Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211360.roa
File:                     AS211360.roa (raw, json)
Hash identifier:          mC9xXIeyGsXX8Qxv8VFpeMwnxS6PDM9vdFe2R2TFufg=
Subject key identifier:   52:D6:67:FE:75:55:83:18:4A:08:80:93:86:F3:A5:84:A7:D4:BE:41
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       6FB6241DACE8CC5118D646FE1F12AB1826D3F326
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211360.roa
Signing time:             Fri 13 Dec 2024 02:56:29 +0000
ROA not before:           Fri 13 Dec 2024 02:51:29 +0000
ROA not after:            Fri 12 Dec 2025 02:56:29 +0000
asID:                     211360
IP address blocks:        2a06:a005:1f::/48 maxlen: 48
                          2a06:a005:a90::/44 maxlen: 48
                          2a06:a005:aa0::/44 maxlen: 48
                          2a06:a005:ac0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 11:21:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:b6:24:1d:ac:e8:cc:51:18:d6:46:fe:1f:12:ab:18:26:d3:f3:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec 13 02:51:29 2024 GMT
            Not After : Dec 12 02:56:29 2025 GMT
        Subject: CN=52D667FE755583184A08809386F3A584A7D4BE41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:45:34:26:2b:33:ec:92:b1:fb:b0:8c:4b:90:
                    41:92:26:7d:19:62:50:80:5a:b0:3c:5a:43:0e:90:
                    d0:11:20:c4:08:3f:01:62:08:5d:24:79:67:19:2f:
                    c7:02:06:27:27:11:a3:f7:6e:9d:61:cc:3a:25:bc:
                    68:f5:a2:9c:a3:50:ab:fc:e2:ef:67:93:10:ef:aa:
                    39:a0:74:ec:dd:7a:68:8f:80:d8:43:46:ec:af:9d:
                    63:20:1f:24:8a:d2:ac:5b:1f:38:69:c7:51:1f:9b:
                    3a:7b:17:5a:08:32:ab:7e:84:35:25:c6:1c:1f:68:
                    f0:eb:f4:2f:8f:17:fe:0b:c2:27:1e:fd:f4:b2:3c:
                    12:bd:02:a0:c0:59:e3:05:45:6b:c0:ff:70:f9:b2:
                    a2:f7:fa:c2:8a:d5:81:80:2d:b0:a5:25:03:f2:3e:
                    b9:3e:1f:b9:2d:41:d4:ed:1e:7a:18:39:c7:a1:44:
                    b5:af:38:eb:c9:6d:32:01:30:56:11:0c:f0:29:4a:
                    bd:64:72:56:bf:3e:45:e0:4d:25:99:fe:e0:20:98:
                    ba:46:8a:47:d1:9e:40:01:4a:8e:19:6a:48:fd:d1:
                    9b:04:ec:37:d5:06:52:a3:02:16:5e:28:4c:7a:ee:
                    97:e4:b0:2d:92:a4:a9:ec:5b:0c:72:97:b7:1f:f4:
                    de:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:D6:67:FE:75:55:83:18:4A:08:80:93:86:F3:A5:84:A7:D4:BE:41
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211360.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1f::/48
                  2a06:a005:a90::-2a06:a005:aaf:ffff:ffff:ffff:ffff:ffff
                  2a06:a005:ac0::/44

    Signature Algorithm: sha256WithRSAEncryption
         d6:b4:18:67:46:6b:09:17:77:0a:66:1d:72:52:09:25:93:28:
         26:00:d9:33:34:e1:08:f5:3c:34:87:e0:6c:6d:a1:f7:13:f9:
         a5:b5:1d:fa:7d:87:0e:09:7a:27:aa:34:6a:d3:6e:8d:89:b3:
         d3:c5:1c:8b:24:51:e3:ff:9c:c9:67:ef:8c:27:57:80:61:75:
         d6:5e:be:d4:1d:f4:e4:3b:df:dc:ba:37:b9:d3:2b:ca:0e:fe:
         9e:d3:38:5c:91:b3:5d:e3:5c:e8:71:91:0d:12:ef:94:93:22:
         1f:b5:bd:bf:21:2d:d6:f5:40:54:98:f9:d8:9d:ff:0b:16:69:
         f1:da:bc:8c:a0:ae:88:91:8d:5c:8a:f3:70:36:99:22:9e:f7:
         37:02:4d:f1:8d:46:16:a5:11:2d:eb:ae:78:71:06:b3:2d:9c:
         0e:2f:6f:c2:8f:1a:63:d3:2a:b2:2d:88:a6:2e:bf:08:aa:69:
         30:d4:fb:0a:eb:39:cf:44:9c:1b:a2:fb:4b:80:ef:14:66:28:
         99:a4:41:15:94:45:63:76:d1:4d:fb:fb:d1:2a:61:7c:c5:fc:
         5c:a1:fb:c1:8f:0c:42:ff:ad:90:47:27:d3:92:b9:64:a2:f4:
         be:3d:ae:74:72:de:48:a3:a0:bc:cc:2b:3c:ef:43:20:de:8f:
         53:5e:64:ea
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUb7YkHazozFEY1kb+HxKrGCbT8yYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDEyMTMwMjUxMjlaFw0yNTEyMTIwMjU2MjlaMDMxMTAvBgNV
BAMTKDUyRDY2N0ZFNzU1NTgzMTg0QTA4ODA5Mzg2RjNBNTg0QTdENEJFNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDURTQmKzPskrH7sIxLkEGSJn0Z
YlCAWrA8WkMOkNARIMQIPwFiCF0keWcZL8cCBicnEaP3bp1hzDolvGj1opyjUKv8
4u9nkxDvqjmgdOzdemiPgNhDRuyvnWMgHySK0qxbHzhpx1Efmzp7F1oIMqt+hDUl
xhwfaPDr9C+PF/4Lwice/fSyPBK9AqDAWeMFRWvA/3D5sqL3+sKK1YGALbClJQPy
Prk+H7ktQdTtHnoYOcehRLWvOOvJbTIBMFYRDPApSr1kcla/PkXgTSWZ/uAgmLpG
ikfRnkABSo4Zakj90ZsE7DfVBlKjAhZeKEx67pfksC2SpKnsWwxyl7cf9N5NAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUUtZn/nVVgxhKCICThvOlhKfUvkEwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExMzYwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEH
AQH/BDAwLjAsBAIAAjAmAwcAKgagBQAfMBIDBwQqBqAFCpADBwQqBqAFCqADBwQq
BqAFCsAwDQYJKoZIhvcNAQELBQADggEBANa0GGdGawkXdwpmHXJSCSWTKCYA2TM0
4Qj1PDSH4GxtofcT+aW1Hfp9hw4JeieqNGrTbo2Js9PFHIskUeP/nMln74wnV4Bh
ddZevtQd9OQ739y6N7nTK8oO/p7TOFyRs13jXOhxkQ0S75STIh+1vb8hLdb1QFSY
+did/wsWafHavIygroiRjVyK83A2mSKe9zcCTfGNRhalES3rrnhxBrMtnA4vb8KP
GmPTKrItiKYuvwiqaTDU+wrrOc9EnBui+0uA7xRmKJmkQRWURWN20U37+9EqYXzF
/Fyh+8GPDEL/rZBHJ9OSuWSi9L49rnRy3kijoLzMKzzvQyDej1NeZOo=
-----END CERTIFICATE-----