Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211367.roa
File:                     AS211367.roa (raw, json)
Hash identifier:          WFwyAoEZhhIsXm3bx7IXJsTIsZLiJ/3uujn7lf27sgA=
Subject key identifier:   28:D3:77:21:73:2F:21:7B:2A:85:00:ED:FA:9A:B7:E6:2F:10:FF:A6
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       1E6B3605EB8422523E3C45BE692CBA596443EC67
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211367.roa
Signing time:             Tue 05 Dec 2023 02:44:12 +0000
ROA not before:           Tue 05 Dec 2023 02:39:12 +0000
ROA not after:            Tue 03 Dec 2024 02:44:12 +0000
asID:                     211367
IP address blocks:        2a06:a005:420::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:6b:36:05:eb:84:22:52:3e:3c:45:be:69:2c:ba:59:64:43:ec:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:12 2023 GMT
            Not After : Dec  3 02:44:12 2024 GMT
        Subject: CN=28D37721732F217B2A8500EDFA9AB7E62F10FFA6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:b4:03:ed:17:cf:20:4a:ce:3a:f4:ab:55:d4:
                    cd:4e:40:a9:51:70:10:e5:75:b9:4c:bf:69:4d:c6:
                    8e:4d:50:82:b9:1b:c3:90:4b:a3:46:a0:f3:e4:50:
                    0f:5e:e9:e3:6e:64:0e:57:3d:46:80:84:74:af:eb:
                    8c:0a:a6:48:1b:9d:63:9f:b7:64:90:47:ac:03:0f:
                    e5:c8:49:35:b5:20:f8:26:d2:f2:dd:3f:61:ae:3c:
                    ee:45:a4:86:2f:e2:c7:e9:e8:97:28:a4:f4:92:c8:
                    5d:1e:c7:e5:fb:f7:92:96:21:f1:67:07:74:a6:71:
                    0a:ab:60:2f:db:dd:e2:f3:e0:f2:bb:63:1f:7d:49:
                    36:0c:56:58:db:be:8c:26:39:61:8a:66:09:1a:c6:
                    62:21:6f:1d:33:fb:ce:08:cd:4d:ad:e1:08:5c:c3:
                    c3:ce:9a:d1:17:57:f1:1e:aa:52:22:a4:d7:18:84:
                    97:a9:32:72:a8:fb:2a:92:30:cf:57:d0:63:58:a5:
                    10:a8:f9:45:61:60:c2:d5:4c:3a:26:82:50:5f:69:
                    9a:32:32:a0:86:a3:bf:5b:8c:55:b4:ba:e9:32:2a:
                    32:80:0a:08:93:cf:11:01:08:bc:a6:ca:89:18:4c:
                    9c:6e:6a:cc:e6:6e:52:a5:08:7f:9c:51:e2:6d:4f:
                    0a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:D3:77:21:73:2F:21:7B:2A:85:00:ED:FA:9A:B7:E6:2F:10:FF:A6
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211367.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:420::/44

    Signature Algorithm: sha256WithRSAEncryption
         17:9e:b1:21:57:f9:f4:ed:4a:88:d7:55:03:12:5a:1c:46:84:
         7e:4c:87:87:52:ae:cd:d7:54:57:f1:af:e2:b2:7c:6b:46:19:
         4e:b5:75:d2:34:94:db:7b:97:4f:a9:9b:6e:ed:8e:82:a9:7d:
         8a:72:44:bd:2d:41:77:9a:d5:31:d6:ce:96:04:00:4a:df:86:
         e2:01:8b:62:d6:2e:92:11:4a:7e:b0:0a:2b:06:d6:a5:d1:1b:
         a7:4f:61:8e:83:33:85:93:01:3c:f4:36:cd:2a:dc:c1:51:c7:
         08:e8:5f:6a:37:c4:73:65:40:a5:63:04:0c:d4:da:57:a9:e4:
         25:2c:cb:69:8e:76:8d:cb:8a:cd:ec:a8:96:a8:e7:2c:50:cc:
         f7:d7:32:49:e4:d6:64:6f:e4:b6:8f:19:f9:f1:b4:2b:30:f5:
         26:42:43:88:66:c3:67:9b:21:9f:1a:23:7b:f2:5e:0f:59:24:
         65:88:c3:b8:c5:9f:d3:03:67:04:ec:32:8a:66:62:0e:61:78:
         9c:06:39:b3:d3:a9:d5:af:f7:79:d1:eb:72:8f:64:00:80:87:
         67:b1:9a:79:8f:35:4d:3a:fc:cc:80:f6:05:72:cf:d0:02:91:
         3c:cc:3d:45:b9:e3:15:7a:a9:fa:4a:5e:18:83:ed:7c:d5:82:
         7a:6e:ba:ff
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUHms2BeuEIlI+PEW+aSy6WWRD7GcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTJaFw0yNDEyMDMwMjQ0MTJaMDMxMTAvBgNV
BAMTKDI4RDM3NzIxNzMyRjIxN0IyQTg1MDBFREZBOUFCN0U2MkYxMEZGQTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbtAPtF88gSs469KtV1M1OQKlR
cBDldblMv2lNxo5NUIK5G8OQS6NGoPPkUA9e6eNuZA5XPUaAhHSv64wKpkgbnWOf
t2SQR6wDD+XISTW1IPgm0vLdP2GuPO5FpIYv4sfp6JcopPSSyF0ex+X795KWIfFn
B3SmcQqrYC/b3eLz4PK7Yx99STYMVljbvowmOWGKZgkaxmIhbx0z+84IzU2t4Qhc
w8POmtEXV/EeqlIipNcYhJepMnKo+yqSMM9X0GNYpRCo+UVhYMLVTDomglBfaZoy
MqCGo79bjFW0uukyKjKACgiTzxEBCLymyokYTJxuaszmblKlCH+cUeJtTwpNAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUKNN3IXMvIXsqhQDt+pq35i8Q/6YwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExMzY3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQQgMA0GCSqGSIb3DQEBCwUAA4IBAQAXnrEh
V/n07UqI11UDElocRoR+TIeHUq7N11RX8a/isnxrRhlOtXXSNJTbe5dPqZtu7Y6C
qX2KckS9LUF3mtUx1s6WBABK34biAYti1i6SEUp+sAorBtal0RunT2GOgzOFkwE8
9DbNKtzBUccI6F9qN8RzZUClYwQM1NpXqeQlLMtpjnaNy4rN7KiWqOcsUMz31zJJ
5NZkb+S2jxn58bQrMPUmQkOIZsNnmyGfGiN78l4PWSRliMO4xZ/TA2cE7DKKZmIO
YXicBjmz06nVr/d50etyj2QAgIdnsZp5jzVNOvzMgPYFcs/QApE8zD1FueMVeqn6
Sl4Yg+181YJ6brr/
-----END CERTIFICATE-----