Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210842.roa
File:                     AS210842.roa (raw, json)
Hash identifier:          5WeaKL86Nzc8xq0MHvaJ57XxhJm3wtwFd1DfdTDhfnw=
Subject key identifier:   46:65:2F:C1:B1:47:BB:91:20:FC:4D:2F:F9:AF:C0:7A:D7:FC:80:89
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       18AE723AC81E61D05BFF3E2FDD70B36B398B6F4D
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210842.roa
Signing time:             Tue 05 Dec 2023 02:44:11 +0000
ROA not before:           Tue 05 Dec 2023 02:39:11 +0000
ROA not after:            Tue 03 Dec 2024 02:44:11 +0000
asID:                     210842
IP address blocks:        2a06:a005:880::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:ae:72:3a:c8:1e:61:d0:5b:ff:3e:2f:dd:70:b3:6b:39:8b:6f:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:11 2023 GMT
            Not After : Dec  3 02:44:11 2024 GMT
        Subject: CN=46652FC1B147BB9120FC4D2FF9AFC07AD7FC8089
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:dd:92:ca:62:02:40:41:6f:6e:3e:08:53:b2:
                    44:7c:81:3e:c3:a7:86:05:e7:95:41:0d:e3:fe:e5:
                    a7:93:3c:b5:19:fb:8d:3d:5a:2b:97:0c:af:0c:85:
                    85:99:cb:47:00:e1:a9:b4:cf:72:d2:ca:9a:a1:43:
                    da:c5:99:06:45:7f:92:75:55:03:35:82:3e:a6:41:
                    ca:84:95:82:fb:b3:6b:14:ed:96:51:c1:60:d3:e1:
                    e0:10:ef:35:60:85:66:8c:2d:dc:e0:b1:cf:af:3a:
                    06:ed:73:28:c5:20:da:29:a8:84:1f:6d:ec:68:38:
                    8a:59:49:73:e5:ab:5d:c1:04:b2:e3:fc:fc:f8:f2:
                    77:6d:93:bf:60:93:ce:5a:95:42:f4:5e:ce:1c:17:
                    a0:12:5b:2f:a5:d1:f9:7f:8a:93:8b:0c:0c:48:df:
                    5f:59:d9:23:7e:c9:bc:65:e6:93:c0:de:10:a3:7b:
                    7f:c3:8c:21:75:b0:ae:12:54:f9:7d:eb:11:e3:cf:
                    dd:5d:fc:3f:93:84:2b:ba:0a:0f:d4:36:59:63:ee:
                    fc:a5:a5:45:4e:34:95:7a:43:78:f4:7c:d3:df:c7:
                    17:a2:bb:b1:69:eb:e7:e3:9a:ea:19:16:eb:f0:1a:
                    23:8f:e2:12:73:11:6e:0c:85:a5:8d:e2:cf:6f:7e:
                    5f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:65:2F:C1:B1:47:BB:91:20:FC:4D:2F:F9:AF:C0:7A:D7:FC:80:89
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210842.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:880::/44

    Signature Algorithm: sha256WithRSAEncryption
         99:ca:3c:83:74:4a:9d:08:e4:45:75:b3:f9:05:2d:77:5f:09:
         0c:d9:13:81:a9:64:05:34:fb:2d:4d:e4:77:f0:79:c4:87:52:
         81:db:0b:b3:23:25:17:a5:1a:43:20:91:b8:71:0f:39:cc:35:
         12:0d:59:57:c2:59:61:48:e9:78:c2:ea:de:e5:66:77:b8:3b:
         1c:a9:39:7e:46:bd:83:05:ed:2f:60:d0:63:ab:ff:83:f4:4b:
         8f:e3:d3:3a:a9:2a:b6:3c:30:1e:72:2e:77:84:e2:f6:a8:e0:
         57:41:c7:9d:39:1b:3d:f9:e2:12:7b:3b:cc:40:97:08:28:de:
         81:75:30:dd:be:ba:70:b4:52:0c:1f:75:c2:73:2c:81:71:af:
         71:04:07:76:f4:d8:88:14:cf:c5:e5:cc:d7:85:ea:5b:67:cd:
         8d:ff:1f:ce:cb:0b:18:0a:77:62:03:17:0c:e0:37:ce:2c:33:
         ec:66:cb:26:f7:5b:5b:95:7c:15:6b:64:c1:b2:00:84:7e:d7:
         0e:3e:ff:d1:54:74:82:c6:86:0a:59:42:99:32:e2:57:8b:a0:
         e7:3c:78:92:2b:da:aa:d8:de:0d:92:60:cf:d3:0f:25:9c:6c:
         6b:5d:01:94:89:69:3a:ba:c0:b3:2a:37:1d:53:4e:24:8f:8f:
         ef:34:63:01
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUGK5yOsgeYdBb/z4v3XCzazmLb00wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTFaFw0yNDEyMDMwMjQ0MTFaMDMxMTAvBgNV
BAMTKDQ2NjUyRkMxQjE0N0JCOTEyMEZDNEQyRkY5QUZDMDdBRDdGQzgwODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs3ZLKYgJAQW9uPghTskR8gT7D
p4YF55VBDeP+5aeTPLUZ+409WiuXDK8MhYWZy0cA4am0z3LSypqhQ9rFmQZFf5J1
VQM1gj6mQcqElYL7s2sU7ZZRwWDT4eAQ7zVghWaMLdzgsc+vOgbtcyjFINopqIQf
bexoOIpZSXPlq13BBLLj/Pz48ndtk79gk85alUL0Xs4cF6ASWy+l0fl/ipOLDAxI
319Z2SN+ybxl5pPA3hCje3/DjCF1sK4SVPl96xHjz91d/D+ThCu6Cg/UNllj7vyl
pUVONJV6Q3j0fNPfxxeiu7Fp6+fjmuoZFuvwGiOP4hJzEW4MhaWN4s9vfl/1AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQURmUvwbFHu5Eg/E0v+a/Aetf8gIkwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEwODQyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQiAMA0GCSqGSIb3DQEBCwUAA4IBAQCZyjyD
dEqdCORFdbP5BS13XwkM2ROBqWQFNPstTeR38HnEh1KB2wuzIyUXpRpDIJG4cQ85
zDUSDVlXwllhSOl4wure5WZ3uDscqTl+Rr2DBe0vYNBjq/+D9EuP49M6qSq2PDAe
ci53hOL2qOBXQcedORs9+eISezvMQJcIKN6BdTDdvrpwtFIMH3XCcyyBca9xBAd2
9NiIFM/F5czXhepbZ82N/x/OywsYCndiAxcM4DfOLDPsZssm91tblXwVa2TBsgCE
ftcOPv/RVHSCxoYKWUKZMuJXi6DnPHiSK9qq2N4NkmDP0w8lnGxrXQGUiWk6usCz
KjcdU04kj4/vNGMB
-----END CERTIFICATE-----