Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211509.roa
File:                     AS211509.roa (raw, json)
Hash identifier:          /igMJ9AbMY5CDp9/JWj7FEgzlt1bUuGyK7+VV7fHDQA=
Subject key identifier:   D0:78:B5:53:9F:44:18:09:D3:74:6C:00:1D:4E:13:8F:5D:17:57:1D
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       787D888FA42FD3CF624FE9AC4BB3059D373CEB1F
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211509.roa
Signing time:             Sat 23 Nov 2024 12:40:12 +0000
ROA not before:           Sat 23 Nov 2024 12:35:12 +0000
ROA not after:            Sat 22 Nov 2025 12:40:12 +0000
asID:                     211509
IP address blocks:        2a06:a005:8::/48 maxlen: 48
                          2a06:a005:f70::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 11:21:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:7d:88:8f:a4:2f:d3:cf:62:4f:e9:ac:4b:b3:05:9d:37:3c:eb:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov 23 12:35:12 2024 GMT
            Not After : Nov 22 12:40:12 2025 GMT
        Subject: CN=D078B5539F441809D3746C001D4E138F5D17571D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f5:51:7a:81:8e:51:89:5a:d8:61:dc:db:00:
                    90:38:bf:e7:68:b8:11:3b:60:25:c6:37:cb:e5:7c:
                    c0:4e:2d:b4:bf:cb:06:08:bc:48:8d:18:02:d9:7c:
                    71:1f:97:6f:b5:4b:d3:13:ad:84:1b:48:9a:2b:f8:
                    23:41:41:e6:0b:22:27:98:76:92:b9:40:52:ca:33:
                    3f:09:bc:fb:cc:ad:12:c5:3a:b0:db:ca:44:40:30:
                    2a:c1:1a:11:8b:d4:a0:a0:9c:ac:15:1a:8c:86:8f:
                    78:9d:9d:87:c3:f5:3f:d7:21:49:cb:14:33:2f:71:
                    8e:25:12:af:f9:e6:1a:d1:87:5a:89:70:6f:e5:1c:
                    70:1e:a8:54:e1:18:3c:f5:b1:4b:21:9e:a1:ab:27:
                    5c:96:8e:19:92:c4:d9:1b:d2:f3:1a:a4:d2:68:a1:
                    d5:f9:db:82:79:8e:76:90:ff:4a:40:6e:f4:b5:c7:
                    a7:97:19:8a:2c:fd:73:04:bd:ee:8c:6b:7b:20:7a:
                    4e:17:af:81:a0:94:fd:45:f3:04:0f:d1:76:46:fc:
                    8f:1c:b9:df:fb:bc:ff:28:44:32:1b:35:57:f5:ab:
                    d7:8f:1c:2b:9d:e3:23:35:8a:95:0d:08:71:f2:95:
                    c3:09:30:b9:4d:75:eb:83:16:c5:b5:88:8a:bb:e3:
                    b3:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:78:B5:53:9F:44:18:09:D3:74:6C:00:1D:4E:13:8F:5D:17:57:1D
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:8::/48
                  2a06:a005:f70::/44

    Signature Algorithm: sha256WithRSAEncryption
         26:74:9b:a6:a1:ab:3f:21:8e:02:02:1c:2e:31:15:b1:0d:47:
         7c:b3:51:a1:cf:ca:89:e8:4c:47:fc:e1:88:f1:7d:e2:45:13:
         d3:46:43:5e:4b:3d:db:7f:8b:5e:ac:6f:f9:df:c1:ca:51:81:
         79:be:3a:79:09:4d:e1:d4:39:97:b6:00:86:ca:bc:d2:3a:6a:
         56:c8:d1:88:b2:eb:c6:ea:db:36:1a:81:0a:09:e0:04:15:be:
         43:6c:5f:32:34:c9:48:e1:35:d9:20:5d:5b:b2:ca:1f:5f:9b:
         e2:0a:20:4a:cc:8d:9c:78:a8:9e:d9:27:6f:54:ed:65:f6:71:
         9b:80:5b:2d:24:2b:f0:ad:4a:2d:c1:2c:9c:b2:e1:9c:63:c3:
         2e:37:cc:0b:a0:cf:53:49:e2:76:1f:2e:c8:b5:5c:0a:9b:e4:
         c6:b2:a7:da:64:89:03:fe:77:d9:62:9e:4d:39:8e:18:ce:0b:
         5d:c1:7f:e4:9d:c2:6a:98:1d:a1:e6:9c:44:66:5c:ed:a4:5e:
         22:b4:c2:e5:79:4d:b3:ca:fe:5e:c0:51:55:c1:ce:7b:4b:17:
         35:a3:ad:5d:6c:ce:db:0c:99:19:ab:98:73:0d:76:62:e2:db:
         d8:09:41:9c:99:fe:2e:0e:80:a8:c4:ec:36:ac:bf:31:34:1e:
         b0:74:b8:69
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUeH2Ij6Qv089iT+msS7MFnTc86x8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMjMxMjM1MTJaFw0yNTExMjIxMjQwMTJaMDMxMTAvBgNV
BAMTKEQwNzhCNTUzOUY0NDE4MDlEMzc0NkMwMDFENEUxMzhGNUQxNzU3MUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB9VF6gY5RiVrYYdzbAJA4v+do
uBE7YCXGN8vlfMBOLbS/ywYIvEiNGALZfHEfl2+1S9MTrYQbSJor+CNBQeYLIieY
dpK5QFLKMz8JvPvMrRLFOrDbykRAMCrBGhGL1KCgnKwVGoyGj3idnYfD9T/XIUnL
FDMvcY4lEq/55hrRh1qJcG/lHHAeqFThGDz1sUshnqGrJ1yWjhmSxNkb0vMapNJo
odX524J5jnaQ/0pAbvS1x6eXGYos/XMEve6Ma3sgek4Xr4GglP1F8wQP0XZG/I8c
ud/7vP8oRDIbNVf1q9ePHCud4yM1ipUNCHHylcMJMLlNdeuDFsW1iIq747PDAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQU0Hi1U59EGAnTdGwAHU4Tj10XVx0wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExNTA5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQAIAwcEKgagBQ9wMA0GCSqGSIb3DQEBCwUA
A4IBAQAmdJumoas/IY4CAhwuMRWxDUd8s1Ghz8qJ6ExH/OGI8X3iRRPTRkNeSz3b
f4terG/538HKUYF5vjp5CU3h1DmXtgCGyrzSOmpWyNGIsuvG6ts2GoEKCeAEFb5D
bF8yNMlI4TXZIF1bssofX5viCiBKzI2ceKie2SdvVO1l9nGbgFstJCvwrUotwSyc
suGcY8MuN8wLoM9TSeJ2Hy7ItVwKm+TGsqfaZIkD/nfZYp5NOY4YzgtdwX/kncJq
mB2h5pxEZlztpF4itMLleU2zyv5ewFFVwc57Sxc1o61dbM7bDJkZq5hzDXZi4tvY
CUGcmf4uDoCoxOw2rL8xNB6wdLhp
-----END CERTIFICATE-----