Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211495.roa
File:                     AS211495.roa (raw, json)
Hash identifier:          vc94Hc9mniOZp+dyxrWbC052tPB+TqbA6p0tHhyCkJQ=
Subject key identifier:   98:22:8B:46:8C:B7:7B:35:61:A8:6A:70:44:76:B2:26:95:97:27:34
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       5746A319FB19322DE749937A08356B24E5080ACF
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211495.roa
Signing time:             Tue 05 Dec 2023 02:44:16 +0000
ROA not before:           Tue 05 Dec 2023 02:39:16 +0000
ROA not after:            Tue 03 Dec 2024 02:44:16 +0000
asID:                     211495
IP address blocks:        2a06:a005:6b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:46:a3:19:fb:19:32:2d:e7:49:93:7a:08:35:6b:24:e5:08:0a:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:16 2023 GMT
            Not After : Dec  3 02:44:16 2024 GMT
        Subject: CN=98228B468CB77B3561A86A704476B22695972734
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:d4:1e:19:a7:02:c3:11:4d:39:3c:88:5d:b9:
                    58:f8:a2:9b:82:f2:26:b4:b3:50:23:c5:d4:16:7a:
                    ec:ac:b8:5d:c1:78:e0:c7:bc:77:39:28:50:ea:97:
                    31:dd:5b:9c:00:78:e9:03:11:20:79:14:91:f4:d1:
                    03:e5:6a:bc:b8:7b:ac:90:3a:92:f6:d2:76:e6:77:
                    3a:3e:db:37:9e:47:36:06:b3:18:12:46:d0:16:01:
                    af:05:8b:fa:a6:66:4f:16:74:6f:ce:b8:c9:c9:e8:
                    b3:dd:ac:5a:dd:17:13:71:9b:57:36:2d:1d:73:f8:
                    ae:3f:cd:1b:23:de:79:0e:1d:e3:5b:6d:52:fb:98:
                    98:42:7c:d5:3f:01:ea:7b:e6:00:82:3b:bd:bb:95:
                    50:0c:c6:16:b5:14:33:9d:5d:c0:b5:93:b6:5c:7b:
                    9d:ec:a9:3c:79:62:3f:5a:91:e2:96:55:71:ff:75:
                    69:0c:70:1f:91:9a:19:22:18:eb:27:c1:1f:f3:9a:
                    84:3a:40:bd:b0:da:15:67:b0:03:f5:5f:14:ed:9a:
                    50:1a:21:1e:6b:c5:2b:09:4f:23:fc:69:8d:13:b8:
                    25:8c:12:bd:37:fb:cb:88:be:43:aa:e5:0e:91:74:
                    8e:0b:8f:97:54:2e:6f:5b:70:ec:d7:66:a4:b7:9f:
                    34:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:22:8B:46:8C:B7:7B:35:61:A8:6A:70:44:76:B2:26:95:97:27:34
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211495.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:6b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a2:8e:92:d9:6d:fe:b9:4c:01:e2:90:a7:83:f7:98:d7:24:b9:
         ed:c4:cc:3f:08:1a:a3:4a:bf:be:ae:91:43:db:28:f6:b1:02:
         24:d3:54:e9:d6:42:2a:21:08:e3:d8:36:8f:82:c5:9a:96:c3:
         e3:93:06:b3:44:09:60:b2:e5:fc:31:cc:4d:0e:1a:47:7a:99:
         e8:da:c9:15:e5:90:f5:92:21:3d:34:c1:57:da:e0:8e:ab:a5:
         20:a0:fd:4c:7a:cc:4f:7e:a4:dd:23:91:bc:c3:af:b7:9a:81:
         ee:58:5f:80:d0:0a:43:71:b0:bd:ab:a7:c0:06:f9:d2:f7:8a:
         2c:9d:04:e7:12:a1:64:a5:a1:72:4f:6d:d4:e7:eb:46:97:cf:
         f1:4d:c2:f3:b4:3d:c1:d8:d2:0a:49:5c:de:08:3e:dc:7c:90:
         ed:b7:14:40:3f:38:f9:20:b2:f1:fa:9f:23:c3:e4:04:48:a5:
         09:1e:a8:fb:3c:e5:b7:66:66:e1:b7:6b:0b:d6:49:d6:13:07:
         47:a0:c5:d4:b0:0c:65:5b:df:69:50:e7:f6:7f:8a:55:42:39:
         5a:07:2d:68:18:84:a3:c9:7a:4b:91:19:95:22:ba:e9:29:b7:
         41:62:e8:8c:ec:ff:cc:df:ab:9c:c1:c4:28:40:cc:e8:2f:7d:
         70:1f:f9:3b
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUV0ajGfsZMi3nSZN6CDVrJOUICs8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTZaFw0yNDEyMDMwMjQ0MTZaMDMxMTAvBgNV
BAMTKDk4MjI4QjQ2OENCNzdCMzU2MUE4NkE3MDQ0NzZCMjI2OTU5NzI3MzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDo1B4ZpwLDEU05PIhduVj4opuC
8ia0s1AjxdQWeuysuF3BeODHvHc5KFDqlzHdW5wAeOkDESB5FJH00QPlary4e6yQ
OpL20nbmdzo+2zeeRzYGsxgSRtAWAa8Fi/qmZk8WdG/OuMnJ6LPdrFrdFxNxm1c2
LR1z+K4/zRsj3nkOHeNbbVL7mJhCfNU/Aep75gCCO727lVAMxha1FDOdXcC1k7Zc
e53sqTx5Yj9akeKWVXH/dWkMcB+RmhkiGOsnwR/zmoQ6QL2w2hVnsAP1XxTtmlAa
IR5rxSsJTyP8aY0TuCWMEr03+8uIvkOq5Q6RdI4Lj5dULm9bcOzXZqS3nzQnAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUmCKLRoy3ezVhqGpwRHayJpWXJzQwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExNDk1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQawMA0GCSqGSIb3DQEBCwUAA4IBAQCijpLZ
bf65TAHikKeD95jXJLntxMw/CBqjSr++rpFD2yj2sQIk01Tp1kIqIQjj2DaPgsWa
lsPjkwazRAlgsuX8McxNDhpHepno2skV5ZD1kiE9NMFX2uCOq6UgoP1MesxPfqTd
I5G8w6+3moHuWF+A0ApDcbC9q6fABvnS94osnQTnEqFkpaFyT23U5+tGl8/xTcLz
tD3B2NIKSVzeCD7cfJDttxRAPzj5ILLx+p8jw+QESKUJHqj7POW3Zmbht2sL1knW
EwdHoMXUsAxlW99pUOf2f4pVQjlaBy1oGISjyXpLkRmVIrrpKbdBYuiM7P/M36uc
wcQoQMzoL31wH/k7
-----END CERTIFICATE-----