Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209556.roa
File:                     AS209556.roa (raw, json)
Hash identifier:          EMkWcfL9gVFz+usuq84J8dc2o7oXVJNFOKHjjze9P2Q=
Subject key identifier:   40:32:70:5F:A8:1B:5F:0D:29:8F:FF:97:50:B2:00:72:11:AC:E6:B9
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       5FA62C42B6F9A81E57F8A18DEE10504765A16F5E
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209556.roa
Signing time:             Tue 05 Nov 2024 03:40:05 +0000
ROA not before:           Tue 05 Nov 2024 03:35:05 +0000
ROA not after:            Tue 04 Nov 2025 03:40:05 +0000
asID:                     209556
IP address blocks:        2a06:a005:a80::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:a6:2c:42:b6:f9:a8:1e:57:f8:a1:8d:ee:10:50:47:65:a1:6f:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:05 2024 GMT
            Not After : Nov  4 03:40:05 2025 GMT
        Subject: CN=4032705FA81B5F0D298FFF9750B2007211ACE6B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:bf:9f:18:6c:c0:5e:3b:cf:41:9e:d6:5a:3a:
                    ae:8c:e2:50:b1:73:14:46:62:0a:68:6f:bc:71:38:
                    a1:84:b7:88:01:35:58:22:ba:70:ad:14:2a:96:ed:
                    69:3d:60:12:81:c5:5d:a0:e6:a6:0e:20:3c:77:7e:
                    02:7c:b8:57:d8:6c:de:7d:25:61:12:7e:4a:85:c3:
                    79:90:98:99:de:ef:53:a5:a0:ae:4e:69:64:4b:c0:
                    8f:65:c3:96:d5:d4:07:dc:b7:68:eb:b6:73:9a:40:
                    db:22:26:48:c7:f4:c0:b1:f3:8f:5c:46:70:10:99:
                    a3:df:3d:af:c0:b9:d2:68:22:73:7d:2b:56:2b:be:
                    a7:a8:cd:a6:30:b9:e6:a2:2b:31:53:b0:17:07:19:
                    56:5a:a6:d0:7f:a7:6f:b6:ab:06:df:9a:02:c0:67:
                    ba:b5:fc:2c:79:71:a3:e2:77:12:cb:d2:b3:90:73:
                    30:c9:4f:b0:0c:fd:f5:32:41:c4:94:e8:9c:5e:0a:
                    2d:0e:d3:e3:80:3e:3b:70:1a:d2:c0:1f:95:76:11:
                    f0:aa:b2:d0:41:8f:cf:3d:28:4d:02:44:75:7c:6a:
                    dd:c4:27:ee:e7:26:d4:6a:5d:85:a1:d5:df:3c:f5:
                    1d:cb:07:36:52:47:54:16:6e:30:b6:f0:1d:29:43:
                    60:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:32:70:5F:A8:1B:5F:0D:29:8F:FF:97:50:B2:00:72:11:AC:E6:B9
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209556.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:a80::/44

    Signature Algorithm: sha256WithRSAEncryption
         a6:3c:0d:8c:48:35:00:9b:82:bd:7e:4d:80:ed:4b:2c:5d:6f:
         ef:83:99:2b:aa:30:2b:1b:30:7a:6e:73:fc:ec:97:05:ee:08:
         9a:29:67:b0:d7:4d:5e:0c:ad:35:e3:8a:2f:1b:dd:36:1f:54:
         ce:20:ae:60:e5:5a:99:41:e5:c9:49:85:08:e9:38:af:7b:dd:
         93:dc:e8:02:bb:f7:fc:33:a6:0a:06:a2:5a:b3:81:89:70:d2:
         38:32:e6:11:28:39:b3:d0:d9:f3:be:40:fc:5f:31:8e:1b:68:
         ac:65:eb:a9:6e:a7:c7:df:aa:57:9c:04:f7:97:33:04:68:a0:
         40:61:1b:3e:82:34:32:bf:78:10:a0:e1:ca:a5:62:5d:fa:5b:
         a5:39:89:2e:21:46:50:12:05:ac:78:44:84:90:06:9f:c4:7d:
         ea:7d:ba:ed:a1:07:9d:9e:1a:bc:08:97:55:d1:be:7f:13:70:
         12:40:90:4b:d2:3f:21:14:15:61:21:1e:b6:e0:e3:5c:92:d4:
         f3:34:44:7d:fd:e6:e3:89:82:66:54:a7:8a:e4:25:54:04:81:
         0a:ec:e3:18:62:1b:31:25:9e:4f:49:c9:f8:03:0c:48:f6:03:
         b9:42:3d:0f:e7:f3:9f:08:12:4d:b1:8d:77:10:02:99:47:7e:
         75:3e:86:63
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUX6YsQrb5qB5X+KGN7hBQR2Whb14wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDVaFw0yNTExMDQwMzQwMDVaMDMxMTAvBgNV
BAMTKDQwMzI3MDVGQTgxQjVGMEQyOThGRkY5NzUwQjIwMDcyMTFBQ0U2QjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyv58YbMBeO89BntZaOq6M4lCx
cxRGYgpob7xxOKGEt4gBNVgiunCtFCqW7Wk9YBKBxV2g5qYOIDx3fgJ8uFfYbN59
JWESfkqFw3mQmJne71OloK5OaWRLwI9lw5bV1Afct2jrtnOaQNsiJkjH9MCx849c
RnAQmaPfPa/AudJoInN9K1YrvqeozaYwueaiKzFTsBcHGVZaptB/p2+2qwbfmgLA
Z7q1/Cx5caPidxLL0rOQczDJT7AM/fUyQcSU6JxeCi0O0+OAPjtwGtLAH5V2EfCq
stBBj889KE0CRHV8at3EJ+7nJtRqXYWh1d889R3LBzZSR1QWbjC28B0pQ2CVAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUQDJwX6gbXw0pj/+XULIAchGs5rkwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA5NTU2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQqAMA0GCSqGSIb3DQEBCwUAA4IBAQCmPA2M
SDUAm4K9fk2A7UssXW/vg5krqjArGzB6bnP87JcF7giaKWew101eDK0144ovG902
H1TOIK5g5VqZQeXJSYUI6Tive92T3OgCu/f8M6YKBqJas4GJcNI4MuYRKDmz0Nnz
vkD8XzGOG2isZeupbqfH36pXnAT3lzMEaKBAYRs+gjQyv3gQoOHKpWJd+lulOYku
IUZQEgWseESEkAafxH3qfbrtoQednhq8CJdV0b5/E3ASQJBL0j8hFBVhIR624ONc
ktTzNER9/ebjiYJmVKeK5CVUBIEK7OMYYhsxJZ5PScn4AwxI9gO5Qj0P5/OfCBJN
sY13EAKZR351PoZj
-----END CERTIFICATE-----