Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210758.roa
File:                     AS210758.roa (raw, json)
Hash identifier:          G1BQYkGR0K+eqgk4H9C+Y+AEE/wBzP5HIq6yvsm01sY=
Subject key identifier:   14:5B:21:72:6D:55:6C:92:7D:1E:D2:D8:11:35:EE:19:FE:CE:A6:65
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       05BDDEB5330E78330E419D38827491B0A36AEA88
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210758.roa
Signing time:             Tue 05 Nov 2024 03:40:07 +0000
ROA not before:           Tue 05 Nov 2024 03:35:07 +0000
ROA not after:            Tue 04 Nov 2025 03:40:07 +0000
asID:                     210758
IP address blocks:        2a06:a005:5a9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:bd:de:b5:33:0e:78:33:0e:41:9d:38:82:74:91:b0:a3:6a:ea:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:07 2024 GMT
            Not After : Nov  4 03:40:07 2025 GMT
        Subject: CN=145B21726D556C927D1ED2D81135EE19FECEA665
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d2:50:96:cb:05:33:ff:51:47:12:52:72:13:
                    ef:fe:8a:34:e5:a5:48:bc:04:f7:9d:b4:8d:ce:72:
                    ad:fa:7c:95:51:b1:12:71:f7:5c:d4:b3:52:57:f3:
                    11:3e:d1:8a:ad:b1:af:28:7f:99:65:49:21:83:c8:
                    29:0f:39:93:a5:46:89:a7:6b:8b:8b:b7:4d:66:8b:
                    f5:ef:82:7d:9a:6d:b6:12:81:1f:30:b3:f1:9f:61:
                    34:22:93:2f:de:27:21:87:20:46:cf:12:61:2f:ec:
                    43:1d:4c:df:50:d2:c9:88:4a:39:c1:c0:78:b5:38:
                    09:72:1a:dd:28:d1:93:75:fa:e7:6d:9d:de:ec:81:
                    db:0a:21:85:2b:00:7a:66:ad:29:8c:35:f6:b5:a4:
                    e0:f2:60:c6:57:f8:09:60:af:cb:de:5e:a5:33:02:
                    28:a2:e2:86:18:61:0b:4a:83:99:ce:35:4d:c9:74:
                    9a:9a:aa:23:7f:94:27:18:0b:f4:0d:b3:17:dc:14:
                    c8:1c:f6:fb:0b:0d:b8:19:de:da:49:d8:11:87:f1:
                    c8:98:59:9c:b3:fb:fd:23:92:8b:58:d5:d3:d7:f8:
                    98:90:10:73:a2:a7:6d:2c:49:d8:ad:3c:1c:65:d2:
                    bd:79:6d:e9:66:02:f2:99:83:8f:06:8d:61:b1:db:
                    83:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:5B:21:72:6D:55:6C:92:7D:1E:D2:D8:11:35:EE:19:FE:CE:A6:65
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210758.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5a9::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:23:f0:fc:dd:16:dc:bd:c8:74:43:e6:f0:53:c8:e1:68:78:
         2b:62:b2:60:6f:cb:c8:d5:1b:c8:1a:37:d3:1f:2d:0e:5e:32:
         53:54:03:c2:0c:85:5a:b2:43:31:59:4e:df:a3:20:4e:75:57:
         7f:18:24:94:61:56:cd:90:8d:90:d9:21:4c:df:0c:5d:68:20:
         ef:9e:a4:95:8a:34:df:e1:09:54:7c:96:4a:08:5f:ca:7b:42:
         a3:ce:a4:79:e3:7a:bd:f8:24:b8:55:35:ac:27:4e:27:02:97:
         65:ad:96:bb:75:a3:55:ed:d1:44:02:7e:4e:3b:89:e7:2d:a0:
         2f:c9:fc:d7:74:e1:1d:43:35:8c:41:88:8b:f7:46:dd:c6:ea:
         ae:f6:20:7c:ad:1a:4a:e4:dc:86:a1:c5:5a:46:0e:39:fe:1d:
         a2:30:94:93:86:2d:65:e0:87:0f:fd:21:7b:8d:bd:9c:1d:32:
         07:a5:6a:96:66:ee:73:a0:79:11:4f:c0:b4:1e:9d:ed:b3:75:
         b9:19:58:c4:36:bb:78:d5:fa:76:66:5a:71:cb:b3:5e:5b:e0:
         e9:ae:74:db:78:d6:c7:83:f6:e8:aa:ea:ee:80:f1:1f:16:ae:
         aa:8d:ff:2a:49:b4:7b:e3:38:3e:ff:1c:7d:0d:1f:ce:94:00:
         ea:2a:ed:45
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUBb3etTMOeDMOQZ04gnSRsKNq6ogwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDdaFw0yNTExMDQwMzQwMDdaMDMxMTAvBgNV
BAMTKDE0NUIyMTcyNkQ1NTZDOTI3RDFFRDJEODExMzVFRTE5RkVDRUE2NjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm0lCWywUz/1FHElJyE+/+ijTl
pUi8BPedtI3Ocq36fJVRsRJx91zUs1JX8xE+0Yqtsa8of5llSSGDyCkPOZOlRomn
a4uLt01mi/Xvgn2abbYSgR8ws/GfYTQiky/eJyGHIEbPEmEv7EMdTN9Q0smISjnB
wHi1OAlyGt0o0ZN1+udtnd7sgdsKIYUrAHpmrSmMNfa1pODyYMZX+Algr8veXqUz
Aiii4oYYYQtKg5nONU3JdJqaqiN/lCcYC/QNsxfcFMgc9vsLDbgZ3tpJ2BGH8ciY
WZyz+/0jkotY1dPX+JiQEHOip20sSditPBxl0r15belmAvKZg48GjWGx24OnAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUFFshcm1VbJJ9HtLYETXuGf7OpmUwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEwNzU4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQWpMA0GCSqGSIb3DQEBCwUAA4IBAQBUI/D8
3Rbcvch0Q+bwU8jhaHgrYrJgb8vI1RvIGjfTHy0OXjJTVAPCDIVaskMxWU7foyBO
dVd/GCSUYVbNkI2Q2SFM3wxdaCDvnqSVijTf4QlUfJZKCF/Ke0KjzqR543q9+CS4
VTWsJ04nApdlrZa7daNV7dFEAn5OO4nnLaAvyfzXdOEdQzWMQYiL90bdxuqu9iB8
rRpK5NyGocVaRg45/h2iMJSThi1l4IcP/SF7jb2cHTIHpWqWZu5zoHkRT8C0Hp3t
s3W5GVjENrt41fp2Zlpxy7NeW+DprnTbeNbHg/boqurugPEfFq6qjf8qSbR74zg+
/xx9DR/OlADqKu1F
-----END CERTIFICATE-----