Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210888.roa
File:                     AS210888.roa (raw, json)
Hash identifier:          u3NYqO8rU5NapjAz94Un8Mc+84T3+NlFk1eyoijFZWc=
Subject key identifier:   43:DB:07:27:48:00:B7:7D:86:CC:A5:2A:B1:94:CD:97:6D:B0:36:24
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       1A2FCEE60A1365BDB4BF86D3F0E11D305461474F
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210888.roa
Signing time:             Tue 05 Dec 2023 02:44:13 +0000
ROA not before:           Tue 05 Dec 2023 02:39:13 +0000
ROA not after:            Tue 03 Dec 2024 02:44:13 +0000
asID:                     210888
IP address blocks:        2a06:a005:4f0::/44 maxlen: 48
                          2a06:a005:1169::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:2f:ce:e6:0a:13:65:bd:b4:bf:86:d3:f0:e1:1d:30:54:61:47:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:13 2023 GMT
            Not After : Dec  3 02:44:13 2024 GMT
        Subject: CN=43DB07274800B77D86CCA52AB194CD976DB03624
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:3b:cf:b6:30:df:07:e4:5c:d7:70:60:db:85:
                    d3:6e:7f:9c:a2:b9:64:61:e5:b0:83:a1:dd:3d:a3:
                    1d:64:ee:ca:b2:8c:e9:4f:76:17:0f:1f:a8:c6:33:
                    22:18:5c:20:19:b7:a9:64:04:7f:0a:62:4f:e7:30:
                    90:8f:47:76:df:72:35:d2:a2:5b:2a:a6:0e:23:70:
                    26:af:87:9a:ae:c5:ce:8b:24:88:19:d8:75:d2:f9:
                    ac:10:73:0c:2d:b3:a1:ab:8c:d1:f7:61:63:94:87:
                    f7:01:5d:5f:45:57:3e:3b:19:03:1b:e2:f9:59:fa:
                    53:41:64:ed:cd:70:26:9b:6a:9c:ef:7f:4c:34:a2:
                    05:58:13:76:5f:39:40:04:45:8c:b5:2a:e8:0a:a2:
                    da:d2:33:9b:cd:1c:05:a2:e4:a4:47:c9:50:e0:10:
                    27:ad:a9:63:cc:b0:a7:69:cd:38:c6:35:09:fd:e7:
                    8d:dd:aa:3e:95:89:67:c5:ba:10:28:05:e3:48:02:
                    27:b8:c6:5f:ed:e0:5e:ae:11:0b:14:a9:a8:c0:2c:
                    3e:78:f8:bd:32:fc:b7:b8:9f:d9:ce:f1:45:39:b0:
                    12:da:35:1b:c6:e2:c4:b2:9a:ad:f0:2b:f4:24:19:
                    5a:2e:96:43:02:14:58:75:cd:3e:f4:83:2e:4a:94:
                    69:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:DB:07:27:48:00:B7:7D:86:CC:A5:2A:B1:94:CD:97:6D:B0:36:24
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS210888.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:4f0::/44
                  2a06:a005:1169::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:5a:63:de:da:75:b4:f2:e8:39:56:03:46:a8:9f:3e:85:1c:
         fd:cc:04:a1:12:c0:69:99:9e:63:dd:1e:dc:71:77:3d:91:57:
         dc:7c:34:d1:59:6d:16:b7:5a:e5:ec:ed:aa:4c:a2:03:ee:bc:
         77:fe:94:e0:04:18:06:77:07:cc:36:94:c4:aa:02:56:d6:bd:
         a2:58:5b:ac:c0:a4:25:39:12:ee:9a:5f:96:3f:83:e6:28:80:
         69:1c:bc:21:b1:22:f2:e8:8d:03:02:f9:b6:af:8f:cf:9b:84:
         7a:d7:a0:f2:31:d4:62:82:ca:cb:4d:73:cb:d2:e9:37:26:b5:
         d4:83:08:f4:d8:87:c8:b4:d2:25:ad:50:9e:09:9c:0a:12:5c:
         bd:4f:3b:10:f7:25:41:e0:9e:69:f8:4f:51:08:fc:41:1f:22:
         7b:2d:52:75:7c:fa:8f:96:23:97:23:dd:44:0e:94:8e:b7:3b:
         82:6f:50:91:b5:ce:9a:74:65:77:02:5c:59:53:71:0d:c2:f4:
         ee:24:a6:c8:26:ff:02:3d:bd:4f:5a:3b:7c:2a:6b:38:b5:0d:
         13:a2:1c:11:cf:f2:c4:89:e2:ff:f6:02:ad:c2:f2:5e:3b:ef:
         86:51:a8:47:a3:73:63:e3:1c:10:a8:7e:70:43:9d:9f:6e:01:
         82:36:ef:f5
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUGi/O5goTZb20v4bT8OEdMFRhR08wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTNaFw0yNDEyMDMwMjQ0MTNaMDMxMTAvBgNV
BAMTKDQzREIwNzI3NDgwMEI3N0Q4NkNDQTUyQUIxOTRDRDk3NkRCMDM2MjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYO8+2MN8H5FzXcGDbhdNuf5yi
uWRh5bCDod09ox1k7sqyjOlPdhcPH6jGMyIYXCAZt6lkBH8KYk/nMJCPR3bfcjXS
olsqpg4jcCavh5quxc6LJIgZ2HXS+awQcwwts6GrjNH3YWOUh/cBXV9FVz47GQMb
4vlZ+lNBZO3NcCabapzvf0w0ogVYE3ZfOUAERYy1KugKotrSM5vNHAWi5KRHyVDg
ECetqWPMsKdpzTjGNQn9543dqj6ViWfFuhAoBeNIAie4xl/t4F6uEQsUqajALD54
+L0y/Le4n9nO8UU5sBLaNRvG4sSymq3wK/QkGVoulkMCFFh1zT70gy5KlGltAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUQ9sHJ0gAt32GzKUqsZTNl22wNiQwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEwODg4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcEKgagBQTwAwcAKgagBRFpMA0GCSqGSIb3DQEBCwUA
A4IBAQBSWmPe2nW08ug5VgNGqJ8+hRz9zAShEsBpmZ5j3R7ccXc9kVfcfDTRWW0W
t1rl7O2qTKID7rx3/pTgBBgGdwfMNpTEqgJW1r2iWFuswKQlORLuml+WP4PmKIBp
HLwhsSLy6I0DAvm2r4/Pm4R616DyMdRigsrLTXPL0uk3JrXUgwj02IfItNIlrVCe
CZwKEly9TzsQ9yVB4J5p+E9RCPxBHyJ7LVJ1fPqPliOXI91EDpSOtzuCb1CRtc6a
dGV3AlxZU3ENwvTuJKbIJv8CPb1PWjt8Kms4tQ0TohwRz/LEieL/9gKtwvJeO++G
UahHo3Nj4xwQqH5wQ52fbgGCNu/1
-----END CERTIFICATE-----