Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211946.roa
File:                     AS211946.roa (raw, json)
Hash identifier:          7c+iuIODmm0I+XsUY8XFNd4Pb3WBAc29fBQE8IxLxPM=
Subject key identifier:   1B:3F:A8:76:15:30:EC:70:DA:E6:E3:75:7F:36:3F:74:9F:13:0A:3B
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       1ED034C42E130FB6D48337401B49EB3523D9D9C8
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211946.roa
Signing time:             Tue 05 Nov 2024 03:40:07 +0000
ROA not before:           Tue 05 Nov 2024 03:35:07 +0000
ROA not after:            Tue 04 Nov 2025 03:40:07 +0000
asID:                     211946
IP address blocks:        2a06:a005:f40::/44 maxlen: 48
                          2a06:a005:1bd0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:d0:34:c4:2e:13:0f:b6:d4:83:37:40:1b:49:eb:35:23:d9:d9:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:07 2024 GMT
            Not After : Nov  4 03:40:07 2025 GMT
        Subject: CN=1B3FA8761530EC70DAE6E3757F363F749F130A3B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:92:95:f1:3f:3a:6c:09:08:60:ce:13:3c:bc:
                    21:77:02:54:3a:ee:4a:f7:92:ff:f8:36:16:08:2f:
                    31:9a:3a:4a:1a:c2:eb:83:1c:02:71:0d:b4:fd:2e:
                    ba:1f:c3:9f:65:c4:fe:e6:e0:bf:f9:7f:dc:46:ae:
                    18:be:b2:c9:99:c6:63:fc:12:9a:b8:75:8a:52:3f:
                    76:3e:e4:44:b5:bf:65:b7:a4:96:6c:47:3b:44:18:
                    8d:66:00:7c:87:89:0e:3f:9c:b6:93:33:e0:4e:8b:
                    ee:f2:76:8a:aa:b4:a6:4b:6d:5d:b2:74:a9:54:44:
                    2d:c3:1d:bb:97:cd:8b:ac:11:1f:25:80:e5:6a:59:
                    26:96:5c:fe:e9:23:6f:5d:a9:6f:29:c0:4c:6e:a5:
                    74:96:28:5e:bb:c3:61:b4:23:2a:f3:18:e3:33:40:
                    71:71:b0:bb:5b:07:f2:8f:83:2a:3f:ae:78:9a:29:
                    cf:2b:a9:cc:d7:e1:a7:6b:e4:04:2d:12:f5:1d:57:
                    e6:5f:ef:30:5f:37:63:3c:43:49:ae:ed:1d:4b:cf:
                    d4:c0:3f:35:3a:69:a9:25:a1:51:82:c8:26:d7:fd:
                    dd:b7:ac:f8:b0:f6:5e:94:7a:bf:6e:5c:ed:1e:b5:
                    00:78:49:c8:53:cb:25:cc:20:08:d4:4a:96:22:15:
                    18:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:3F:A8:76:15:30:EC:70:DA:E6:E3:75:7F:36:3F:74:9F:13:0A:3B
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211946.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:f40::/44
                  2a06:a005:1bd0::/44

    Signature Algorithm: sha256WithRSAEncryption
         cd:3d:4a:d1:36:93:2b:2b:45:fd:0b:87:b0:fd:50:14:a3:7e:
         cd:89:95:d2:3f:26:ee:20:68:72:bd:98:42:65:a2:4b:39:80:
         fd:65:e9:24:5c:55:a2:ee:f8:2a:63:17:39:16:b8:53:7d:9b:
         db:b7:c4:72:76:6e:4c:67:87:83:3a:0c:ac:da:dd:d0:6d:73:
         86:53:67:cc:ef:4d:ba:9c:08:89:aa:14:ac:85:f4:da:1e:a0:
         a9:6b:4e:70:7f:c6:81:52:44:32:6b:d0:79:39:f5:76:cc:71:
         12:03:0e:2b:db:24:77:67:60:d0:37:dc:78:3d:ce:c5:94:d9:
         d6:74:41:5d:22:6a:1f:21:7d:55:57:a8:72:cb:80:6b:d9:4b:
         91:28:82:2e:54:13:e3:65:f2:46:39:3a:df:c1:4a:91:1c:2a:
         00:e7:ef:a4:34:21:cb:e1:fb:b0:ef:ea:94:24:e9:8d:a7:b1:
         29:d4:2c:56:7e:c2:66:73:2e:51:9d:da:d6:32:4f:dd:38:fd:
         5d:ac:b0:09:42:db:3f:d6:88:d6:d0:31:1f:61:e8:eb:52:f9:
         65:06:55:8b:59:f9:09:03:38:64:d2:dc:8e:fc:1e:25:b2:28:
         bb:f3:cc:fb:cf:98:fe:22:b8:74:16:b1:13:41:a7:ef:cd:e7:
         02:d9:7e:c0
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUHtA0xC4TD7bUgzdAG0nrNSPZ2cgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDdaFw0yNTExMDQwMzQwMDdaMDMxMTAvBgNV
BAMTKDFCM0ZBODc2MTUzMEVDNzBEQUU2RTM3NTdGMzYzRjc0OUYxMzBBM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpkpXxPzpsCQhgzhM8vCF3AlQ6
7kr3kv/4NhYILzGaOkoawuuDHAJxDbT9Lrofw59lxP7m4L/5f9xGrhi+ssmZxmP8
Epq4dYpSP3Y+5ES1v2W3pJZsRztEGI1mAHyHiQ4/nLaTM+BOi+7ydoqqtKZLbV2y
dKlURC3DHbuXzYusER8lgOVqWSaWXP7pI29dqW8pwExupXSWKF67w2G0IyrzGOMz
QHFxsLtbB/KPgyo/rniaKc8rqczX4adr5AQtEvUdV+Zf7zBfN2M8Q0mu7R1Lz9TA
PzU6aakloVGCyCbX/d23rPiw9l6Uer9uXO0etQB4SchTyyXMIAjUSpYiFRgXAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUGz+odhUw7HDa5uN1fzY/dJ8TCjswHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExOTQ2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcEKgagBQ9AAwcEKgagBRvQMA0GCSqGSIb3DQEBCwUA
A4IBAQDNPUrRNpMrK0X9C4ew/VAUo37NiZXSPybuIGhyvZhCZaJLOYD9ZekkXFWi
7vgqYxc5FrhTfZvbt8Rydm5MZ4eDOgys2t3QbXOGU2fM7026nAiJqhSshfTaHqCp
a05wf8aBUkQya9B5OfV2zHESAw4r2yR3Z2DQN9x4Pc7FlNnWdEFdImofIX1VV6hy
y4Br2UuRKIIuVBPjZfJGOTrfwUqRHCoA5++kNCHL4fuw7+qUJOmNp7Ep1CxWfsJm
cy5RndrWMk/dOP1drLAJQts/1ojW0DEfYejrUvllBlWLWfkJAzhk0tyO/B4lsii7
88z7z5j+Irh0FrETQafvzecC2X7A
-----END CERTIFICATE-----