Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210825.roa
File:                     AS210825.roa (raw, json)
Hash identifier:          2hXqsjbGEBI4BZqlD59Itx4LuSsUobn2Yt7PRrKv/Rs=
Subject key identifier:   11:04:7E:8F:13:0E:AD:A2:3F:DF:AC:CB:C8:27:62:9A:B4:F2:8F:5D
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       45CE82AB0B3670D8DEFE7E7A4062BC21F33CAE50
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210825.roa
Signing time:             Tue 05 Dec 2023 02:44:20 +0000
ROA not before:           Tue 05 Dec 2023 02:39:20 +0000
ROA not after:            Tue 03 Dec 2024 02:44:20 +0000
asID:                     210825
IP address blocks:        2a06:a005:5a1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:ce:82:ab:0b:36:70:d8:de:fe:7e:7a:40:62:bc:21:f3:3c:ae:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:20 2023 GMT
            Not After : Dec  3 02:44:20 2024 GMT
        Subject: CN=11047E8F130EADA23FDFACCBC827629AB4F28F5D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:1b:f3:ad:07:0b:6f:cd:cd:1c:e9:cd:b2:be:
                    af:6b:bf:5b:44:45:3e:f4:d1:1c:d7:d9:d4:e3:9d:
                    42:6b:3d:f8:8e:1e:78:27:a0:6a:69:c6:f2:ff:cd:
                    77:6b:3c:e2:1e:07:d2:15:4a:67:25:29:46:0f:00:
                    64:f0:3c:c6:55:54:46:84:a1:ad:87:df:fb:ff:5c:
                    e5:60:5b:fd:02:3b:34:b3:32:ac:38:a7:f4:57:86:
                    6e:07:15:e2:67:6c:7c:88:54:8b:3a:77:51:0b:53:
                    82:b3:e4:37:ca:9e:e3:63:1a:07:d9:27:50:f9:f8:
                    c2:98:50:e0:75:e1:68:27:7a:99:90:2d:cf:f2:be:
                    6d:76:37:3e:14:14:dc:de:7d:0e:f3:6d:be:e7:05:
                    94:af:b9:44:b2:d3:b8:2f:88:ba:89:75:d9:f2:b0:
                    0a:32:cd:70:84:ac:78:62:cb:57:5e:31:33:1a:b3:
                    73:5c:a8:5b:99:36:5c:cf:bc:7a:7a:ea:ed:53:13:
                    51:be:40:e5:eb:5f:54:25:17:ed:21:bc:d6:63:e4:
                    1d:16:fa:9b:cb:6e:d1:4c:44:a3:61:2a:87:c7:e2:
                    af:d3:65:b7:4a:8e:71:d9:82:4a:82:57:c2:a8:e4:
                    f6:98:82:1a:4d:28:5a:60:bd:70:12:f5:70:29:3b:
                    e7:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:04:7E:8F:13:0E:AD:A2:3F:DF:AC:CB:C8:27:62:9A:B4:F2:8F:5D
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210825.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5a1::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:0a:2a:34:a3:58:89:84:6f:85:bf:6a:6d:19:b8:fe:91:56:
         a9:f1:67:39:ee:10:3a:24:ca:17:31:d1:bb:d4:d5:9e:ba:0e:
         5b:62:44:5e:64:e6:d4:b2:47:f3:60:a7:18:fc:09:57:04:4e:
         ed:0e:40:94:b8:f9:10:c7:f3:5d:50:3f:83:d8:19:f4:59:60:
         c5:4f:c7:53:74:83:e2:61:71:0e:7f:fe:73:00:c5:95:bd:0b:
         c8:64:99:f9:40:85:54:17:45:67:72:b6:fe:d1:af:24:8a:d5:
         0b:d4:5a:23:6a:6f:35:90:5b:71:2a:b0:25:05:fb:c8:49:47:
         51:fb:5c:bf:c5:8f:4e:1f:b5:b6:32:25:9a:69:e4:04:72:16:
         15:51:5d:a0:a5:2e:7e:4c:7d:8d:3d:96:ef:b9:53:df:d0:f1:
         8f:b2:ab:ff:4a:d6:a5:a6:7e:fd:b2:29:7e:7f:33:50:23:fd:
         19:18:d6:4a:80:77:0c:20:96:30:63:8f:4c:5c:de:0d:3c:4f:
         59:94:ef:99:f4:8d:0c:a9:87:ef:f2:29:56:26:a4:37:ca:04:
         64:5d:9f:9a:cd:10:06:36:d9:93:fd:29:a3:78:e1:c0:af:13:
         13:7c:18:c1:5b:68:7c:04:46:6b:b7:5a:8f:5a:a2:30:85:39:
         f5:56:28:9a
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIURc6Cqws2cNje/n56QGK8IfM8rlAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MjBaFw0yNDEyMDMwMjQ0MjBaMDMxMTAvBgNV
BAMTKDExMDQ3RThGMTMwRUFEQTIzRkRGQUNDQkM4Mjc2MjlBQjRGMjhGNUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHG/OtBwtvzc0c6c2yvq9rv1tE
RT700RzX2dTjnUJrPfiOHngnoGppxvL/zXdrPOIeB9IVSmclKUYPAGTwPMZVVEaE
oa2H3/v/XOVgW/0COzSzMqw4p/RXhm4HFeJnbHyIVIs6d1ELU4Kz5DfKnuNjGgfZ
J1D5+MKYUOB14WgnepmQLc/yvm12Nz4UFNzefQ7zbb7nBZSvuUSy07gviLqJddny
sAoyzXCErHhiy1deMTMas3NcqFuZNlzPvHp66u1TE1G+QOXrX1QlF+0hvNZj5B0W
+pvLbtFMRKNhKofH4q/TZbdKjnHZgkqCV8Ko5PaYghpNKFpgvXAS9XApO+cNAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUEQR+jxMOraI/36zLyCdimrTyj10wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEwODI1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQWhMA0GCSqGSIb3DQEBCwUAA4IBAQCkCio0
o1iJhG+Fv2ptGbj+kVap8Wc57hA6JMoXMdG71NWeug5bYkReZObUskfzYKcY/AlX
BE7tDkCUuPkQx/NdUD+D2Bn0WWDFT8dTdIPiYXEOf/5zAMWVvQvIZJn5QIVUF0Vn
crb+0a8kitUL1Fojam81kFtxKrAlBfvISUdR+1y/xY9OH7W2MiWaaeQEchYVUV2g
pS5+TH2NPZbvuVPf0PGPsqv/Stalpn79sil+fzNQI/0ZGNZKgHcMIJYwY49MXN4N
PE9ZlO+Z9I0MqYfv8ilWJqQ3ygRkXZ+azRAGNtmT/SmjeOHArxMTfBjBW2h8BEZr
t1qPWqIwhTn1Viia
-----END CERTIFICATE-----