Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211571.roa
File:                     AS211571.roa (raw, json)
Hash identifier:          TrDSn1kkowVhw0Y/4kIWh9WH2tEDOu4ovJsdhfIdatU=
Subject key identifier:   CC:60:EE:F8:E6:60:8C:CE:D4:6E:3E:3D:26:8B:DC:2C:52:16:EA:D3
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       7EDC842F4A5926BA53C6E51BB1F0B0DBD02CC911
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211571.roa
Signing time:             Tue 05 Nov 2024 03:40:03 +0000
ROA not before:           Tue 05 Nov 2024 03:35:03 +0000
ROA not after:            Tue 04 Nov 2025 03:40:03 +0000
asID:                     211571
IP address blocks:        2a06:a005:85e::/48 maxlen: 48
                          2a06:a005:9c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:dc:84:2f:4a:59:26:ba:53:c6:e5:1b:b1:f0:b0:db:d0:2c:c9:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:03 2024 GMT
            Not After : Nov  4 03:40:03 2025 GMT
        Subject: CN=CC60EEF8E6608CCED46E3E3D268BDC2C5216EAD3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:7b:21:11:16:a6:f2:cc:b2:09:32:b0:c8:e6:
                    b6:41:8f:85:27:13:26:51:b2:0b:a0:15:b3:a9:29:
                    07:01:45:02:d8:88:43:38:f6:42:84:41:65:c6:3c:
                    bb:98:7a:70:ba:a1:e6:c4:b4:7c:9d:d5:34:b7:32:
                    2e:1d:6f:6a:c2:57:6f:15:9f:98:e7:13:d5:fa:9d:
                    7d:5f:82:3e:bd:18:53:7f:4c:3c:9b:44:3a:de:fe:
                    fc:39:40:75:d9:0a:2d:32:71:74:cd:d3:2b:40:7d:
                    26:68:fa:4a:56:1c:86:f9:d1:d7:51:f7:79:99:cb:
                    c5:3d:f1:6d:37:e6:3e:79:c2:a6:13:e6:61:34:93:
                    09:ba:96:df:b7:ab:8f:cc:da:cc:50:d5:59:df:a6:
                    3b:e8:84:65:2e:47:ce:f8:bb:81:a6:ff:1f:52:77:
                    ae:97:c0:07:2e:16:be:45:07:35:9f:d1:f9:5d:fc:
                    cc:e1:32:b5:43:d5:58:ba:4f:ea:49:0a:f7:ef:f5:
                    dc:8d:7a:13:0d:e1:fa:0c:92:ba:cb:c1:9b:eb:4d:
                    88:09:36:43:e6:3f:6e:f9:5b:7e:db:df:e1:c7:b0:
                    a0:ae:15:66:dc:dc:52:98:4c:6a:29:c0:84:6c:3c:
                    bc:a8:85:f4:0b:9e:46:6d:87:31:5d:da:73:1f:8f:
                    37:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:60:EE:F8:E6:60:8C:CE:D4:6E:3E:3D:26:8B:DC:2C:52:16:EA:D3
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211571.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:85e::/48
                  2a06:a005:9c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         67:c1:66:e4:8a:4f:86:69:dc:fa:bf:3c:d3:eb:3b:8c:ca:6b:
         02:1a:e4:23:ec:e2:d2:88:9a:e0:af:88:ca:23:31:c6:0e:6c:
         1a:48:7e:3c:ab:4e:e5:27:53:3a:0f:73:2e:6a:5c:c8:8d:5d:
         d7:6a:54:67:96:13:0a:65:45:65:c4:ef:db:4e:92:ba:0d:68:
         18:4a:ad:43:e2:21:ad:f2:52:ff:0a:7d:b1:d4:7f:f7:96:e7:
         43:28:29:8d:7a:31:81:f4:1d:f4:b8:25:1d:ca:74:39:87:e8:
         c4:07:50:e3:47:0e:aa:df:63:75:b9:1f:88:b2:78:49:5f:e3:
         ee:af:c8:64:df:78:8b:00:bf:a7:72:ad:ab:20:b9:96:54:14:
         e3:67:b1:75:a3:93:06:a5:ac:18:83:32:07:75:04:24:f7:ec:
         1c:b1:b5:5e:6b:db:d6:92:0c:6c:c2:a4:d0:c6:d8:a4:4b:d7:
         7a:b3:c8:21:b6:d7:53:16:96:9d:57:a7:2a:b5:80:69:e5:a7:
         3e:77:1f:d0:31:22:f4:f9:ac:62:9b:6a:d7:b4:0a:45:6d:90:
         3a:de:67:6e:c8:ea:92:ae:0e:36:78:fa:a4:92:4f:ae:19:eb:
         69:80:68:3b:68:73:5c:cf:bb:0a:ab:ec:9e:d8:62:b2:0b:f8:
         56:f8:82:32
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUftyEL0pZJrpTxuUbsfCw29AsyREwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDNaFw0yNTExMDQwMzQwMDNaMDMxMTAvBgNV
BAMTKENDNjBFRUY4RTY2MDhDQ0VENDZFM0UzRDI2OEJEQzJDNTIxNkVBRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOeyERFqbyzLIJMrDI5rZBj4Un
EyZRsgugFbOpKQcBRQLYiEM49kKEQWXGPLuYenC6oebEtHyd1TS3Mi4db2rCV28V
n5jnE9X6nX1fgj69GFN/TDybRDre/vw5QHXZCi0ycXTN0ytAfSZo+kpWHIb50ddR
93mZy8U98W035j55wqYT5mE0kwm6lt+3q4/M2sxQ1VnfpjvohGUuR874u4Gm/x9S
d66XwAcuFr5FBzWf0fld/MzhMrVD1Vi6T+pJCvfv9dyNehMN4foMkrrLwZvrTYgJ
NkPmP275W37b3+HHsKCuFWbc3FKYTGopwIRsPLyohfQLnkZthzFd2nMfjzfVAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUzGDu+OZgjM7Ubj49JovcLFIW6tMwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExNTcxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQheAwcEKgagBQnAMA0GCSqGSIb3DQEBCwUA
A4IBAQBnwWbkik+Gadz6vzzT6zuMymsCGuQj7OLSiJrgr4jKIzHGDmwaSH48q07l
J1M6D3MualzIjV3XalRnlhMKZUVlxO/bTpK6DWgYSq1D4iGt8lL/Cn2x1H/3ludD
KCmNejGB9B30uCUdynQ5h+jEB1DjRw6q32N1uR+IsnhJX+Pur8hk33iLAL+ncq2r
ILmWVBTjZ7F1o5MGpawYgzIHdQQk9+wcsbVea9vWkgxswqTQxtikS9d6s8ghttdT
FpadV6cqtYBp5ac+dx/QMSL0+axim2rXtApFbZA63mduyOqSrg42ePqkkk+uGetp
gGg7aHNcz7sKq+ye2GKyC/hW+IIy
-----END CERTIFICATE-----