Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209710.roa
File:                     AS209710.roa (raw, json)
Hash identifier:          cpkTO9ne8TQY0A1RSCgubOaVlBoZ+DtnaCQcp2dQTlw=
Subject key identifier:   15:46:82:55:3D:03:1D:73:75:24:B8:10:0D:DC:03:C7:DC:86:61:2C
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       4B2518DFECBBD24BE3EC730D8C62F563CF80B45C
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209710.roa
Signing time:             Wed 10 Jan 2024 10:44:21 +0000
ROA not before:           Wed 10 Jan 2024 10:39:21 +0000
ROA not after:            Wed 08 Jan 2025 10:44:21 +0000
asID:                     209710
IP address blocks:        2a06:a005:610::/44 maxlen: 48
                          2a06:a005:1f40::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:25:18:df:ec:bb:d2:4b:e3:ec:73:0d:8c:62:f5:63:cf:80:b4:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan 10 10:39:21 2024 GMT
            Not After : Jan  8 10:44:21 2025 GMT
        Subject: CN=154682553D031D737524B8100DDC03C7DC86612C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f2:5b:4c:df:a4:37:6f:7b:de:68:3a:2e:f7:
                    86:a0:94:cc:07:c3:25:a8:c3:ff:8d:a8:7d:b7:8f:
                    fa:92:dd:0b:21:3a:42:51:fb:27:26:83:d2:fd:22:
                    4c:90:d7:76:76:c8:2e:22:cb:b5:eb:ee:1a:17:23:
                    fa:b2:1b:f4:15:fe:b3:24:0d:43:4b:e5:68:1c:c4:
                    06:c8:1c:ca:43:e4:cc:20:90:de:08:3c:9a:8b:da:
                    60:49:dd:cc:34:ad:9c:cc:d7:f9:5b:db:cc:57:49:
                    e4:2d:8e:05:ed:80:27:7a:fe:41:7b:7c:dc:c7:1d:
                    69:16:af:72:58:82:ba:8e:05:e2:f0:82:44:ed:6d:
                    6a:ca:d6:dd:28:ce:9a:bd:36:48:45:cb:a6:f9:27:
                    a2:8a:4a:22:32:9e:b1:59:46:d8:26:bd:8d:d6:50:
                    d8:b5:18:25:b5:2b:b2:b9:5f:18:ba:44:35:9d:4c:
                    f0:40:df:77:c3:a1:f1:85:f6:fa:64:85:19:24:5f:
                    b2:c5:c9:c1:d3:f4:72:18:0b:15:89:15:34:ee:7c:
                    16:c1:5f:40:14:e0:6f:85:03:db:32:59:0d:84:91:
                    5d:3d:ed:68:8b:79:fc:6c:d9:db:72:14:cc:18:c1:
                    0e:1a:12:4c:19:d8:11:82:b3:98:ea:f2:d0:5d:eb:
                    23:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:46:82:55:3D:03:1D:73:75:24:B8:10:0D:DC:03:C7:DC:86:61:2C
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209710.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:610::/44
                  2a06:a005:1f40::/44

    Signature Algorithm: sha256WithRSAEncryption
         52:b7:f5:1e:d9:35:87:47:fe:86:39:47:6a:c2:1f:72:fb:d4:
         cc:e0:33:9c:e3:55:7c:2e:e6:21:9e:ca:ae:55:cb:8f:ed:41:
         63:34:89:25:7d:95:3d:20:c4:4f:12:fc:56:4c:50:43:ab:47:
         3f:ad:6a:21:76:3d:86:cf:39:57:71:c7:ef:43:11:47:a1:60:
         1a:b9:4f:84:87:56:4c:35:73:66:32:a4:2a:89:64:1c:ab:33:
         fd:8c:6b:7b:59:15:c9:e3:00:f3:7b:07:79:f0:17:30:e4:69:
         41:74:19:e4:d9:5e:1c:94:be:0a:9e:a3:dd:9e:b7:82:bc:89:
         f7:f5:2b:f8:66:40:cb:a8:5b:9b:80:02:e9:82:ed:39:47:71:
         ca:c1:3e:4e:32:4b:f1:a0:a0:92:9c:ad:37:f6:60:72:41:2f:
         5f:36:04:4c:06:7a:d9:6e:91:f5:4f:14:14:e8:2c:2d:2c:32:
         7b:22:d2:5e:f9:43:3a:cf:5d:ed:36:7f:4d:11:11:44:b7:3c:
         1b:c7:d9:e5:86:fe:e5:37:56:27:d2:3a:a2:df:5f:94:9f:7e:
         ee:38:21:1b:f6:4a:9d:d8:b2:8e:80:b8:e4:de:be:8b:37:98:
         4a:a0:9f:05:7d:b2:95:63:af:33:ab:49:25:ac:4b:1b:b5:b9:
         b6:b3:2b:83
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUSyUY3+y70kvj7HMNjGL1Y8+AtFwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMTAxMDM5MjFaFw0yNTAxMDgxMDQ0MjFaMDMxMTAvBgNV
BAMTKDE1NDY4MjU1M0QwMzFENzM3NTI0QjgxMDBEREMwM0M3REM4NjYxMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ8ltM36Q3b3veaDou94aglMwH
wyWow/+NqH23j/qS3QshOkJR+ycmg9L9IkyQ13Z2yC4iy7Xr7hoXI/qyG/QV/rMk
DUNL5WgcxAbIHMpD5MwgkN4IPJqL2mBJ3cw0rZzM1/lb28xXSeQtjgXtgCd6/kF7
fNzHHWkWr3JYgrqOBeLwgkTtbWrK1t0ozpq9NkhFy6b5J6KKSiIynrFZRtgmvY3W
UNi1GCW1K7K5Xxi6RDWdTPBA33fDofGF9vpkhRkkX7LFycHT9HIYCxWJFTTufBbB
X0AU4G+FA9syWQ2EkV097WiLefxs2dtyFMwYwQ4aEkwZ2BGCs5jq8tBd6yNhAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUFUaCVT0DHXN1JLgQDdwDx9yGYSwwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA5NzEwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcEKgagBQYQAwcEKgagBR9AMA0GCSqGSIb3DQEBCwUA
A4IBAQBSt/Ue2TWHR/6GOUdqwh9y+9TM4DOc41V8LuYhnsquVcuP7UFjNIklfZU9
IMRPEvxWTFBDq0c/rWohdj2GzzlXccfvQxFHoWAauU+Eh1ZMNXNmMqQqiWQcqzP9
jGt7WRXJ4wDzewd58Bcw5GlBdBnk2V4clL4KnqPdnreCvIn39Sv4ZkDLqFubgALp
gu05R3HKwT5OMkvxoKCSnK039mByQS9fNgRMBnrZbpH1TxQU6CwtLDJ7ItJe+UM6
z13tNn9NERFEtzwbx9nlhv7lN1Yn0jqi31+Un37uOCEb9kqd2LKOgLjk3r6LN5hK
oJ8FfbKVY68zq0klrEsbtbm2syuD
-----END CERTIFICATE-----