Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211443.roa
File:                     AS211443.roa (raw, json)
Hash identifier:          Vx9lmU4lFZs78EAYFM5A16k64F+2nhAyXV3PBEB2FJM=
Subject key identifier:   03:FE:1A:8A:56:84:A6:59:6B:F6:BD:B4:F2:14:07:92:C5:ED:82:ED
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       4DFFF9079AF8A6D84F035D7737E31F4A5685B85B
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211443.roa
Signing time:             Mon 11 Dec 2023 00:44:21 +0000
ROA not before:           Mon 11 Dec 2023 00:39:21 +0000
ROA not after:            Mon 09 Dec 2024 00:44:21 +0000
asID:                     211443
IP address blocks:        2a06:a005:ed0::/44 maxlen: 48
                          2a06:a005:2a60::/44 maxlen: 48
                          2a06:a005:2a70::/44 maxlen: 48
                          2a06:a005:2a80::/44 maxlen: 48
                          2a06:a005:2a90::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:ff:f9:07:9a:f8:a6:d8:4f:03:5d:77:37:e3:1f:4a:56:85:b8:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec 11 00:39:21 2023 GMT
            Not After : Dec  9 00:44:21 2024 GMT
        Subject: CN=03FE1A8A5684A6596BF6BDB4F2140792C5ED82ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:54:01:5f:da:6b:6b:39:9c:72:b5:d7:d4:80:
                    bd:3e:4c:f3:d2:52:3e:de:c9:d3:e9:56:ca:50:22:
                    ca:d0:4f:08:84:3c:ec:5e:a9:1b:2b:1e:86:95:a4:
                    23:c6:59:01:74:08:f2:d3:59:e1:ba:a4:3c:22:10:
                    c9:c2:ed:af:49:72:49:09:15:4e:8f:74:33:b9:20:
                    98:0c:30:5d:a7:24:e2:b2:dc:ba:52:6c:73:c4:d1:
                    7e:46:dc:06:27:f7:05:c0:7f:5e:3e:75:0f:74:a2:
                    f8:8e:84:ea:09:dd:0c:2e:d8:3b:9d:b7:0c:ca:ab:
                    04:ab:6f:43:80:57:10:8a:54:ea:7a:9e:87:5d:8a:
                    6e:00:17:05:1e:24:51:c4:88:64:48:0f:10:5a:42:
                    34:79:b9:b3:0c:6b:ba:f1:b6:b0:55:dc:da:ce:0a:
                    c4:91:3e:31:0e:9d:e2:64:41:c2:9e:df:60:a4:4e:
                    b8:9b:ad:d4:72:5a:d9:34:6b:34:71:6e:c4:d7:16:
                    4b:09:5d:eb:45:4d:31:c6:8d:a8:fc:d3:68:86:32:
                    e2:e2:0c:48:e9:23:24:d7:68:86:73:70:7a:cb:24:
                    5c:5d:22:65:00:57:dc:9c:d0:9f:9b:7f:71:f7:b0:
                    25:ad:f8:09:6b:f9:ab:3b:05:8c:47:47:1a:e2:51:
                    69:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:FE:1A:8A:56:84:A6:59:6B:F6:BD:B4:F2:14:07:92:C5:ED:82:ED
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211443.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:ed0::/44
                  2a06:a005:2a60::-2a06:a005:2a9f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         d4:7b:cd:03:31:b4:6d:a6:f8:f5:e3:31:b7:c7:f5:60:4c:44:
         45:8f:f5:22:3b:3d:60:cd:67:44:65:a2:bb:bd:87:40:1a:26:
         48:3c:39:25:81:61:97:33:30:b0:fd:80:d3:78:a2:46:45:dc:
         20:3b:56:73:97:58:53:48:cd:86:5c:b0:f5:f1:51:ce:16:13:
         4a:16:a8:85:49:98:f4:2d:52:12:d3:38:42:64:46:92:f1:61:
         f3:c1:16:67:46:93:b5:d9:13:93:21:7c:99:7e:6d:a4:24:6e:
         ed:96:29:66:a3:8b:f5:25:4a:d6:df:ba:07:6c:4a:b9:d1:f9:
         b8:c1:2d:bb:da:d8:5e:06:01:71:64:b8:37:38:81:85:ce:c1:
         6c:c6:83:e4:57:13:32:ba:14:96:bb:05:f3:d1:e9:9a:63:eb:
         5d:16:25:9e:99:41:f0:a5:72:a9:87:da:1a:d6:c2:f3:ab:fd:
         cc:be:32:07:49:23:80:b5:f4:ca:76:86:ad:fe:87:ff:20:92:
         dc:d1:44:9c:c5:af:e2:fd:0b:3e:33:08:48:86:46:b7:33:8b:
         44:a7:51:fa:c5:17:99:47:32:f1:45:e3:74:89:25:85:65:e6:
         84:b8:87:41:7c:ce:47:f3:d4:0b:19:61:c0:6f:29:11:17:34:
         bd:98:25:e6
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgIUTf/5B5r4pthPA113N+MfSlaFuFswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMTEwMDM5MjFaFw0yNDEyMDkwMDQ0MjFaMDMxMTAvBgNV
BAMTKDAzRkUxQThBNTY4NEE2NTk2QkY2QkRCNEYyMTQwNzkyQzVFRDgyRUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtVAFf2mtrOZxytdfUgL0+TPPS
Uj7eydPpVspQIsrQTwiEPOxeqRsrHoaVpCPGWQF0CPLTWeG6pDwiEMnC7a9JckkJ
FU6PdDO5IJgMMF2nJOKy3LpSbHPE0X5G3AYn9wXAf14+dQ90oviOhOoJ3Qwu2Dud
twzKqwSrb0OAVxCKVOp6noddim4AFwUeJFHEiGRIDxBaQjR5ubMMa7rxtrBV3NrO
CsSRPjEOneJkQcKe32CkTribrdRyWtk0azRxbsTXFksJXetFTTHGjaj802iGMuLi
DEjpIyTXaIZzcHrLJFxdImUAV9yc0J+bf3H3sCWt+Alr+as7BYxHRxriUWmvAgMB
AAGjggIGMIICAjAdBgNVHQ4EFgQUA/4ailaEpllr9r208hQHksXtgu0wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExNDQzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEH
AQH/BCcwJTAjBAIAAjAdAwcEKgagBQ7QMBIDBwUqBqAFKmADBwUqBqAFKoAwDQYJ
KoZIhvcNAQELBQADggEBANR7zQMxtG2m+PXjMbfH9WBMREWP9SI7PWDNZ0Rloru9
h0AaJkg8OSWBYZczMLD9gNN4okZF3CA7VnOXWFNIzYZcsPXxUc4WE0oWqIVJmPQt
UhLTOEJkRpLxYfPBFmdGk7XZE5MhfJl+baQkbu2WKWaji/UlStbfugdsSrnR+bjB
Lbva2F4GAXFkuDc4gYXOwWzGg+RXEzK6FJa7BfPR6Zpj610WJZ6ZQfClcqmH2hrW
wvOr/cy+MgdJI4C19Mp2hq3+h/8gktzRRJzFr+L9Cz4zCEiGRrczi0SnUfrFF5lH
MvFF43SJJYVl5oS4h0F8zkfz1AsZYcBvKREXNL2YJeY=
-----END CERTIFICATE-----