Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211665.roa
File:                     AS211665.roa (raw, json)
Hash identifier:          7eniGrV805WZKUw9vArEuuBhifzB5ZluJgxuecbnxSg=
Subject key identifier:   F3:88:30:37:A8:1B:62:0F:40:9A:61:95:AB:9F:9F:72:DF:49:14:F6
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       633C72DD037B8ABCA2BC00A8D26F2F989AAA9FA7
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211665.roa
Signing time:             Sun 10 Nov 2024 10:40:12 +0000
ROA not before:           Sun 10 Nov 2024 10:35:12 +0000
ROA not after:            Sun 09 Nov 2025 10:40:12 +0000
asID:                     211665
IP address blocks:        2a06:a005:2aa0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:3c:72:dd:03:7b:8a:bc:a2:bc:00:a8:d2:6f:2f:98:9a:aa:9f:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov 10 10:35:12 2024 GMT
            Not After : Nov  9 10:40:12 2025 GMT
        Subject: CN=F3883037A81B620F409A6195AB9F9F72DF4914F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:37:3d:7a:6d:8c:45:87:00:ac:c6:26:c5:7b:
                    e4:61:77:fe:e4:bb:af:32:dc:79:9b:29:47:91:84:
                    af:39:07:94:65:3e:fa:ca:53:4f:4d:3d:9a:58:87:
                    e7:d2:af:7d:c2:ee:4a:91:2e:88:e5:c9:b9:a1:b5:
                    e0:04:ab:2b:a5:90:1a:37:12:a6:5e:66:22:25:72:
                    9d:a9:11:f8:00:a9:7c:c0:d4:84:a5:22:74:7d:9e:
                    b7:6e:da:39:55:ef:d9:50:e2:db:38:82:7e:38:5b:
                    31:d8:79:aa:45:b5:3a:1b:e7:dd:1f:61:b4:e3:39:
                    58:59:89:3a:f0:e1:33:05:c5:81:fe:f6:81:b9:10:
                    6d:81:92:77:55:2e:e7:cf:b5:5b:0e:46:06:43:bb:
                    c9:88:e6:cd:5e:14:02:31:16:46:c3:41:dd:6c:ec:
                    58:da:b2:cd:ff:7a:bf:44:c9:91:9b:73:b3:ba:2b:
                    ba:93:f7:16:c8:bf:6c:4d:25:72:8a:53:d9:de:96:
                    e5:e2:c4:9a:91:2e:c8:88:ab:46:1d:11:48:d3:2c:
                    b7:80:c0:9b:75:b5:9c:aa:75:94:c4:ec:8b:f9:8f:
                    e1:7f:3c:3d:bd:c9:f3:26:74:3e:2a:62:3c:32:78:
                    95:76:ac:ac:b4:64:73:bd:ba:91:a5:0f:01:2a:da:
                    14:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:88:30:37:A8:1B:62:0F:40:9A:61:95:AB:9F:9F:72:DF:49:14:F6
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211665.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2aa0::/44

    Signature Algorithm: sha256WithRSAEncryption
         06:3f:88:d5:ca:94:08:a5:31:4b:af:ba:69:e6:f7:88:e4:30:
         5e:7f:70:aa:3c:c4:a5:74:b9:ce:bd:ce:80:b2:02:77:4c:19:
         1c:1c:3d:c1:c6:34:f7:a7:96:ea:da:b9:6b:79:85:9e:9a:e6:
         f1:b3:b7:5e:bb:7d:ee:81:29:de:d6:8b:d8:4e:f4:be:86:2a:
         55:27:1b:16:7c:c6:c3:f2:a2:97:9d:70:70:3d:9e:6e:ae:3e:
         d6:37:63:c7:19:aa:7a:7f:18:36:23:e6:b8:4a:b6:28:3b:c0:
         b7:9f:ce:63:e8:d0:fc:87:53:e1:a1:87:90:b0:66:6f:67:7e:
         f7:07:d6:48:c9:10:4c:ae:a0:9c:96:f1:6b:15:25:78:d3:c2:
         48:46:e6:ea:c3:f3:85:67:fe:58:21:dc:f1:07:aa:56:fd:79:
         1c:13:8e:e0:98:2d:3b:dd:89:f0:12:84:22:5a:5b:fe:4b:de:
         fc:71:f0:f0:15:9c:ae:c7:c5:18:51:b9:9e:f3:02:ed:23:14:
         5b:a7:1b:44:dc:e5:2f:b4:54:24:07:03:a2:9f:31:07:9d:fe:
         11:8b:0d:06:50:d7:ae:9e:15:99:01:b8:ef:63:61:4c:49:ed:
         be:88:d0:2e:5c:75:2e:f5:88:8b:f8:12:c8:70:6b:98:1b:5d:
         4d:8e:c7:9d
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUYzxy3QN7iryivACo0m8vmJqqn6cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMTAxMDM1MTJaFw0yNTExMDkxMDQwMTJaMDMxMTAvBgNV
BAMTKEYzODgzMDM3QTgxQjYyMEY0MDlBNjE5NUFCOUY5RjcyREY0OTE0RjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXNz16bYxFhwCsxibFe+Rhd/7k
u68y3HmbKUeRhK85B5RlPvrKU09NPZpYh+fSr33C7kqRLojlybmhteAEqyulkBo3
EqZeZiIlcp2pEfgAqXzA1ISlInR9nrdu2jlV79lQ4ts4gn44WzHYeapFtTob590f
YbTjOVhZiTrw4TMFxYH+9oG5EG2BkndVLufPtVsORgZDu8mI5s1eFAIxFkbDQd1s
7Fjass3/er9EyZGbc7O6K7qT9xbIv2xNJXKKU9neluXixJqRLsiIq0YdEUjTLLeA
wJt1tZyqdZTE7Iv5j+F/PD29yfMmdD4qYjwyeJV2rKy0ZHO9upGlDwEq2hTpAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU84gwN6gbYg9AmmGVq5+fct9JFPYwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExNjY1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSqgMA0GCSqGSIb3DQEBCwUAA4IBAQAGP4jV
ypQIpTFLr7pp5veI5DBef3CqPMSldLnOvc6AsgJ3TBkcHD3BxjT3p5bq2rlreYWe
mubxs7deu33ugSne1ovYTvS+hipVJxsWfMbD8qKXnXBwPZ5urj7WN2PHGap6fxg2
I+a4SrYoO8C3n85j6ND8h1PhoYeQsGZvZ373B9ZIyRBMrqCclvFrFSV408JIRubq
w/OFZ/5YIdzxB6pW/XkcE47gmC073YnwEoQiWlv+S978cfDwFZyux8UYUbme8wLt
IxRbpxtE3OUvtFQkBwOinzEHnf4Riw0GUNeunhWZAbjvY2FMSe2+iNAuXHUu9YiL
+BLIcGuYG11Njsed
-----END CERTIFICATE-----