Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210461.roa
File:                     AS210461.roa (raw, json)
Hash identifier:          kPkXMIJLoncSZ9WEy5m+RzAPfh6rFWUDVN5w7bUI/Us=
Subject key identifier:   B5:F5:12:05:E1:86:C3:EF:EA:F2:C0:81:FB:77:E3:9F:3E:C0:16:CA
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       558B2C7639D9D854D6C2E138CC2A8A47D64078
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210461.roa
Signing time:             Tue 05 Dec 2023 02:44:15 +0000
ROA not before:           Tue 05 Dec 2023 02:39:15 +0000
ROA not after:            Tue 03 Dec 2024 02:44:15 +0000
asID:                     210461
IP address blocks:        2a06:a005:16::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:8b:2c:76:39:d9:d8:54:d6:c2:e1:38:cc:2a:8a:47:d6:40:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:15 2023 GMT
            Not After : Dec  3 02:44:15 2024 GMT
        Subject: CN=B5F51205E186C3EFEAF2C081FB77E39F3EC016CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:69:4d:9d:38:6e:c0:19:c4:fb:ee:1f:b1:89:
                    39:ec:19:1f:7a:16:3b:a0:f2:03:08:94:2c:b1:62:
                    2a:46:b8:0e:8a:af:b6:b0:eb:4d:5e:94:ec:6e:df:
                    77:da:a8:b3:63:1a:28:22:13:a8:1f:05:1d:96:96:
                    85:68:47:c0:42:5b:58:3d:fd:46:38:c3:1a:10:8f:
                    0d:10:30:89:3a:cf:f5:dc:99:68:1d:bc:e9:33:a8:
                    a0:95:4a:c4:25:dd:ba:62:20:b5:42:9e:60:49:e6:
                    35:46:ed:b9:f1:01:d0:af:50:1e:bb:0e:7e:64:97:
                    f9:dd:f5:3b:57:54:af:6b:a7:b6:f4:26:25:29:94:
                    11:9a:82:bb:0a:cb:1e:f2:a2:67:1e:bb:9c:88:f2:
                    f7:83:ec:dc:0b:d5:6a:3a:6b:6d:8c:f4:19:59:61:
                    e1:5c:25:74:5d:f0:de:d3:14:7a:c1:17:0f:55:ab:
                    46:b6:42:56:02:90:8d:68:30:1c:40:ab:03:20:b8:
                    99:73:c6:5c:0e:d6:46:30:f0:40:42:70:b5:de:45:
                    54:5e:f1:56:7e:51:a0:51:ae:61:ca:03:8e:e9:9b:
                    da:33:bf:a1:7d:50:de:1f:f7:92:7d:0d:87:09:d7:
                    bf:ac:33:1f:9a:e2:96:be:28:e9:52:fa:cb:48:6d:
                    3a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:F5:12:05:E1:86:C3:EF:EA:F2:C0:81:FB:77:E3:9F:3E:C0:16:CA
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210461.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:16::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:8f:bf:97:c0:3c:31:37:b5:4b:a8:52:37:4b:f7:b3:33:f3:
         c6:b9:87:ae:38:84:11:1d:17:f1:ef:1e:ef:d6:1a:1f:ee:dc:
         f9:f7:8a:65:66:6b:eb:7d:a9:66:dd:f4:6b:bc:82:96:e0:3b:
         95:99:1f:73:c8:40:9d:68:be:d8:1c:93:c3:37:6a:86:a9:fc:
         b7:44:80:fd:df:d1:c5:fa:7b:b4:be:09:35:7f:d4:9e:63:7b:
         ff:b6:aa:9a:a5:4c:fb:83:55:cf:ed:48:0d:c5:d2:f6:23:5d:
         40:ad:35:5c:ff:98:60:45:4b:80:c1:0f:9a:16:99:4f:98:7f:
         85:4c:e8:96:d1:c9:fb:8a:91:34:7b:59:2e:15:2e:41:ed:f2:
         3b:b8:25:b9:7e:5b:1a:7d:76:a6:54:cc:ac:98:c3:97:e7:f1:
         4a:6b:0c:f4:29:ef:82:55:66:03:e1:e2:2e:0a:da:ae:f7:b6:
         b5:b8:1e:ef:fc:9c:f2:d5:1a:8d:28:45:ef:d6:7b:ce:9a:b1:
         a2:52:38:31:ed:d3:ff:17:4d:ec:08:1b:c0:e5:f1:ab:50:a5:
         11:07:f1:38:dc:fe:43:fc:61:e2:b4:33:dd:57:f3:5b:69:74:
         ae:89:36:69:04:df:25:cf:68:6b:ff:09:46:15:f2:03:c1:28:
         a0:e0:dc:2a
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgITVYssdjnZ2FTWwuE4zCqKR9ZAeDANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg3OTk0MzhmMWIxNzYyYWVlZjhhMzVjZjRlNmNiYWU5NzY5
OWJkMDIwMB4XDTIzMTIwNTAyMzkxNVoXDTI0MTIwMzAyNDQxNVowMzExMC8GA1UE
AxMoQjVGNTEyMDVFMTg2QzNFRkVBRjJDMDgxRkI3N0UzOUYzRUMwMTZDQTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlpTZ04bsAZxPvuH7GJOewZH3oW
O6DyAwiULLFiKka4DoqvtrDrTV6U7G7fd9qos2MaKCITqB8FHZaWhWhHwEJbWD39
RjjDGhCPDRAwiTrP9dyZaB286TOooJVKxCXdumIgtUKeYEnmNUbtufEB0K9QHrsO
fmSX+d31O1dUr2untvQmJSmUEZqCuwrLHvKiZx67nIjy94Ps3AvVajprbYz0GVlh
4VwldF3w3tMUesEXD1WrRrZCVgKQjWgwHECrAyC4mXPGXA7WRjDwQEJwtd5FVF7x
Vn5RoFGuYcoDjumb2jO/oX1Q3h/3kn0NhwnXv6wzH5rilr4o6VL6y0htOocCAwEA
AaOCAfIwggHuMB0GA1UdDgQWBBS19RIF4YbD7+rywIH7d+OfPsAWyjAfBgNVHSME
GDAWgBR5lDjxsXYq7vijXPTmy66XaZvQIDAOBgNVHQ8BAf8EBAMCB4AwgYUGA1Ud
HwR+MHwweqB4oHaGdHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQvcmVwb3NpdG9y
eS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yLzc5OTQzOEYxQjE3
NjJBRUVGOEEzNUNGNEU2Q0JBRTk3Njk5QkQwMjAuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9lWlE0OGJGMkt1NzRvMXowNXN1dWwybWIwQ0EuY2VyMHAGCCsGAQUF
BwELBGQwYjBgBggrBgEFBQcwC4ZUcnN5bmM6Ly9ycGtpLXJwcy5hcmluLm5ldC9y
ZXBvc2l0b3J5LzhhODQ4YWRmODUwZDA2M2UwMTg1NzU1YzkxYmUzZjlkLzIvQVMy
MTA0NjEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwAqBqAFABYwDQYJKoZIhvcNAQELBQADggEBAC6Pv5fA
PDE3tUuoUjdL97Mz88a5h644hBEdF/HvHu/WGh/u3Pn3imVma+t9qWbd9Gu8gpbg
O5WZH3PIQJ1ovtgck8M3aoap/LdEgP3f0cX6e7S+CTV/1J5je/+2qpqlTPuDVc/t
SA3F0vYjXUCtNVz/mGBFS4DBD5oWmU+Yf4VM6JbRyfuKkTR7WS4VLkHt8ju4Jbl+
Wxp9dqZUzKyYw5fn8UprDPQp74JVZgPh4i4K2q73trW4Hu/8nPLVGo0oRe/We86a
saJSODHt0/8XTewIG8Dl8atQpREH8Tjc/kP8YeK0M91X81tpdK6JNmkE3yXPaGv/
CUYV8gPBKKDg3Co=
-----END CERTIFICATE-----