Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211869.roa
File:                     AS211869.roa (raw, json)
Hash identifier:          huE4JpOrGp0tJ9RsGEYJ1cm7zXkTzitXCi3t0Vmug+s=
Subject key identifier:   EF:F6:61:85:F4:2A:9E:B5:1D:3B:94:4F:05:DF:56:2E:5D:DD:C9:DD
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       536BD0D36DB502F4160E87141FB0DE2CD58BE0B2
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211869.roa
Signing time:             Tue 03 Dec 2024 20:40:12 +0000
ROA not before:           Tue 03 Dec 2024 20:35:12 +0000
ROA not after:            Tue 02 Dec 2025 20:40:12 +0000
asID:                     211869
IP address blocks:        2a06:a005:1300::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:24:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:6b:d0:d3:6d:b5:02:f4:16:0e:87:14:1f:b0:de:2c:d5:8b:e0:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  3 20:35:12 2024 GMT
            Not After : Dec  2 20:40:12 2025 GMT
        Subject: CN=EFF66185F42A9EB51D3B944F05DF562E5DDDC9DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:7d:37:2f:97:4a:88:88:bd:f2:08:93:d4:db:
                    25:56:d2:48:0d:32:ab:2f:24:ed:e5:86:d8:cc:bf:
                    eb:41:bb:a7:a3:8c:4a:b8:35:23:1b:be:88:d1:dd:
                    93:59:e2:74:bf:9c:ec:94:2d:35:78:f1:fa:d9:69:
                    68:b9:56:86:13:bd:86:1f:5b:83:f6:11:6d:35:f1:
                    1a:c3:23:d0:89:6b:b0:d2:c9:d3:57:d9:ae:fe:43:
                    41:1a:32:37:4f:bc:9d:a1:d8:8b:b1:00:25:9c:cd:
                    50:96:72:a8:ad:ed:cc:4f:7b:92:b8:a4:fb:73:42:
                    99:3a:07:4f:22:1b:87:fd:f2:1a:4b:a9:25:ab:4c:
                    9c:39:6e:2f:de:6d:e3:bf:32:45:97:60:09:36:d7:
                    d6:50:a9:da:d6:54:1b:3d:53:58:26:d9:6b:6f:4a:
                    f1:02:b3:3f:3f:25:84:67:01:1f:da:c1:96:00:9a:
                    61:31:3a:2a:a4:df:e8:56:25:e4:92:10:f6:8f:5b:
                    0d:0a:5b:e4:d1:e3:14:14:97:19:19:28:97:d1:b1:
                    0a:9c:f0:7f:86:7d:6d:cd:6d:71:96:9b:37:9a:68:
                    0e:a5:b5:f5:a1:e2:bf:8b:46:c5:20:65:ec:8b:1a:
                    48:3e:28:3a:d3:d5:97:b2:68:83:6c:7e:fc:33:ec:
                    8b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:F6:61:85:F4:2A:9E:B5:1D:3B:94:4F:05:DF:56:2E:5D:DD:C9:DD
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211869.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1300::/44

    Signature Algorithm: sha256WithRSAEncryption
         4e:25:db:d5:5f:fb:03:e4:74:dc:37:62:cf:e3:a5:7e:d2:c2:
         d7:4e:3a:f4:b1:82:d1:9d:71:25:43:72:75:1f:7b:8e:9b:20:
         b7:23:42:2d:e7:d9:4c:71:63:31:15:84:cf:03:a4:23:ac:72:
         69:93:44:6d:b7:0c:e8:ce:75:2d:7d:14:9f:5d:fd:c9:67:e5:
         f9:1e:60:19:66:24:b5:2c:6f:8a:3f:af:c1:96:df:18:65:89:
         34:8b:45:90:ab:4d:29:d9:06:40:5b:61:21:f8:75:9e:6a:a2:
         44:b1:d9:a0:4d:7f:a8:8b:89:04:58:2c:b9:cb:8c:d4:09:dc:
         45:ed:4c:8b:01:77:1f:47:21:29:90:33:f4:93:82:38:76:ba:
         86:44:de:27:11:76:db:60:9f:06:f9:2c:d9:c3:a6:d1:e1:9f:
         6b:ef:71:c2:98:45:0d:ec:b4:02:50:bf:b4:0e:e9:f9:90:fc:
         13:8a:4b:44:71:34:97:ae:bd:2a:2c:28:a5:54:98:b5:26:6e:
         6b:10:cb:34:8c:f8:6e:ee:5f:34:47:b9:7d:4d:d9:a6:11:90:
         47:f2:26:5a:d7:04:bc:fa:2d:78:93:e4:4e:f3:a2:42:da:4c:
         e3:f6:5e:75:94:7f:ac:bd:02:eb:1c:b4:27:76:bf:8f:d9:0f:
         5d:0a:89:87
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUU2vQ0221AvQWDocUH7DeLNWL4LIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDEyMDMyMDM1MTJaFw0yNTEyMDIyMDQwMTJaMDMxMTAvBgNV
BAMTKEVGRjY2MTg1RjQyQTlFQjUxRDNCOTQ0RjA1REY1NjJFNUREREM5REQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCofTcvl0qIiL3yCJPU2yVW0kgN
MqsvJO3lhtjMv+tBu6ejjEq4NSMbvojR3ZNZ4nS/nOyULTV48frZaWi5VoYTvYYf
W4P2EW018RrDI9CJa7DSydNX2a7+Q0EaMjdPvJ2h2IuxACWczVCWcqit7cxPe5K4
pPtzQpk6B08iG4f98hpLqSWrTJw5bi/ebeO/MkWXYAk219ZQqdrWVBs9U1gm2Wtv
SvECsz8/JYRnAR/awZYAmmExOiqk3+hWJeSSEPaPWw0KW+TR4xQUlxkZKJfRsQqc
8H+GfW3NbXGWmzeaaA6ltfWh4r+LRsUgZeyLGkg+KDrT1ZeyaINsfvwz7IurAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU7/ZhhfQqnrUdO5RPBd9WLl3dyd0wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExODY5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRMAMA0GCSqGSIb3DQEBCwUAA4IBAQBOJdvV
X/sD5HTcN2LP46V+0sLXTjr0sYLRnXElQ3J1H3uOmyC3I0It59lMcWMxFYTPA6Qj
rHJpk0RttwzoznUtfRSfXf3JZ+X5HmAZZiS1LG+KP6/Blt8YZYk0i0WQq00p2QZA
W2Eh+HWeaqJEsdmgTX+oi4kEWCy5y4zUCdxF7UyLAXcfRyEpkDP0k4I4drqGRN4n
EXbbYJ8G+SzZw6bR4Z9r73HCmEUN7LQCUL+0Dun5kPwTiktEcTSXrr0qLCilVJi1
Jm5rEMs0jPhu7l80R7l9TdmmEZBH8iZa1wS8+i14k+RO86JC2kzj9l51lH+svQLr
HLQndr+P2Q9dComH
-----END CERTIFICATE-----