Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209870.roa
File:                     AS209870.roa (raw, json)
Hash identifier:          3KTD7rLA2ldsTI0im8aQKbYrEP/00iiz5NWC7ccVKl4=
Subject key identifier:   C0:A6:C8:82:5E:2D:C1:AE:92:02:AD:CC:FF:67:B6:51:FF:52:39:D7
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       2B559E6ACBDFFB60260495D5DB27E1A45B840717
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209870.roa
Signing time:             Fri 08 Nov 2024 12:40:12 +0000
ROA not before:           Fri 08 Nov 2024 12:35:12 +0000
ROA not after:            Fri 07 Nov 2025 12:40:12 +0000
asID:                     209870
IP address blocks:        2a06:a005:2a40::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:55:9e:6a:cb:df:fb:60:26:04:95:d5:db:27:e1:a4:5b:84:07:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  8 12:35:12 2024 GMT
            Not After : Nov  7 12:40:12 2025 GMT
        Subject: CN=C0A6C8825E2DC1AE9202ADCCFF67B651FF5239D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:21:5f:6f:ce:22:68:ce:0d:5a:88:ce:bd:52:
                    1b:85:7b:c8:0b:eb:95:e9:3c:e7:c3:9c:44:a0:a2:
                    9c:6b:98:9e:19:7f:1d:f8:95:c9:18:8e:8d:cb:74:
                    4b:e1:c6:82:f0:ca:83:5a:cf:03:ad:f8:1b:a1:6d:
                    0f:3b:3b:33:8a:d3:69:db:9e:e1:ca:a0:e8:f7:18:
                    d9:57:12:ac:8b:fa:a8:26:dd:bb:82:57:cd:47:2f:
                    f3:99:5e:67:f2:cb:6e:ac:a4:93:05:4d:bb:3e:36:
                    d5:0f:95:1d:0f:11:2f:36:cf:70:9a:bf:56:51:16:
                    49:99:9b:25:a6:37:59:0e:b8:06:4f:20:74:36:0b:
                    a9:21:ff:d6:36:17:cf:e3:cc:7f:26:de:9a:8f:2d:
                    05:d6:f4:98:00:52:89:14:49:7f:e3:97:21:ae:9e:
                    c4:ff:e6:c4:fd:dc:67:d4:31:73:7a:2a:96:e5:10:
                    8e:eb:cd:9a:d6:74:bc:44:03:96:cc:a5:de:dd:d7:
                    3c:95:84:a0:1f:00:e8:59:8a:90:ae:bb:cf:67:54:
                    00:3f:78:94:4e:d1:36:49:d9:d8:5c:76:38:16:cf:
                    8a:c3:e0:0d:37:3d:95:da:2c:25:0d:bd:0f:04:2e:
                    ba:79:f3:96:9e:92:04:18:af:63:f2:7d:cb:5d:25:
                    86:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:A6:C8:82:5E:2D:C1:AE:92:02:AD:CC:FF:67:B6:51:FF:52:39:D7
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS209870.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2a40::/44

    Signature Algorithm: sha256WithRSAEncryption
         8f:75:9c:2a:f5:c0:b1:55:27:73:77:65:1f:6b:8e:ea:13:d7:
         72:8d:8e:6c:08:ac:82:1f:d7:3d:b2:c1:37:62:a8:f7:79:3e:
         f4:4b:0b:29:5b:7b:e1:d5:a0:d7:bc:d1:4e:83:ad:77:8e:76:
         2b:93:e0:bf:1f:6d:ee:e3:db:be:2e:c6:6d:3f:59:87:9e:ac:
         cb:98:29:28:ee:66:42:ca:b5:39:d4:0d:86:65:46:3c:4c:5f:
         58:74:74:79:8d:45:7a:c5:85:d6:26:3d:75:87:51:cf:7d:49:
         a1:ad:fe:64:b4:c8:d8:1c:8c:9b:dd:42:37:9a:03:ee:10:ba:
         fd:a9:37:71:d3:39:2f:3a:1c:9b:5c:e0:78:fd:6b:d9:13:d1:
         f7:d9:06:f5:d3:cc:5d:f2:5b:55:3e:db:fd:31:72:57:77:84:
         4f:b1:99:52:d3:98:94:5a:ee:04:3f:00:11:c7:67:ad:48:6a:
         1a:e6:3c:84:c0:95:a3:92:48:9e:0b:1e:f9:8b:d2:91:59:3c:
         c4:ac:67:4a:db:b9:9f:7b:ea:18:fa:4f:64:52:aa:a3:7b:46:
         ea:4a:82:59:86:38:cc:b1:a3:1c:ab:28:5a:c5:03:65:f3:d5:
         ff:b7:2b:21:12:d5:c2:06:d4:0a:d9:ce:96:89:92:7e:48:95:
         05:24:24:3b
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUK1Weasvf+2AmBJXV2yfhpFuEBxcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDgxMjM1MTJaFw0yNTExMDcxMjQwMTJaMDMxMTAvBgNV
BAMTKEMwQTZDODgyNUUyREMxQUU5MjAyQURDQ0ZGNjdCNjUxRkY1MjM5RDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBIV9vziJozg1aiM69UhuFe8gL
65XpPOfDnESgopxrmJ4Zfx34lckYjo3LdEvhxoLwyoNazwOt+BuhbQ87OzOK02nb
nuHKoOj3GNlXEqyL+qgm3buCV81HL/OZXmfyy26spJMFTbs+NtUPlR0PES82z3Ca
v1ZRFkmZmyWmN1kOuAZPIHQ2C6kh/9Y2F8/jzH8m3pqPLQXW9JgAUokUSX/jlyGu
nsT/5sT93GfUMXN6KpblEI7rzZrWdLxEA5bMpd7d1zyVhKAfAOhZipCuu89nVAA/
eJRO0TZJ2dhcdjgWz4rD4A03PZXaLCUNvQ8ELrp585aekgQYr2PyfctdJYbdAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUwKbIgl4twa6SAq3M/2e2Uf9SOdcwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjA5ODcwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSpAMA0GCSqGSIb3DQEBCwUAA4IBAQCPdZwq
9cCxVSdzd2Ufa47qE9dyjY5sCKyCH9c9ssE3Yqj3eT70SwspW3vh1aDXvNFOg613
jnYrk+C/H23u49u+LsZtP1mHnqzLmCko7mZCyrU51A2GZUY8TF9YdHR5jUV6xYXW
Jj11h1HPfUmhrf5ktMjYHIyb3UI3mgPuELr9qTdx0zkvOhybXOB4/WvZE9H32Qb1
08xd8ltVPtv9MXJXd4RPsZlS05iUWu4EPwARx2etSGoa5jyEwJWjkkieCx75i9KR
WTzErGdK27mfe+oY+k9kUqqje0bqSoJZhjjMsaMcqyhaxQNl89X/tyshEtXCBtQK
2c6WiZJ+SJUFJCQ7
-----END CERTIFICATE-----