Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209870.roa
File:                     AS209870.roa (raw, json)
Hash identifier:          cvqwXnpWL8D9356HV31/Vv29tUjgJbsY0AytVVH+Hfc=
Subject key identifier:   49:38:DB:18:29:2F:AE:65:1B:8D:26:83:4F:D4:C6:11:ED:54:5B:70
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       040306C4C529802E9B8CA2A26157A8A728603346
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209870.roa
Signing time:             Fri 08 Dec 2023 11:44:21 +0000
ROA not before:           Fri 08 Dec 2023 11:39:21 +0000
ROA not after:            Fri 06 Dec 2024 11:44:21 +0000
asID:                     209870
IP address blocks:        2a06:a005:2a40::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:03:06:c4:c5:29:80:2e:9b:8c:a2:a2:61:57:a8:a7:28:60:33:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  8 11:39:21 2023 GMT
            Not After : Dec  6 11:44:21 2024 GMT
        Subject: CN=4938DB18292FAE651B8D26834FD4C611ED545B70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:70:63:d0:32:6a:89:94:4d:f1:54:08:0c:e0:
                    bb:e8:20:39:e4:1d:b6:7d:42:52:37:01:86:38:f5:
                    5b:cc:8c:f6:dc:8a:91:9d:38:68:a4:d5:5b:ac:b0:
                    b5:20:3d:16:be:93:14:f6:83:13:2d:e9:e4:3a:5c:
                    6e:94:9b:24:8f:fa:34:8d:69:1d:de:c8:74:8c:fe:
                    7b:a3:22:ce:ee:8d:f7:7b:08:b3:4f:f4:73:a0:03:
                    25:02:ce:7a:ff:a3:6c:ab:b6:66:99:57:0b:8c:8b:
                    1d:bd:6b:1d:89:3b:e0:57:6e:97:18:96:40:43:ad:
                    cc:1e:f1:03:1a:2d:27:18:04:68:37:ee:f8:7c:b5:
                    9b:71:21:7c:1c:05:f6:80:27:31:b3:1d:0f:56:14:
                    ef:30:bd:7a:e1:4b:01:44:98:6a:4c:22:7d:42:c2:
                    36:21:21:72:6d:54:ea:81:58:74:3a:40:4a:40:94:
                    21:95:e6:8d:28:b7:0f:72:e2:41:66:3b:3b:69:45:
                    ca:16:11:78:32:05:7f:a7:19:f8:08:e3:3b:18:0e:
                    f8:a5:49:83:72:c6:85:32:d0:08:d1:ab:17:e2:ca:
                    c2:59:13:7f:e4:cd:ad:06:55:1f:46:28:e1:5f:66:
                    83:8b:fa:1a:d9:c3:a0:ca:77:b2:ba:27:2b:33:75:
                    bf:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:38:DB:18:29:2F:AE:65:1B:8D:26:83:4F:D4:C6:11:ED:54:5B:70
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209870.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2a40::/44

    Signature Algorithm: sha256WithRSAEncryption
         5f:d7:f9:92:3f:df:d2:93:ac:cc:bc:aa:bd:6d:3b:47:33:47:
         5f:09:44:ff:8b:d2:49:68:2a:cb:28:d8:59:47:c5:62:26:44:
         87:9c:94:89:d2:24:3f:5f:bb:33:5c:22:73:36:cc:fb:86:11:
         7e:92:86:54:15:55:b4:d1:47:9f:95:96:70:bf:db:20:16:85:
         a8:bb:82:f9:c2:75:1c:89:c8:fe:86:6e:01:ac:0e:18:c6:e5:
         1f:1d:cd:b6:36:89:82:65:61:91:ba:3d:bd:d1:a2:0c:0b:2f:
         0a:95:18:24:d2:b5:9a:01:dd:6e:d9:a0:a5:aa:df:0e:a0:17:
         7a:81:29:f8:02:ab:b9:d4:4d:dd:d0:5a:07:ba:54:03:ca:08:
         70:03:97:9f:22:32:fc:99:ea:78:0f:0f:42:e4:2f:33:c1:45:
         29:05:d1:59:ab:fd:67:bb:19:a6:83:37:57:46:1d:b7:42:94:
         e5:ca:98:56:bd:c6:a8:da:d2:8d:5a:f7:87:cf:15:7e:51:ab:
         f6:5d:a2:3a:a9:49:58:ea:16:d5:26:70:64:71:79:9d:b7:e4:
         a5:40:97:93:9c:8d:ab:c6:9f:ac:ff:f3:65:6a:a6:6f:fa:18:
         c8:29:18:56:94:5a:c0:8b:2f:fa:c2:06:e2:a0:bf:48:cb:7c:
         2d:c1:66:f6
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUBAMGxMUpgC6bjKKiYVeopyhgM0YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDgxMTM5MjFaFw0yNDEyMDYxMTQ0MjFaMDMxMTAvBgNV
BAMTKDQ5MzhEQjE4MjkyRkFFNjUxQjhEMjY4MzRGRDRDNjExRUQ1NDVCNzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZcGPQMmqJlE3xVAgM4LvoIDnk
HbZ9QlI3AYY49VvMjPbcipGdOGik1VussLUgPRa+kxT2gxMt6eQ6XG6UmySP+jSN
aR3eyHSM/nujIs7ujfd7CLNP9HOgAyUCznr/o2yrtmaZVwuMix29ax2JO+BXbpcY
lkBDrcwe8QMaLScYBGg37vh8tZtxIXwcBfaAJzGzHQ9WFO8wvXrhSwFEmGpMIn1C
wjYhIXJtVOqBWHQ6QEpAlCGV5o0otw9y4kFmOztpRcoWEXgyBX+nGfgI4zsYDvil
SYNyxoUy0AjRqxfiysJZE3/kza0GVR9GKOFfZoOL+hrZw6DKd7K6Jyszdb/FAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUSTjbGCkvrmUbjSaDT9TGEe1UW3AwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA5ODcwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSpAMA0GCSqGSIb3DQEBCwUAA4IBAQBf1/mS
P9/Sk6zMvKq9bTtHM0dfCUT/i9JJaCrLKNhZR8ViJkSHnJSJ0iQ/X7szXCJzNsz7
hhF+koZUFVW00UeflZZwv9sgFoWou4L5wnUcicj+hm4BrA4YxuUfHc22NomCZWGR
uj290aIMCy8KlRgk0rWaAd1u2aClqt8OoBd6gSn4Aqu51E3d0FoHulQDyghwA5ef
IjL8mep4Dw9C5C8zwUUpBdFZq/1nuxmmgzdXRh23QpTlyphWvcao2tKNWveHzxV+
Uav2XaI6qUlY6hbVJnBkcXmdt+SlQJeTnI2rxp+s//NlaqZv+hjIKRhWlFrAiy/6
wgbioL9Iy3wtwWb2
-----END CERTIFICATE-----