Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211843.roa
File:                     AS211843.roa (raw, json)
Hash identifier:          +5pIXX507YSfezNDQrDjD2QNvKB04Go/BnNbUMWDBc8=
Subject key identifier:   C6:E9:0D:AE:FE:D5:81:30:6E:C6:A9:25:25:22:DD:79:F3:ED:D5:F0
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       3D5289C833983461041BFFB35CD5AAF06B7AD5BA
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211843.roa
Signing time:             Tue 05 Dec 2023 02:44:11 +0000
ROA not before:           Tue 05 Dec 2023 02:39:11 +0000
ROA not after:            Tue 03 Dec 2024 02:44:11 +0000
asID:                     211843
IP address blocks:        2a06:a005:a13::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:52:89:c8:33:98:34:61:04:1b:ff:b3:5c:d5:aa:f0:6b:7a:d5:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:11 2023 GMT
            Not After : Dec  3 02:44:11 2024 GMT
        Subject: CN=C6E90DAEFED581306EC6A9252522DD79F3EDD5F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:b3:40:6e:09:a2:65:4b:82:e6:25:1b:7f:8c:
                    d4:73:7b:44:96:5c:3d:82:ed:98:7c:cd:70:d5:3b:
                    95:4c:a6:f6:8f:75:96:0f:44:6c:7c:3f:76:fc:e0:
                    87:c9:bd:a8:de:bd:67:b2:1b:ab:5e:17:87:0b:69:
                    c5:92:62:65:05:81:15:b4:3b:6d:fc:6d:eb:93:e3:
                    79:5c:9b:d9:2c:e8:0f:ab:23:95:5f:fb:cd:1d:75:
                    48:ac:d2:13:21:a7:8d:df:98:e3:62:d3:b4:29:57:
                    48:b9:69:e1:de:87:cb:5d:e2:20:b1:f5:aa:6e:64:
                    a0:b3:7e:5e:7e:34:16:9b:24:da:10:7d:4c:ab:51:
                    c0:2b:6e:94:41:15:ff:d5:64:d8:4d:9c:a0:1d:fb:
                    b8:60:4e:56:88:be:0e:8f:cc:98:c3:93:86:04:e7:
                    3d:64:0f:f9:89:ab:f5:eb:3d:2c:a2:5d:ca:d8:70:
                    27:85:0f:8a:3e:57:82:00:4c:9d:4b:9e:04:bb:56:
                    41:aa:f8:78:ab:ee:c2:b7:78:7a:0c:31:7a:3a:52:
                    33:13:df:b0:2f:ea:2a:79:3e:b1:ed:2c:dc:f2:8a:
                    0c:0e:55:6f:fb:40:94:ee:72:48:1a:28:8b:00:ae:
                    73:07:82:d6:74:36:f4:82:a9:30:53:6d:d0:bd:50:
                    aa:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:E9:0D:AE:FE:D5:81:30:6E:C6:A9:25:25:22:DD:79:F3:ED:D5:F0
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211843.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:a13::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:ab:f7:04:2f:8f:4a:f8:98:04:8f:60:b2:2e:29:4b:dc:47:
         b9:90:8f:18:aa:5e:0c:be:d7:78:6b:cb:3a:cf:70:6d:29:8d:
         49:26:90:82:cc:0b:b7:a1:85:f5:1b:3a:7d:ca:0b:0b:a2:3b:
         e2:93:9b:3c:a3:53:da:ad:fe:a7:d6:f9:ce:dd:38:3e:fd:7e:
         f7:cf:cf:a0:64:43:ce:3e:2b:30:cf:3c:0c:51:bb:17:cc:f3:
         41:75:e2:3b:c5:0a:a8:26:67:5c:7f:da:3a:58:d3:a3:60:87:
         06:cc:f2:f7:d1:a5:c3:a2:c8:50:2c:58:8c:f3:cd:12:7d:81:
         4f:22:e3:4f:cd:8a:7b:20:1e:59:e3:5d:0b:34:a9:ce:bf:05:
         0d:c8:43:75:a1:86:ae:22:cb:da:60:24:04:ec:21:1d:ec:32:
         cf:4f:67:64:bb:f3:1f:2b:bb:e4:62:00:bf:8b:ce:72:4b:c8:
         37:d0:69:e3:30:ca:39:cd:61:a3:18:84:99:6b:07:27:32:18:
         2d:e1:1b:ee:f6:0b:59:17:1b:db:e5:16:e4:f6:51:04:a8:2b:
         c3:30:8f:4b:6a:16:a4:c1:74:38:42:12:96:3c:34:7d:37:01:
         8f:74:f4:f9:19:ac:bd:fb:c6:36:59:a5:42:e2:43:31:6f:5e:
         31:c6:c3:3d
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUPVKJyDOYNGEEG/+zXNWq8Gt61bowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTFaFw0yNDEyMDMwMjQ0MTFaMDMxMTAvBgNV
BAMTKEM2RTkwREFFRkVENTgxMzA2RUM2QTkyNTI1MjJERDc5RjNFREQ1RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjs0BuCaJlS4LmJRt/jNRze0SW
XD2C7Zh8zXDVO5VMpvaPdZYPRGx8P3b84IfJvajevWeyG6teF4cLacWSYmUFgRW0
O238beuT43lcm9ks6A+rI5Vf+80ddUis0hMhp43fmONi07QpV0i5aeHeh8td4iCx
9apuZKCzfl5+NBabJNoQfUyrUcArbpRBFf/VZNhNnKAd+7hgTlaIvg6PzJjDk4YE
5z1kD/mJq/XrPSyiXcrYcCeFD4o+V4IATJ1LngS7VkGq+Hir7sK3eHoMMXo6UjMT
37Av6ip5PrHtLNzyigwOVW/7QJTuckgaKIsArnMHgtZ0NvSCqTBTbdC9UKpRAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUxukNrv7VgTBuxqklJSLdefPt1fAwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExODQzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQoTMA0GCSqGSIb3DQEBCwUAA4IBAQAjq/cE
L49K+JgEj2CyLilL3Ee5kI8Yql4Mvtd4a8s6z3BtKY1JJpCCzAu3oYX1Gzp9ygsL
ojvik5s8o1Parf6n1vnO3Tg+/X73z8+gZEPOPiswzzwMUbsXzPNBdeI7xQqoJmdc
f9o6WNOjYIcGzPL30aXDoshQLFiM880SfYFPIuNPzYp7IB5Z410LNKnOvwUNyEN1
oYauIsvaYCQE7CEd7DLPT2dku/MfK7vkYgC/i85yS8g30GnjMMo5zWGjGISZawcn
Mhgt4Rvu9gtZFxvb5Rbk9lEEqCvDMI9LahakwXQ4QhKWPDR9NwGPdPT5Gay9+8Y2
WaVC4kMxb14xxsM9
-----END CERTIFICATE-----