Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209652.roa
File:                     AS209652.roa (raw, json)
Hash identifier:          mxlu5iV9uDjP+82lKq58sBI6BFkSfaJAEcu6RKILqro=
Subject key identifier:   9C:46:90:CA:B4:92:FC:92:EC:CF:EA:68:E5:3B:B5:97:26:0B:A2:A4
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       2A9FBEE06667F90BDA530BED57141C2CCFD47A3D
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209652.roa
Signing time:             Tue 12 Nov 2024 15:40:12 +0000
ROA not before:           Tue 12 Nov 2024 15:35:12 +0000
ROA not after:            Tue 11 Nov 2025 15:40:12 +0000
asID:                     209652
IP address blocks:        2a06:a005:b61::/48 maxlen: 48
                          2a06:a005:2ad0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:9f:be:e0:66:67:f9:0b:da:53:0b:ed:57:14:1c:2c:cf:d4:7a:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov 12 15:35:12 2024 GMT
            Not After : Nov 11 15:40:12 2025 GMT
        Subject: CN=9C4690CAB492FC92ECCFEA68E53BB597260BA2A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:2e:80:06:ca:df:1c:fa:53:8f:51:27:a3:c1:
                    ce:09:77:4d:c2:4c:21:58:9f:50:f4:0d:9d:53:00:
                    4a:6b:2f:db:ec:3f:da:4a:ef:cf:a1:95:ca:bf:3f:
                    5c:0c:d8:30:db:8e:8b:e8:0e:d5:1a:c0:8c:53:29:
                    1b:eb:02:1e:a8:eb:c6:eb:dd:86:08:48:6d:64:0d:
                    32:72:5e:2d:50:05:41:84:00:1c:3f:d3:51:50:96:
                    c8:8a:15:8c:68:02:2d:9e:fb:cc:68:74:59:9d:dc:
                    33:a6:6d:b1:5e:d0:71:95:4f:c4:95:56:1b:a9:73:
                    37:ee:ca:e4:cf:94:c3:fa:00:a6:ce:63:65:ab:77:
                    c2:a4:7e:70:46:a8:80:43:b9:b1:cc:18:f9:8e:51:
                    46:c0:64:fe:2e:71:c5:20:b2:75:26:5c:7c:d9:35:
                    ec:58:ae:d2:c0:6d:2f:78:0a:b1:e5:39:92:45:be:
                    60:09:f1:aa:9e:5e:33:68:8f:4c:ae:e3:3c:e5:af:
                    1c:0f:1d:7e:bc:af:19:9f:2b:5e:12:e1:bc:eb:15:
                    d1:0e:f6:3c:df:15:d3:e6:25:85:4a:b9:3a:3a:be:
                    57:64:5c:05:aa:18:1f:fd:53:62:33:3c:5a:6e:fb:
                    44:a5:74:96:d3:70:f1:dd:dc:9d:26:61:27:03:21:
                    bc:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:46:90:CA:B4:92:FC:92:EC:CF:EA:68:E5:3B:B5:97:26:0B:A2:A4
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209652.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:b61::/48
                  2a06:a005:2ad0::/44

    Signature Algorithm: sha256WithRSAEncryption
         1c:e3:30:a6:ca:68:d4:f9:89:86:2a:f2:e1:33:f6:30:aa:5a:
         c0:43:40:a0:a9:d6:24:3e:88:01:62:ec:57:22:5c:ec:80:8d:
         24:9d:f6:f3:33:14:6a:a2:f7:18:c4:b0:ac:77:72:be:02:28:
         46:c6:e3:9d:9e:ed:48:88:f3:72:a6:2e:92:c1:be:c0:88:fe:
         bd:70:65:b4:aa:ff:f1:82:09:9c:64:32:a5:22:84:71:07:77:
         b6:cd:85:58:46:41:09:f7:1c:4f:a6:91:9b:ff:f4:8d:1f:95:
         cc:c3:fa:5c:0d:f9:e9:76:4a:8f:a2:66:df:e0:e2:85:7d:20:
         9f:fe:65:2f:54:e0:60:03:84:4f:0d:aa:5c:6b:cb:b9:41:14:
         4a:1e:8a:fe:64:bb:a5:70:41:d2:da:22:b9:d6:32:e2:67:14:
         69:a2:a7:8a:aa:3b:ea:f2:eb:3d:4d:01:63:12:92:09:1c:71:
         f3:c1:7b:fb:94:74:ef:3a:b4:ea:19:0f:77:64:6b:95:cb:ac:
         3f:36:56:73:6e:ff:4d:1a:47:82:24:58:9f:b8:a9:fd:5c:04:
         f6:d4:b9:99:46:9a:c0:94:0c:4b:9d:1a:84:47:38:0f:3e:8d:
         2e:7f:9e:1a:05:1d:18:94:63:80:b8:21:65:d0:40:b2:28:b8:
         a0:f6:73:8d
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUKp++4GZn+QvaUwvtVxQcLM/Uej0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMTIxNTM1MTJaFw0yNTExMTExNTQwMTJaMDMxMTAvBgNV
BAMTKDlDNDY5MENBQjQ5MkZDOTJFQ0NGRUE2OEU1M0JCNTk3MjYwQkEyQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpLoAGyt8c+lOPUSejwc4Jd03C
TCFYn1D0DZ1TAEprL9vsP9pK78+hlcq/P1wM2DDbjovoDtUawIxTKRvrAh6o68br
3YYISG1kDTJyXi1QBUGEABw/01FQlsiKFYxoAi2e+8xodFmd3DOmbbFe0HGVT8SV
VhupczfuyuTPlMP6AKbOY2Wrd8KkfnBGqIBDubHMGPmOUUbAZP4uccUgsnUmXHzZ
NexYrtLAbS94CrHlOZJFvmAJ8aqeXjNoj0yu4zzlrxwPHX68rxmfK14S4bzrFdEO
9jzfFdPmJYVKuTo6vldkXAWqGB/9U2IzPFpu+0SldJbTcPHd3J0mYScDIbwRAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUnEaQyrSS/JLsz+po5Tu1lyYLoqQwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA5NjUyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQthAwcEKgagBSrQMA0GCSqGSIb3DQEBCwUA
A4IBAQAc4zCmymjU+YmGKvLhM/YwqlrAQ0CgqdYkPogBYuxXIlzsgI0knfbzMxRq
ovcYxLCsd3K+AihGxuOdnu1IiPNypi6Swb7AiP69cGW0qv/xggmcZDKlIoRxB3e2
zYVYRkEJ9xxPppGb//SNH5XMw/pcDfnpdkqPombf4OKFfSCf/mUvVOBgA4RPDapc
a8u5QRRKHor+ZLulcEHS2iK51jLiZxRpoqeKqjvq8us9TQFjEpIJHHHzwXv7lHTv
OrTqGQ93ZGuVy6w/NlZzbv9NGkeCJFifuKn9XAT21LmZRprAlAxLnRqERzgPPo0u
f54aBR0YlGOAuCFl0ECyKLig9nON
-----END CERTIFICATE-----