Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211151.roa
File:                     AS211151.roa (raw, json)
Hash identifier:          Ndjrp90E4kjVjAqCv25exR8GsHYIQezqy24saD2E4eg=
Subject key identifier:   B6:A3:A9:5F:0A:FC:FD:ED:F6:A8:4F:33:FF:1E:97:05:58:00:EB:AA
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       69589877F2DD0D71517DDB3204BD9950A2DE47B9
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211151.roa
Signing time:             Wed 07 Feb 2024 12:44:24 +0000
ROA not before:           Wed 07 Feb 2024 12:39:24 +0000
ROA not after:            Wed 05 Feb 2025 12:44:24 +0000
asID:                     211151
IP address blocks:        2a06:a005:1d53::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:58:98:77:f2:dd:0d:71:51:7d:db:32:04:bd:99:50:a2:de:47:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Feb  7 12:39:24 2024 GMT
            Not After : Feb  5 12:44:24 2025 GMT
        Subject: CN=B6A3A95F0AFCFDEDF6A84F33FF1E97055800EBAA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:01:e1:33:ff:6f:0c:97:62:f9:29:ed:c3:87:
                    83:e7:28:be:6c:ac:dc:11:27:c0:d2:9d:9e:63:54:
                    9f:08:f1:83:a6:2d:2c:f6:2c:e3:6f:88:c9:be:b2:
                    d1:9d:d7:61:c0:7e:22:2f:41:74:f5:60:d3:06:83:
                    db:9a:eb:41:7d:cc:20:dc:8f:89:19:88:fa:cb:ef:
                    1e:a7:73:a1:35:14:fa:63:5e:04:29:26:96:5c:d4:
                    64:97:fa:96:8f:58:ba:50:67:d0:7f:97:fb:df:8b:
                    82:be:71:00:a4:5e:50:c6:93:78:7e:15:50:a5:99:
                    c0:5a:30:6a:59:b3:36:c6:b6:9c:ad:97:82:de:15:
                    0e:d7:a2:82:0c:fa:df:0b:c8:29:9c:85:fa:15:f0:
                    b4:f2:19:be:8a:d0:02:25:8c:3e:29:19:f1:ba:5a:
                    67:2e:14:07:fb:87:34:1a:d6:df:b7:d1:f9:fb:ff:
                    1f:cd:83:5c:c4:28:c5:cf:44:dd:91:3f:2a:82:1f:
                    ca:4c:ad:ef:d7:5c:21:d5:a2:ab:0e:66:c1:aa:b8:
                    09:c2:53:95:34:e0:c1:0a:6f:74:6a:05:aa:50:b0:
                    6c:35:bc:81:27:67:81:a5:d2:7a:e4:90:b8:2e:c8:
                    fc:40:53:e3:18:4b:86:1a:01:5a:0f:0e:10:c6:d1:
                    db:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:A3:A9:5F:0A:FC:FD:ED:F6:A8:4F:33:FF:1E:97:05:58:00:EB:AA
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211151.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1d53::/48

    Signature Algorithm: sha256WithRSAEncryption
         d3:08:3b:95:3e:cc:e7:b9:a6:5d:0b:ea:07:1c:ba:bd:1b:1c:
         8d:00:85:32:78:4a:24:8f:53:74:99:15:c8:d0:2c:9f:b3:ae:
         a1:c9:52:60:2c:5f:71:cf:28:09:64:eb:8b:94:51:bd:8d:ff:
         68:c5:c9:33:26:b3:04:48:c3:d6:ce:34:ad:92:68:49:0f:87:
         36:ac:3c:84:db:1b:71:2b:4e:ff:34:26:61:6e:b8:4e:c5:a1:
         a1:dd:9e:a8:54:4c:65:8b:42:b2:84:f3:8c:c4:15:34:12:4b:
         20:d1:5f:09:1b:b0:63:aa:7c:dd:d3:d7:a7:29:bb:b6:91:3c:
         5b:bc:5e:a3:b0:8a:3a:83:d2:62:00:fa:f4:78:42:7e:5f:10:
         9a:b4:fc:6a:2f:12:2c:fe:ab:77:9d:69:35:0d:a5:a6:2f:b9:
         fd:6a:b2:70:06:e9:e6:aa:8e:5a:21:5e:e4:44:6d:06:10:37:
         51:e1:9d:bd:e6:68:40:02:f0:02:eb:b9:81:3c:9c:c6:1e:4b:
         0c:2b:e8:8a:9b:70:cb:ae:24:6e:f4:6b:dc:33:1a:72:ca:22:
         4a:3d:15:5d:71:92:63:e2:d3:e9:d4:06:b4:54:cd:e3:ae:ce:
         0a:61:38:12:a0:96:85:65:db:5d:36:2f:17:0e:4f:ca:b7:31:
         2e:08:91:02
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUaViYd/LdDXFRfdsyBL2ZUKLeR7kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAyMDcxMjM5MjRaFw0yNTAyMDUxMjQ0MjRaMDMxMTAvBgNV
BAMTKEI2QTNBOTVGMEFGQ0ZERURGNkE4NEYzM0ZGMUU5NzA1NTgwMEVCQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzAeEz/28Ml2L5Ke3Dh4PnKL5s
rNwRJ8DSnZ5jVJ8I8YOmLSz2LONviMm+stGd12HAfiIvQXT1YNMGg9ua60F9zCDc
j4kZiPrL7x6nc6E1FPpjXgQpJpZc1GSX+paPWLpQZ9B/l/vfi4K+cQCkXlDGk3h+
FVClmcBaMGpZszbGtpytl4LeFQ7XooIM+t8LyCmchfoV8LTyGb6K0AIljD4pGfG6
WmcuFAf7hzQa1t+30fn7/x/Ng1zEKMXPRN2RPyqCH8pMre/XXCHVoqsOZsGquAnC
U5U04MEKb3RqBapQsGw1vIEnZ4Gl0nrkkLguyPxAU+MYS4YaAVoPDhDG0dt5AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUtqOpXwr8/e32qE8z/x6XBVgA66owHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExMTUxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBR1TMA0GCSqGSIb3DQEBCwUAA4IBAQDTCDuV
PsznuaZdC+oHHLq9GxyNAIUyeEokj1N0mRXI0Cyfs66hyVJgLF9xzygJZOuLlFG9
jf9oxckzJrMESMPWzjStkmhJD4c2rDyE2xtxK07/NCZhbrhOxaGh3Z6oVExli0Ky
hPOMxBU0Eksg0V8JG7Bjqnzd09enKbu2kTxbvF6jsIo6g9JiAPr0eEJ+XxCatPxq
LxIs/qt3nWk1DaWmL7n9arJwBunmqo5aIV7kRG0GEDdR4Z295mhAAvAC67mBPJzG
HksMK+iKm3DLriRu9GvcMxpyyiJKPRVdcZJj4tPp1Aa0VM3jrs4KYTgSoJaFZdtd
Ni8XDk/KtzEuCJEC
-----END CERTIFICATE-----