Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211535.roa
File:                     AS211535.roa (raw, json)
Hash identifier:          P/bLlbHF6vP92/QvObe6vCYPKFzWEMsuXctEW4QmZi8=
Subject key identifier:   A2:4F:71:74:1A:CE:8B:04:4C:C2:21:EE:CA:88:52:78:6E:F5:D2:F2
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       142EA7B6AAC84EFB2075B0C3439250C81B5945CC
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211535.roa
Signing time:             Tue 05 Nov 2024 03:40:01 +0000
ROA not before:           Tue 05 Nov 2024 03:35:01 +0000
ROA not after:            Tue 04 Nov 2025 03:40:01 +0000
asID:                     211535
IP address blocks:        2a06:a005:1670::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:2e:a7:b6:aa:c8:4e:fb:20:75:b0:c3:43:92:50:c8:1b:59:45:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:01 2024 GMT
            Not After : Nov  4 03:40:01 2025 GMT
        Subject: CN=A24F71741ACE8B044CC221EECA8852786EF5D2F2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:8d:b2:ca:41:0b:8b:6b:49:ba:db:b2:f2:cb:
                    1e:7d:46:2d:49:de:27:b7:ab:a7:c3:91:22:93:a2:
                    ee:f0:a3:79:4b:f1:bb:1b:5f:cf:87:5e:da:81:ba:
                    00:d9:dd:01:2f:50:57:4b:1e:35:85:88:e8:d0:3d:
                    9c:72:ae:f8:23:50:f6:f3:5f:ff:89:29:5e:d3:5e:
                    a7:e0:c7:dd:0c:26:4f:27:e1:32:09:06:7d:14:3e:
                    86:08:58:18:07:19:f1:ae:4f:21:18:19:3b:5e:da:
                    c4:87:79:7b:fc:07:23:a9:64:45:db:d8:f0:d1:91:
                    b8:14:18:8b:34:c0:ff:1c:2b:a3:14:f2:57:18:6a:
                    9b:85:07:ce:ed:58:8f:09:16:86:56:c4:24:63:2b:
                    70:b5:e1:af:81:76:eb:7b:c1:0b:eb:3f:50:e2:0b:
                    b2:95:60:e4:16:7e:dc:37:7a:d3:29:8f:ed:96:09:
                    35:17:d6:c1:90:c3:87:30:f3:b8:aa:48:3e:3b:62:
                    eb:b6:51:cf:4d:53:ba:9b:65:57:70:f0:e2:b1:c5:
                    d4:5a:e3:a0:72:01:09:02:7a:4a:4b:4b:ce:54:de:
                    58:4b:0a:7b:c0:86:2e:7e:72:fe:33:85:0b:39:bb:
                    20:a1:da:73:d6:8b:70:67:f9:80:5e:03:6f:12:62:
                    a6:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:4F:71:74:1A:CE:8B:04:4C:C2:21:EE:CA:88:52:78:6E:F5:D2:F2
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211535.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1670::/44

    Signature Algorithm: sha256WithRSAEncryption
         68:ab:a7:8f:4b:7e:07:0b:59:3e:e3:76:47:0b:fd:5a:89:10:
         94:bf:23:c1:bb:06:d2:1b:c7:77:1f:53:f8:81:61:2b:8e:1e:
         d1:63:11:c5:85:19:55:3b:6c:3c:d8:12:04:0f:9a:cb:55:18:
         ae:0b:88:bd:78:85:33:35:c2:3a:d8:f7:69:21:aa:9e:59:ce:
         2a:1c:79:ba:83:15:52:72:f8:1f:72:d2:23:a8:a1:d5:5f:8a:
         9d:bb:a7:b3:0a:76:4d:56:c6:3a:79:f4:80:e0:87:31:de:0b:
         24:de:e7:02:e3:66:08:f5:b8:0b:3b:43:43:ad:e9:62:5a:30:
         ef:8e:a1:0d:c5:04:ca:ae:2d:0d:8d:f6:bd:75:de:ad:56:13:
         a5:3e:23:c1:ac:b4:60:05:b7:41:f8:90:3c:f5:6b:39:86:22:
         aa:da:d0:5c:3f:16:3a:e3:bb:67:35:18:ed:d3:bc:1f:46:e5:
         bc:88:df:4a:58:90:6b:ba:1d:7d:35:39:26:36:d3:65:1b:0f:
         87:e6:64:dc:44:0e:25:1f:51:3d:47:c9:23:54:c0:fe:f7:2f:
         a7:78:23:d0:70:98:ca:50:94:81:cd:b9:6e:b3:c9:7b:94:f8:
         21:38:47:3d:71:75:3d:4e:a6:11:7a:a7:d2:3b:8e:d3:f9:5e:
         f5:c0:0c:15
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUFC6ntqrITvsgdbDDQ5JQyBtZRcwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDFaFw0yNTExMDQwMzQwMDFaMDMxMTAvBgNV
BAMTKEEyNEY3MTc0MUFDRThCMDQ0Q0MyMjFFRUNBODg1Mjc4NkVGNUQyRjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDijbLKQQuLa0m627Lyyx59Ri1J
3ie3q6fDkSKTou7wo3lL8bsbX8+HXtqBugDZ3QEvUFdLHjWFiOjQPZxyrvgjUPbz
X/+JKV7TXqfgx90MJk8n4TIJBn0UPoYIWBgHGfGuTyEYGTte2sSHeXv8ByOpZEXb
2PDRkbgUGIs0wP8cK6MU8lcYapuFB87tWI8JFoZWxCRjK3C14a+Bdut7wQvrP1Di
C7KVYOQWftw3etMpj+2WCTUX1sGQw4cw87iqSD47Yuu2Uc9NU7qbZVdw8OKxxdRa
46ByAQkCekpLS85U3lhLCnvAhi5+cv4zhQs5uyCh2nPWi3Bn+YBeA28SYqa9AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUok9xdBrOiwRMwiHuyohSeG710vIwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExNTM1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRZwMA0GCSqGSIb3DQEBCwUAA4IBAQBoq6eP
S34HC1k+43ZHC/1aiRCUvyPBuwbSG8d3H1P4gWErjh7RYxHFhRlVO2w82BIED5rL
VRiuC4i9eIUzNcI62PdpIaqeWc4qHHm6gxVScvgfctIjqKHVX4qdu6ezCnZNVsY6
efSA4Icx3gsk3ucC42YI9bgLO0NDreliWjDvjqENxQTKri0Njfa9dd6tVhOlPiPB
rLRgBbdB+JA89Ws5hiKq2tBcPxY647tnNRjt07wfRuW8iN9KWJBruh19NTkmNtNl
Gw+H5mTcRA4lH1E9R8kjVMD+9y+neCPQcJjKUJSBzblus8l7lPghOEc9cXU9TqYR
eqfSO47T+V71wAwV
-----END CERTIFICATE-----