPUx5eqnVrgLdlFYN+/aDwJqk3sRIBDgXOITvLAHhqqUtI0VmKXq
6Cz+KNDll+DNGsnWz0Cd64AO9gSzEDIFn8Y5zosslNYbEpZrdo9mpWbvOuS9BY+o
q9IfrYC7cFgiwqmwxWMmNv3AxsZOCyWQfACsDUya6S50cNJflfH5oCCs7VICN5e8
cZ9jijpgHF8R8rro
-----END CERTIFICATE-----