Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211358.roa
File:                     AS211358.roa (raw, json)
Hash identifier:          NuKiDGo1fnb7oDM5BPbvaJTMCfe8iL5H7f4s/nZbpLo=
Subject key identifier:   AB:9C:ED:B8:40:D9:61:4B:62:34:9D:07:A2:7A:DA:92:49:A2:E5:C3
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       4CCA7BE3167E7915D15145B259CD9087E60D7529
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211358.roa
Signing time:             Fri 13 Dec 2024 02:56:30 +0000
ROA not before:           Fri 13 Dec 2024 02:51:30 +0000
ROA not after:            Fri 12 Dec 2025 02:56:30 +0000
asID:                     211358
IP address blocks:        2a06:a005:750::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:24:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:ca:7b:e3:16:7e:79:15:d1:51:45:b2:59:cd:90:87:e6:0d:75:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec 13 02:51:30 2024 GMT
            Not After : Dec 12 02:56:30 2025 GMT
        Subject: CN=AB9CEDB840D9614B62349D07A27ADA9249A2E5C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7a:ca:0b:bd:bb:83:62:4d:1c:d1:05:e8:f8:
                    2c:87:e1:3d:a3:dd:09:81:02:fe:c4:63:55:05:df:
                    64:e5:ec:64:2c:35:03:92:05:c6:3d:78:99:ef:16:
                    a6:1f:3a:c0:9a:23:65:46:c0:9b:37:2b:49:34:42:
                    54:21:4b:02:57:bf:34:cc:d9:b0:29:a2:3a:2e:7a:
                    32:6e:fb:9c:e1:1c:a5:9a:64:9c:d8:12:f1:0a:7f:
                    a5:0d:ce:9e:f8:d8:34:2d:73:3c:7e:6d:c3:2e:54:
                    5a:a3:69:bd:ed:d1:ff:5e:ae:b1:42:ea:c9:26:49:
                    13:2b:35:eb:34:89:ed:68:46:81:a8:b1:d7:a0:04:
                    09:ce:71:d9:c1:93:22:88:ba:6e:0c:93:44:43:1a:
                    fd:3d:39:98:9b:fd:84:fe:77:d1:6f:80:8e:7f:3a:
                    aa:2f:a6:4b:0d:f4:31:26:75:d6:70:5e:3c:18:c4:
                    67:14:ae:37:22:d1:bc:61:bf:a7:87:de:4e:eb:c6:
                    1e:01:ec:b7:7d:65:2f:56:38:d1:52:08:76:ee:05:
                    d8:1e:35:4e:44:50:af:61:97:70:1c:f9:9d:53:17:
                    30:f9:e5:eb:bc:55:19:ad:a9:f8:68:57:6a:e7:46:
                    61:2b:93:0a:ac:7c:07:d2:bd:02:8b:c9:30:70:27:
                    fe:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:9C:ED:B8:40:D9:61:4B:62:34:9D:07:A2:7A:DA:92:49:A2:E5:C3
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211358.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:750::/44

    Signature Algorithm: sha256WithRSAEncryption
         c3:8d:1c:81:c9:72:37:36:4d:ed:a8:9f:a2:b4:f9:86:12:b9:
         7e:88:42:89:8f:9d:c1:f3:32:b1:2b:13:ad:38:ec:3f:34:09:
         2d:5a:15:be:55:2f:76:92:a1:d7:da:c5:dd:18:a2:c2:8e:e7:
         23:4a:44:1a:fd:d6:88:c6:09:7b:7c:51:9a:e3:87:f8:55:68:
         6b:94:cd:37:ec:dc:02:9b:17:c5:93:b6:ba:5e:97:90:ea:23:
         e8:80:3d:df:7c:e5:1a:57:83:ad:3e:55:ed:37:5c:44:76:83:
         ed:03:89:7a:fb:ec:0a:9e:65:c3:c7:a6:f5:01:17:b7:27:0d:
         af:0e:6b:76:b7:67:f5:0b:17:96:0c:5b:24:90:39:31:11:39:
         24:e8:ce:21:47:2e:a7:e6:68:3e:45:6e:20:14:19:96:48:77:
         25:4e:3a:a4:58:bb:22:77:96:64:f5:95:57:d9:5b:c7:90:46:
         23:d8:0c:5b:96:20:f3:60:9c:aa:bd:43:73:8e:53:5f:f0:e9:
         9a:b0:58:b6:ee:89:29:55:7b:b2:61:de:5c:41:67:f0:4e:f5:
         84:07:d3:e7:78:a6:8e:64:1c:c4:3e:b4:c6:6a:56:54:71:62:
         72:2f:a7:65:e2:16:2f:d1:73:56:f7:b6:3f:e2:72:b3:ef:06:
         ca:58:3b:6c
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUTMp74xZ+eRXRUUWyWc2Qh+YNdSkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDEyMTMwMjUxMzBaFw0yNTEyMTIwMjU2MzBaMDMxMTAvBgNV
BAMTKEFCOUNFREI4NDBEOTYxNEI2MjM0OUQwN0EyN0FEQTkyNDlBMkU1QzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAesoLvbuDYk0c0QXo+CyH4T2j
3QmBAv7EY1UF32Tl7GQsNQOSBcY9eJnvFqYfOsCaI2VGwJs3K0k0QlQhSwJXvzTM
2bApojouejJu+5zhHKWaZJzYEvEKf6UNzp742DQtczx+bcMuVFqjab3t0f9errFC
6skmSRMrNes0ie1oRoGosdegBAnOcdnBkyKIum4Mk0RDGv09OZib/YT+d9FvgI5/
OqovpksN9DEmddZwXjwYxGcUrjci0bxhv6eH3k7rxh4B7Ld9ZS9WONFSCHbuBdge
NU5EUK9hl3Ac+Z1TFzD55eu8VRmtqfhoV2rnRmErkwqsfAfSvQKLyTBwJ/4fAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUq5ztuEDZYUtiNJ0Honrakkmi5cMwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExMzU4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQdQMA0GCSqGSIb3DQEBCwUAA4IBAQDDjRyB
yXI3Nk3tqJ+itPmGErl+iEKJj53B8zKxKxOtOOw/NAktWhW+VS92kqHX2sXdGKLC
jucjSkQa/daIxgl7fFGa44f4VWhrlM037NwCmxfFk7a6XpeQ6iPogD3ffOUaV4Ot
PlXtN1xEdoPtA4l6++wKnmXDx6b1ARe3Jw2vDmt2t2f1CxeWDFskkDkxETkk6M4h
Ry6n5mg+RW4gFBmWSHclTjqkWLsid5Zk9ZVX2VvHkEYj2AxbliDzYJyqvUNzjlNf
8OmasFi27okpVXuyYd5cQWfwTvWEB9PneKaOZBzEPrTGalZUcWJyL6dl4hYv0XNW
97Y/4nKz7wbKWDts
-----END CERTIFICATE-----