Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210384.roa
File:                     AS210384.roa (raw, json)
Hash identifier:          rAZ4HspEsOmtsTpI4dwIf/sC9HIBjiGuSik86qUeYjY=
Subject key identifier:   70:8C:81:31:9F:4F:50:86:BB:87:F1:FB:FD:A4:47:A2:BB:FF:AA:78
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       63F10CEBFF0162652D346D1F3F2AC0477C44E552
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210384.roa
Signing time:             Thu 06 Jun 2024 00:27:15 +0000
ROA not before:           Thu 06 Jun 2024 00:22:15 +0000
ROA not after:            Thu 05 Jun 2025 00:27:15 +0000
asID:                     210384
IP address blocks:        2a06:a001:a100::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Oct 2024 07:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:f1:0c:eb:ff:01:62:65:2d:34:6d:1f:3f:2a:c0:47:7c:44:e5:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jun  6 00:22:15 2024 GMT
            Not After : Jun  5 00:27:15 2025 GMT
        Subject: CN=708C81319F4F5086BB87F1FBFDA447A2BBFFAA78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d3:56:5f:66:53:a7:97:cc:a0:67:a6:1f:10:
                    e0:47:8a:da:ae:f2:75:19:b0:47:a2:36:52:2a:66:
                    0e:2d:6b:67:f8:52:92:d4:f8:15:3a:97:74:bb:df:
                    be:8f:a7:44:df:e1:dc:9f:3e:f8:c0:97:48:b1:c5:
                    6c:9a:b1:81:41:d7:cb:f0:89:c8:ad:b6:23:65:ba:
                    22:98:fe:47:eb:1a:db:47:92:ae:1e:a1:2a:be:30:
                    03:f7:47:fb:f1:80:84:58:35:4c:a4:44:9d:d3:87:
                    9c:b4:73:2c:cb:54:6a:3f:c9:2b:79:9f:59:d3:b2:
                    18:7e:c5:b5:cb:40:a3:5d:a9:d1:44:af:95:a1:d5:
                    b9:35:85:e5:08:01:89:c6:a2:ba:4c:54:25:de:52:
                    37:db:a4:8c:dc:af:e0:3c:8c:6e:ae:39:3b:c6:0d:
                    47:7a:9d:77:a6:e1:78:13:7c:a7:66:7c:9f:23:21:
                    ec:66:69:d2:7b:ab:30:00:8b:16:aa:5e:34:5f:b4:
                    89:4f:a1:8d:b1:ba:36:97:8c:76:65:e7:03:00:e9:
                    be:e3:d2:1d:23:52:11:91:30:ba:6e:a8:e4:7e:2e:
                    76:39:8d:2e:b4:72:96:a5:18:3c:e3:02:98:b0:89:
                    4e:89:f4:7e:e0:a5:d6:fc:e0:34:06:7d:2c:18:fd:
                    58:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:8C:81:31:9F:4F:50:86:BB:87:F1:FB:FD:A4:47:A2:BB:FF:AA:78
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210384.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a001:a100::/44

    Signature Algorithm: sha256WithRSAEncryption
         65:1c:11:25:50:03:ff:61:2c:aa:4a:cd:90:25:30:9a:93:26:
         e1:12:e4:d4:cb:5f:86:61:f3:74:cf:9f:5e:e9:74:b9:67:51:
         f0:ac:af:32:6d:8d:22:cf:d4:5f:de:10:6a:a3:50:65:49:b1:
         84:5c:83:8f:18:62:aa:5f:5d:71:e1:e7:24:af:ca:70:53:2a:
         a4:7c:65:fc:35:0d:a7:d1:13:ed:cb:62:50:8f:e1:eb:42:b2:
         74:3c:f2:cd:72:1a:bb:b3:c2:ad:f8:b5:53:24:7c:c7:26:6e:
         43:b8:0e:22:9e:1e:60:79:f5:02:5d:d6:83:85:ec:2c:4e:b0:
         7f:55:36:5d:b3:b0:e0:96:6e:50:56:4d:98:15:c2:0c:43:9f:
         be:4a:f3:98:87:62:e8:aa:85:d5:cf:2f:5b:43:4f:87:f6:52:
         c6:18:c4:a2:43:f6:d5:31:88:8c:55:14:00:5c:1f:fe:d0:c7:
         4c:da:5a:45:f6:fa:0f:02:7f:d6:dd:c9:ea:2d:52:88:70:e6:
         36:2c:40:e1:23:97:9e:2d:ce:8b:6d:27:54:13:ab:49:f9:32:
         0d:8d:59:0a:dd:39:6b:4a:38:e6:1d:9d:db:84:64:6c:3f:94:
         35:1f:07:55:37:60:42:b7:4e:5b:ba:9d:bf:32:4c:1f:07:60:
         af:5d:2f:c3
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUY/EM6/8BYmUtNG0fPyrAR3xE5VIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA2MDYwMDIyMTVaFw0yNTA2MDUwMDI3MTVaMDMxMTAvBgNV
BAMTKDcwOEM4MTMxOUY0RjUwODZCQjg3RjFGQkZEQTQ0N0EyQkJGRkFBNzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE01ZfZlOnl8ygZ6YfEOBHitqu
8nUZsEeiNlIqZg4ta2f4UpLU+BU6l3S7376Pp0Tf4dyfPvjAl0ixxWyasYFB18vw
icittiNluiKY/kfrGttHkq4eoSq+MAP3R/vxgIRYNUykRJ3Th5y0cyzLVGo/ySt5
n1nTshh+xbXLQKNdqdFEr5Wh1bk1heUIAYnGorpMVCXeUjfbpIzcr+A8jG6uOTvG
DUd6nXem4XgTfKdmfJ8jIexmadJ7qzAAixaqXjRftIlPoY2xujaXjHZl5wMA6b7j
0h0jUhGRMLpuqOR+LnY5jS60cpalGDzjApiwiU6J9H7gpdb84DQGfSwY/VizAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUcIyBMZ9PUIa7h/H7/aRHorv/qngwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEwMzg0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagAaEAMA0GCSqGSIb3DQEBCwUAA4IBAQBlHBEl
UAP/YSyqSs2QJTCakybhEuTUy1+GYfN0z59e6XS5Z1HwrK8ybY0iz9Rf3hBqo1Bl
SbGEXIOPGGKqX11x4eckr8pwUyqkfGX8NQ2n0RPty2JQj+HrQrJ0PPLNchq7s8Kt
+LVTJHzHJm5DuA4inh5gefUCXdaDhewsTrB/VTZds7Dglm5QVk2YFcIMQ5++SvOY
h2LoqoXVzy9bQ0+H9lLGGMSiQ/bVMYiMVRQAXB/+0MdM2lpF9voPAn/W3cnqLVKI
cOY2LEDhI5eeLc6LbSdUE6tJ+TINjVkK3TlrSjjmHZ3bhGRsP5Q1HwdVN2BCt05b
up2/MkwfB2CvXS/D
-----END CERTIFICATE-----