Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211571.roa
File:                     AS211571.roa (raw, json)
Hash identifier:          RaKJ7klexeHYkTKFZAD0TK+uqg5KBBORQS/2n3hUOvs=
Subject key identifier:   D3:E3:0C:D7:A0:3B:24:FC:C2:20:8B:C6:C2:AC:50:D9:EA:9D:14:55
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       74833D0FD6EE1A3B368FE77BD9679A742FBDA642
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211571.roa
Signing time:             Tue 05 Dec 2023 02:44:12 +0000
ROA not before:           Tue 05 Dec 2023 02:39:12 +0000
ROA not after:            Tue 03 Dec 2024 02:44:12 +0000
asID:                     211571
IP address blocks:        2a06:a005:85e::/48 maxlen: 48
                          2a06:a005:9c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:83:3d:0f:d6:ee:1a:3b:36:8f:e7:7b:d9:67:9a:74:2f:bd:a6:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:12 2023 GMT
            Not After : Dec  3 02:44:12 2024 GMT
        Subject: CN=D3E30CD7A03B24FCC2208BC6C2AC50D9EA9D1455
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:3a:57:49:e1:62:07:15:a2:4f:de:8a:03:c8:
                    3e:45:04:2a:c9:cc:99:9d:c5:12:78:aa:12:04:04:
                    f5:59:6a:ef:25:a3:31:ce:7d:2a:97:ae:fa:7f:5a:
                    06:92:ba:32:26:47:8f:b5:67:35:13:09:88:01:87:
                    13:e0:23:8a:41:c0:43:05:05:13:e9:06:b3:c5:1f:
                    57:3d:15:f0:84:f4:64:3a:f0:36:e7:63:6b:f2:a6:
                    19:8c:5c:a8:67:68:90:7c:b8:79:9d:35:d3:9c:b9:
                    ba:50:90:e5:9a:76:32:56:51:df:7b:f6:ed:99:4c:
                    74:63:ec:a1:be:1e:75:a1:40:d3:64:53:3f:d3:aa:
                    3a:03:6e:64:be:9f:57:9e:1d:46:bd:f2:3d:11:d4:
                    4d:1e:9b:3a:64:ca:04:ba:b7:31:05:62:c8:b5:d8:
                    ca:24:82:41:f1:f5:0d:1a:8f:a1:1a:70:53:50:0b:
                    09:75:58:7f:20:21:ae:f6:ee:6c:51:2b:59:a6:d1:
                    65:79:21:11:40:5d:8d:a1:58:b3:dc:26:9a:5c:72:
                    7d:ed:39:55:1b:c7:d1:65:36:69:c0:8f:31:7e:87:
                    88:28:95:1e:c6:e7:a5:98:45:b6:6f:23:84:41:06:
                    a5:01:5b:27:37:2b:4a:57:5a:14:02:83:21:cc:f8:
                    3f:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:E3:0C:D7:A0:3B:24:FC:C2:20:8B:C6:C2:AC:50:D9:EA:9D:14:55
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211571.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:85e::/48
                  2a06:a005:9c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         15:78:9a:7d:75:20:43:63:82:48:9f:25:58:8b:a0:2e:2e:98:
         1f:0b:dc:d4:d9:5e:2c:11:4f:ac:fe:9a:28:5e:cd:d3:82:3a:
         70:b9:e9:71:e0:9f:51:0c:7a:09:a1:c5:5a:f0:05:87:61:f8:
         db:a4:72:55:f0:ae:8b:f2:fa:dc:b5:c6:f4:3c:86:df:ad:ee:
         9b:37:fc:b7:46:27:04:75:12:df:2e:2a:ce:ea:d8:9f:33:22:
         ea:b6:bf:c3:4b:de:26:7d:f6:1b:5b:15:f3:3b:a8:3a:d1:aa:
         e6:5c:68:67:dc:98:6a:b2:61:6f:ff:bd:d0:7b:84:15:d0:cf:
         89:70:9c:b3:93:2d:e4:a3:c7:36:f3:9b:80:32:2e:4c:d5:f6:
         cd:71:dd:e3:ca:62:ec:5b:73:4a:77:09:82:69:aa:1a:bd:f7:
         c5:73:f4:5a:de:e4:52:87:3c:b7:c4:49:55:ad:ce:12:74:16:
         17:4c:64:90:75:89:49:20:1b:2f:a9:c5:eb:94:8f:f0:87:f4:
         d7:df:d4:cd:0a:c8:98:10:cd:da:35:71:44:e4:b3:51:bf:5d:
         f8:f1:8c:a8:4a:d5:23:15:71:d9:a0:97:20:48:35:3b:10:54:
         03:d4:22:52:67:e5:25:fa:02:ad:86:6d:60:24:9e:08:d1:5a:
         16:e9:45:df
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUdIM9D9buGjs2j+d72WeadC+9pkIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTJaFw0yNDEyMDMwMjQ0MTJaMDMxMTAvBgNV
BAMTKEQzRTMwQ0Q3QTAzQjI0RkNDMjIwOEJDNkMyQUM1MEQ5RUE5RDE0NTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEOldJ4WIHFaJP3ooDyD5FBCrJ
zJmdxRJ4qhIEBPVZau8lozHOfSqXrvp/WgaSujImR4+1ZzUTCYgBhxPgI4pBwEMF
BRPpBrPFH1c9FfCE9GQ68DbnY2vyphmMXKhnaJB8uHmdNdOcubpQkOWadjJWUd97
9u2ZTHRj7KG+HnWhQNNkUz/TqjoDbmS+n1eeHUa98j0R1E0emzpkygS6tzEFYsi1
2MokgkHx9Q0aj6EacFNQCwl1WH8gIa727mxRK1mm0WV5IRFAXY2hWLPcJppccn3t
OVUbx9FlNmnAjzF+h4golR7G56WYRbZvI4RBBqUBWyc3K0pXWhQCgyHM+D+TAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQU0+MM16A7JPzCIIvGwqxQ2eqdFFUwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExNTcxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQheAwcEKgagBQnAMA0GCSqGSIb3DQEBCwUA
A4IBAQAVeJp9dSBDY4JInyVYi6AuLpgfC9zU2V4sEU+s/pooXs3Tgjpwuelx4J9R
DHoJocVa8AWHYfjbpHJV8K6L8vrctcb0PIbfre6bN/y3RicEdRLfLirO6tifMyLq
tr/DS94mffYbWxXzO6g60armXGhn3JhqsmFv/73Qe4QV0M+JcJyzky3ko8c285uA
Mi5M1fbNcd3jymLsW3NKdwmCaaoavffFc/Ra3uRShzy3xElVrc4SdBYXTGSQdYlJ
IBsvqcXrlI/wh/TX39TNCsiYEM3aNXFE5LNRv1348YyoStUjFXHZoJcgSDU7EFQD
1CJSZ+Ul+gKthm1gJJ4I0VoW6UXf
-----END CERTIFICATE-----