Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209419.roa
File:                     AS209419.roa (raw, json)
Hash identifier:          xtAK+R0D83bNIjvRWemQY1I8vMKIQGwcdGx7dWEM5+4=
Subject key identifier:   5F:33:14:4E:47:01:D1:D0:51:25:DF:FA:16:B3:EE:D9:5E:B2:59:4D
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       31169D1ABC9A7A00B05806693D5810F8CEF0CD51
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209419.roa
Signing time:             Tue 05 Nov 2024 03:40:03 +0000
ROA not before:           Tue 05 Nov 2024 03:35:03 +0000
ROA not after:            Tue 04 Nov 2025 03:40:03 +0000
asID:                     209419
IP address blocks:        2a06:a005:43f::/48 maxlen: 48
                          2a06:a005:4d0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:16:9d:1a:bc:9a:7a:00:b0:58:06:69:3d:58:10:f8:ce:f0:cd:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:03 2024 GMT
            Not After : Nov  4 03:40:03 2025 GMT
        Subject: CN=5F33144E4701D1D05125DFFA16B3EED95EB2594D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c1:99:75:f1:fb:d5:b5:27:a3:ca:94:c1:84:
                    4d:94:80:05:1a:21:94:7e:de:75:b2:1b:d8:1e:66:
                    e1:42:05:b3:c3:0a:aa:28:70:1b:2d:f9:54:74:91:
                    c0:c7:87:9a:44:68:b5:73:b9:5a:63:86:70:b0:3b:
                    c9:dc:2b:d0:c3:aa:af:5b:c2:a7:13:fd:89:fe:91:
                    00:41:06:ca:ec:3c:f6:f5:4d:e8:7a:db:85:a1:b0:
                    ab:21:15:ca:8f:8e:63:f4:9e:6a:29:3f:f2:c3:9b:
                    d8:36:e1:e1:ee:f8:9b:5f:45:7b:05:44:ab:b0:5c:
                    d6:14:1f:40:15:31:c2:4b:ac:22:63:77:81:a0:35:
                    89:d5:2a:5d:ad:11:bf:8e:f2:c1:c5:a2:ae:1e:1e:
                    e0:56:e2:7b:24:a9:28:c8:52:b7:c2:47:96:d2:e6:
                    e0:ef:80:81:87:db:29:05:53:58:15:7b:89:b7:1c:
                    85:6b:d7:34:20:43:1c:c1:1a:10:6e:72:6b:e2:24:
                    f8:d5:5b:2b:e6:26:94:f1:08:4b:b6:9d:91:ae:20:
                    54:de:50:ad:95:20:7c:d3:b3:71:4e:48:8a:43:a6:
                    96:b9:d4:cf:1c:53:1d:fa:2a:3a:4d:79:d7:55:f6:
                    55:a4:72:06:ad:00:ac:31:39:fb:94:39:ea:6c:0a:
                    8e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:33:14:4E:47:01:D1:D0:51:25:DF:FA:16:B3:EE:D9:5E:B2:59:4D
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209419.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:43f::/48
                  2a06:a005:4d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:4d:1e:c4:f0:80:eb:fa:f0:c6:8a:60:ee:06:0e:72:00:34:
         23:a8:f0:51:51:eb:b3:f9:fa:27:10:73:6b:32:36:c9:c9:45:
         1c:94:38:a5:92:50:5f:57:9c:53:02:e7:50:b8:26:44:bc:3c:
         c5:46:db:f4:8b:d6:60:67:ae:05:9d:a9:5a:07:a0:ed:9a:24:
         6d:86:62:e1:4f:7f:56:f0:3c:76:0d:a1:e0:24:ae:84:65:22:
         a6:47:69:7f:9e:6a:9f:93:98:5e:b9:e8:4c:b3:10:6f:49:47:
         ae:96:11:c6:f0:c0:e0:f3:56:31:0b:62:47:55:a2:47:15:c9:
         e0:92:af:61:80:3b:03:aa:45:b5:24:19:82:47:d9:cd:4f:66:
         c8:eb:52:95:25:61:2f:fe:8a:7d:6e:09:3a:33:ae:de:1d:56:
         3b:2f:86:2f:7d:e4:33:02:fa:c2:85:4b:10:c8:53:26:e1:4d:
         9f:08:13:ec:2b:85:e9:ad:19:7a:94:6c:cd:18:5e:fd:10:95:
         96:d0:8f:91:03:c4:b8:bb:94:80:35:2a:9d:c1:e4:78:e0:2d:
         99:56:43:47:6a:35:65:ea:ce:eb:8f:f1:aa:15:b8:e3:94:04:
         50:da:ea:fb:3c:6a:d5:44:ed:22:39:28:40:4a:86:a8:e7:e1:
         a4:ba:c7:5b
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUMRadGryaegCwWAZpPVgQ+M7wzVEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDNaFw0yNTExMDQwMzQwMDNaMDMxMTAvBgNV
BAMTKDVGMzMxNDRFNDcwMUQxRDA1MTI1REZGQTE2QjNFRUQ5NUVCMjU5NEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnwZl18fvVtSejypTBhE2UgAUa
IZR+3nWyG9geZuFCBbPDCqoocBst+VR0kcDHh5pEaLVzuVpjhnCwO8ncK9DDqq9b
wqcT/Yn+kQBBBsrsPPb1Teh624WhsKshFcqPjmP0nmopP/LDm9g24eHu+JtfRXsF
RKuwXNYUH0AVMcJLrCJjd4GgNYnVKl2tEb+O8sHFoq4eHuBW4nskqSjIUrfCR5bS
5uDvgIGH2ykFU1gVe4m3HIVr1zQgQxzBGhBucmviJPjVWyvmJpTxCEu2nZGuIFTe
UK2VIHzTs3FOSIpDppa51M8cUx36KjpNeddV9lWkcgatAKwxOfuUOepsCo4rAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUXzMUTkcB0dBRJd/6FrPu2V6yWU0wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA5NDE5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQQ/AwcAKgagBQTQMA0GCSqGSIb3DQEBCwUA
A4IBAQCqTR7E8IDr+vDGimDuBg5yADQjqPBRUeuz+fonEHNrMjbJyUUclDilklBf
V5xTAudQuCZEvDzFRtv0i9ZgZ64FnalaB6DtmiRthmLhT39W8Dx2DaHgJK6EZSKm
R2l/nmqfk5heuehMsxBvSUeulhHG8MDg81YxC2JHVaJHFcngkq9hgDsDqkW1JBmC
R9nNT2bI61KVJWEv/op9bgk6M67eHVY7L4YvfeQzAvrChUsQyFMm4U2fCBPsK4Xp
rRl6lGzNGF79EJWW0I+RA8S4u5SANSqdweR44C2ZVkNHajVl6s7rj/GqFbjjlARQ
2ur7PGrVRO0iOShASoao5+Gkusdb
-----END CERTIFICATE-----