Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211946.roa
File:                     AS211946.roa (raw, json)
Hash identifier:          D8fj5OgT0eC6tJOct0ZUdthne9fgGC4W2W8e7GnJbgs=
Subject key identifier:   53:53:52:A0:49:45:67:5C:10:CB:AC:26:25:92:22:5D:AE:28:AE:7C
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       26ED13A2CEDF7BEB80DAED37CEBBE010004996AD
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211946.roa
Signing time:             Tue 05 Dec 2023 02:44:15 +0000
ROA not before:           Tue 05 Dec 2023 02:39:15 +0000
ROA not after:            Tue 03 Dec 2024 02:44:15 +0000
asID:                     211946
IP address blocks:        2a06:a005:f40::/44 maxlen: 48
                          2a06:a005:1bd0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:ed:13:a2:ce:df:7b:eb:80:da:ed:37:ce:bb:e0:10:00:49:96:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:15 2023 GMT
            Not After : Dec  3 02:44:15 2024 GMT
        Subject: CN=535352A04945675C10CBAC262592225DAE28AE7C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:85:77:1c:87:6f:61:fa:02:2a:7e:32:2c:10:
                    c3:0b:e3:b3:98:ff:bd:04:0e:31:d8:4c:0b:0e:1f:
                    64:e1:b0:ff:f8:cf:16:b0:89:1e:61:3c:99:e0:f3:
                    99:28:40:2d:48:05:c4:df:1c:7a:68:6c:c8:8f:d9:
                    68:6e:1a:56:87:33:39:c2:55:b7:ad:65:88:6b:90:
                    5a:11:6d:a0:9c:d2:c4:f9:1f:7a:90:63:62:50:7f:
                    7a:59:a2:5a:5a:90:b7:ec:eb:39:67:47:79:77:9c:
                    8a:3f:38:1a:b7:e0:31:7a:9d:22:96:8c:f8:35:12:
                    dd:32:ba:e4:5b:49:01:75:d1:5f:82:57:b5:e7:6f:
                    15:f0:dc:33:4a:d1:88:34:bb:31:b4:91:a3:82:6f:
                    93:29:13:52:22:fc:cf:03:1b:e6:12:7d:ea:7e:8f:
                    81:12:f1:ee:ef:a0:1e:62:32:d2:af:50:45:34:31:
                    84:7f:f9:97:49:56:87:a8:3b:98:64:95:11:7d:85:
                    83:3e:99:7e:e8:07:6b:0d:15:f0:3c:3a:f8:19:e4:
                    40:41:22:37:1e:00:03:02:20:a8:f8:e6:f4:60:a1:
                    09:34:da:62:f8:ef:84:0a:1f:dc:84:c5:fc:c8:52:
                    9b:57:6e:c7:22:5d:45:7b:5a:55:90:8b:74:ee:54:
                    ba:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:53:52:A0:49:45:67:5C:10:CB:AC:26:25:92:22:5D:AE:28:AE:7C
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS211946.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:f40::/44
                  2a06:a005:1bd0::/44

    Signature Algorithm: sha256WithRSAEncryption
         09:f3:85:76:be:d0:b5:0a:b5:e4:b6:41:e2:d5:9c:5c:ff:66:
         e2:29:6a:ab:27:2f:21:ce:5f:f6:ba:62:02:29:8c:7a:ca:1f:
         60:9b:09:f8:42:bb:a6:72:13:a4:83:d5:62:18:92:37:96:c7:
         d3:d6:97:15:4d:a2:4d:7e:11:8c:3c:e3:b2:78:02:83:95:fc:
         9e:df:07:8c:b2:cc:f1:09:c5:5b:7f:74:d4:33:72:06:57:8d:
         6a:1f:d0:5c:d8:20:e4:c8:61:05:77:b0:2a:6b:50:b5:9b:df:
         0f:7e:2b:71:3f:a7:ae:18:19:ef:59:e9:9f:a1:e5:8d:f0:13:
         63:b5:f8:7b:e0:0d:fe:a6:a5:07:c6:e2:04:a6:e4:b4:77:dd:
         34:77:b8:c8:91:6d:48:27:46:01:59:f2:19:8f:d3:b5:a5:73:
         6a:fd:5c:d3:d7:25:2a:04:86:88:7a:4d:e9:d6:88:8e:37:fe:
         c3:b2:70:da:ac:47:dc:59:0f:43:30:a0:43:00:41:8d:54:76:
         81:1a:f9:63:a0:3d:32:40:e5:0f:56:dc:03:7f:16:99:8f:f3:
         f8:aa:73:5a:f8:ec:e6:db:0f:79:a2:56:f8:a9:d2:6f:7f:ce:
         4a:a7:a7:ca:9f:04:fa:63:8d:96:b4:5a:7e:09:ab:7d:69:bb:
         7e:c9:cf:b0
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUJu0Tos7fe+uA2u03zrvgEABJlq0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTVaFw0yNDEyMDMwMjQ0MTVaMDMxMTAvBgNV
BAMTKDUzNTM1MkEwNDk0NTY3NUMxMENCQUMyNjI1OTIyMjVEQUUyOEFFN0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hXcch29h+gIqfjIsEMML47OY
/70EDjHYTAsOH2ThsP/4zxawiR5hPJng85koQC1IBcTfHHpobMiP2WhuGlaHMznC
VbetZYhrkFoRbaCc0sT5H3qQY2JQf3pZolpakLfs6zlnR3l3nIo/OBq34DF6nSKW
jPg1Et0yuuRbSQF10V+CV7XnbxXw3DNK0Yg0uzG0kaOCb5MpE1Ii/M8DG+YSfep+
j4ES8e7voB5iMtKvUEU0MYR/+ZdJVoeoO5hklRF9hYM+mX7oB2sNFfA8OvgZ5EBB
IjceAAMCIKj45vRgoQk02mL474QKH9yExfzIUptXbsciXUV7WlWQi3TuVLodAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUU1NSoElFZ1wQy6wmJZIiXa4ornwwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjExOTQ2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcEKgagBQ9AAwcEKgagBRvQMA0GCSqGSIb3DQEBCwUA
A4IBAQAJ84V2vtC1CrXktkHi1Zxc/2biKWqrJy8hzl/2umICKYx6yh9gmwn4Qrum
chOkg9ViGJI3lsfT1pcVTaJNfhGMPOOyeAKDlfye3weMsszxCcVbf3TUM3IGV41q
H9Bc2CDkyGEFd7Aqa1C1m98PfitxP6euGBnvWemfoeWN8BNjtfh74A3+pqUHxuIE
puS0d900d7jIkW1IJ0YBWfIZj9O1pXNq/VzT1yUqBIaIek3p1oiON/7DsnDarEfc
WQ9DMKBDAEGNVHaBGvljoD0yQOUPVtwDfxaZj/P4qnNa+Ozm2w95olb4qdJvf85K
p6fKnwT6Y42WtFp+Cat9abt+yc+w
-----END CERTIFICATE-----