Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211063.roa
File:                     AS211063.roa (raw, json)
Hash identifier:          TciGcW1sT7ybeBaQE3iz2bnOULpKuakcgLfQF3cFzHY=
Subject key identifier:   CE:2A:AA:9F:E5:B8:31:4D:B6:4C:F5:78:92:CC:72:C0:E4:9B:22:A5
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       6123A5ABE83E978703961593AEAC471A63E16109
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211063.roa
Signing time:             Tue 05 Dec 2023 02:44:19 +0000
ROA not before:           Tue 05 Dec 2023 02:39:19 +0000
ROA not after:            Tue 03 Dec 2024 02:44:19 +0000
asID:                     211063
IP address blocks:        2a06:a005:1d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:23:a5:ab:e8:3e:97:87:03:96:15:93:ae:ac:47:1a:63:e1:61:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:19 2023 GMT
            Not After : Dec  3 02:44:19 2024 GMT
        Subject: CN=CE2AAA9FE5B8314DB64CF57892CC72C0E49B22A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:74:01:3b:32:81:7c:99:cd:66:f5:ac:d0:6d:
                    3b:4f:fe:99:ca:ae:c6:7b:07:c6:3f:d6:f1:15:71:
                    67:85:cc:6d:f1:c9:d8:4b:d9:2c:d1:f2:61:e5:17:
                    d3:f1:cd:e2:ab:fe:47:9c:6b:d2:ec:29:f8:2f:6c:
                    77:cb:a6:30:67:74:a4:fc:1c:50:73:2d:b4:21:fc:
                    53:67:99:0f:05:23:64:2d:e2:46:e8:1e:3c:26:58:
                    97:f5:de:4d:b7:36:3b:c5:35:94:16:df:ca:4d:db:
                    6c:12:0a:3c:d8:4e:97:4f:a9:a3:32:b6:f2:a6:4e:
                    56:74:f4:0b:a7:99:68:27:34:0c:1b:e4:9a:35:c2:
                    97:89:f0:79:eb:7a:a6:52:77:0d:3a:b6:56:9a:b9:
                    5d:be:dd:f9:7c:df:7d:37:a8:09:a9:c7:7f:77:f6:
                    3e:63:cb:c4:fc:9f:fe:9f:cf:f9:7c:f3:91:1f:e6:
                    cd:a1:2d:07:bf:0e:75:05:79:69:a9:f1:f8:fe:c2:
                    2a:6c:0e:8a:1e:a9:f0:44:83:0b:82:f7:0e:48:03:
                    b8:8f:68:9a:af:d1:01:7e:e2:79:b7:af:a3:44:07:
                    eb:9b:8b:ae:e3:42:a6:b6:00:a0:ca:18:83:e5:32:
                    78:11:f5:50:31:49:8e:7e:6a:8b:5b:d5:03:38:b8:
                    c1:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:2A:AA:9F:E5:B8:31:4D:B6:4C:F5:78:92:CC:72:C0:E4:9B:22:A5
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211063.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1d::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:01:61:65:ba:35:76:d8:e9:28:cd:e8:d5:38:2d:6c:b9:49:
         f2:bd:b2:c3:21:ea:b8:cc:fb:33:6d:00:ed:95:2d:1c:0f:ec:
         31:3d:13:c5:fb:28:21:de:62:6e:44:98:98:3b:00:4b:28:79:
         97:f1:99:30:c5:45:2a:c1:c1:4c:51:51:48:ea:4c:8b:c0:19:
         de:7d:fa:65:28:40:d4:ad:af:c9:a1:49:bb:27:95:5d:91:fb:
         43:ae:5d:2b:ca:5a:4b:d6:cf:ca:03:91:2e:d2:81:e4:ec:25:
         64:71:61:0a:3e:a0:62:ff:e3:07:bf:46:8d:a8:a6:2c:84:82:
         69:af:8c:68:3d:ce:ef:a5:15:9f:f6:75:16:50:39:94:c8:a1:
         59:72:78:5c:64:6a:a5:69:0d:02:8e:ac:56:70:11:c6:f2:b0:
         41:06:c5:76:02:1c:98:bb:e2:1a:65:0d:25:e9:a3:44:17:82:
         57:10:9e:15:39:30:1e:80:33:2f:5b:29:d3:62:06:13:fb:fe:
         be:6f:ad:b1:79:03:96:49:2e:83:9a:75:3d:ef:1a:25:00:e7:
         ae:bc:ac:bf:33:a4:33:b7:92:d6:8b:fd:a3:f2:77:d2:d6:e9:
         cf:23:41:bc:e1:4f:43:14:11:dc:e5:38:fe:8f:bd:ae:98:1c:
         5b:47:d8:aa
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUYSOlq+g+l4cDlhWTrqxHGmPhYQkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTlaFw0yNDEyMDMwMjQ0MTlaMDMxMTAvBgNV
BAMTKENFMkFBQTlGRTVCODMxNERCNjRDRjU3ODkyQ0M3MkMwRTQ5QjIyQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpdAE7MoF8mc1m9azQbTtP/pnK
rsZ7B8Y/1vEVcWeFzG3xydhL2SzR8mHlF9PxzeKr/keca9LsKfgvbHfLpjBndKT8
HFBzLbQh/FNnmQ8FI2Qt4kboHjwmWJf13k23NjvFNZQW38pN22wSCjzYTpdPqaMy
tvKmTlZ09AunmWgnNAwb5Jo1wpeJ8HnreqZSdw06tlaauV2+3fl83303qAmpx393
9j5jy8T8n/6fz/l885Ef5s2hLQe/DnUFeWmp8fj+wipsDooeqfBEgwuC9w5IA7iP
aJqv0QF+4nm3r6NEB+ubi67jQqa2AKDKGIPlMngR9VAxSY5+aotb1QM4uMFjAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUziqqn+W4MU22TPV4ksxywOSbIqUwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExMDYzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQAdMA0GCSqGSIb3DQEBCwUAA4IBAQASAWFl
ujV22OkozejVOC1suUnyvbLDIeq4zPszbQDtlS0cD+wxPRPF+ygh3mJuRJiYOwBL
KHmX8ZkwxUUqwcFMUVFI6kyLwBneffplKEDUra/JoUm7J5VdkftDrl0rylpL1s/K
A5Eu0oHk7CVkcWEKPqBi/+MHv0aNqKYshIJpr4xoPc7vpRWf9nUWUDmUyKFZcnhc
ZGqlaQ0CjqxWcBHG8rBBBsV2AhyYu+IaZQ0l6aNEF4JXEJ4VOTAegDMvWynTYgYT
+/6+b62xeQOWSS6DmnU97xolAOeuvKy/M6Qzt5LWi/2j8nfS1unPI0G84U9DFBHc
5Tj+j72umBxbR9iq
-----END CERTIFICATE-----