Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212085.roa
File:                     AS212085.roa (raw, json)
Hash identifier:          gd4cDTvSYCBos7wmYjwoTab1HewZGx2slzenqXmA4gc=
Subject key identifier:   E2:07:42:4B:0E:C7:2B:94:37:89:EE:85:1C:52:C0:A0:D3:29:80:37
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       3C66FEE01E3D70A07B2BA2E393D8B594EA4F7FEC
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212085.roa
Signing time:             Thu 20 Jun 2024 11:39:57 +0000
ROA not before:           Thu 20 Jun 2024 11:34:57 +0000
ROA not after:            Thu 19 Jun 2025 11:39:57 +0000
asID:                     212085
IP address blocks:        2a06:a001:a070::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:66:fe:e0:1e:3d:70:a0:7b:2b:a2:e3:93:d8:b5:94:ea:4f:7f:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jun 20 11:34:57 2024 GMT
            Not After : Jun 19 11:39:57 2025 GMT
        Subject: CN=E207424B0EC72B943789EE851C52C0A0D3298037
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:3f:58:7e:42:6a:ad:51:34:c1:e6:5e:33:1a:
                    6d:f7:37:47:c0:2f:c9:53:fa:9d:64:6b:24:d7:61:
                    3f:a8:7f:cb:d1:e3:db:57:f9:1c:68:6c:b2:f9:d5:
                    a0:15:bf:c7:d6:79:74:2e:4c:57:e8:cc:70:4e:1c:
                    54:01:26:9f:b8:fe:95:32:61:e1:28:88:de:5c:43:
                    b6:ad:28:45:bb:c3:b9:67:21:af:3d:28:26:cd:38:
                    77:85:4d:21:4b:ea:a9:44:be:ba:d6:37:a7:d7:32:
                    49:3e:a7:7a:eb:1b:c0:4d:7d:eb:e9:9f:76:36:61:
                    b2:ca:a0:e9:0e:58:35:c0:bb:31:ed:bd:76:6a:d0:
                    81:c0:4e:c7:ba:2c:c4:74:01:4c:c0:8c:04:a9:2d:
                    8c:99:3d:25:59:23:6c:4d:41:da:c4:af:d0:fa:c4:
                    0f:37:17:ce:c4:9d:88:60:fc:79:13:8e:3a:a9:0e:
                    a5:4d:5e:7a:34:1f:ba:d1:e3:89:27:2c:3d:00:39:
                    3d:2e:20:7f:1e:b3:f9:a6:a5:ee:91:24:69:5d:db:
                    e4:0d:43:89:86:3c:a9:36:7f:a3:4a:01:48:91:81:
                    e4:f6:07:54:9b:f7:15:bc:f7:96:35:a0:d1:3d:70:
                    72:f7:ef:ab:ff:81:99:8b:bb:e9:44:66:52:73:66:
                    57:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:07:42:4B:0E:C7:2B:94:37:89:EE:85:1C:52:C0:A0:D3:29:80:37
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212085.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a001:a070::/44

    Signature Algorithm: sha256WithRSAEncryption
         81:06:e4:29:08:0c:c2:2e:71:fc:2f:0e:24:a9:25:c5:0b:35:
         01:09:32:c0:8e:d2:72:0f:08:2f:be:f0:c5:d8:97:ca:0e:0c:
         f0:81:37:c8:e1:0f:91:ef:47:c8:67:e9:8e:6f:ec:26:72:6e:
         38:ec:98:46:82:79:39:30:e2:c5:f0:21:f2:26:72:d7:72:c3:
         82:74:5e:06:0a:e2:fa:81:0b:a8:27:1c:6d:c2:fd:bb:4a:39:
         73:83:48:bf:32:5d:0c:28:fe:32:22:b9:f0:ac:e3:32:73:9e:
         8f:07:65:f5:90:b2:54:d5:14:11:f4:d2:75:32:c1:84:a8:2b:
         70:bd:57:83:a3:17:1e:76:b6:0b:e1:d9:a6:e9:e5:5d:f9:23:
         77:f8:a4:bf:90:72:66:08:64:6b:23:fd:9d:f4:0b:13:2d:62:
         8c:a9:e7:1f:c3:c1:0f:7f:3c:45:e9:5a:8b:83:43:0f:43:55:
         66:0b:63:95:b4:47:4c:61:47:2f:fd:7e:d7:7d:32:71:92:15:
         a1:26:ef:9f:5e:ce:8b:1a:5a:ed:06:a4:96:3f:e0:a5:e4:1b:
         45:8b:fe:05:e8:b6:ff:67:f7:58:4a:f2:c7:20:ad:9d:4f:8e:
         c1:41:85:a3:fb:f8:14:7f:dd:1a:39:55:cc:29:1e:bb:2e:67:
         72:51:b6:3b
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUPGb+4B49cKB7K6Ljk9i1lOpPf+wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA2MjAxMTM0NTdaFw0yNTA2MTkxMTM5NTdaMDMxMTAvBgNV
BAMTKEUyMDc0MjRCMEVDNzJCOTQzNzg5RUU4NTFDNTJDMEEwRDMyOTgwMzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRP1h+QmqtUTTB5l4zGm33N0fA
L8lT+p1kayTXYT+of8vR49tX+RxobLL51aAVv8fWeXQuTFfozHBOHFQBJp+4/pUy
YeEoiN5cQ7atKEW7w7lnIa89KCbNOHeFTSFL6qlEvrrWN6fXMkk+p3rrG8BNfevp
n3Y2YbLKoOkOWDXAuzHtvXZq0IHATse6LMR0AUzAjASpLYyZPSVZI2xNQdrEr9D6
xA83F87EnYhg/HkTjjqpDqVNXno0H7rR44knLD0AOT0uIH8es/mmpe6RJGld2+QN
Q4mGPKk2f6NKAUiRgeT2B1Sb9xW895Y1oNE9cHL376v/gZmLu+lEZlJzZle/AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU4gdCSw7HK5Q3ie6FHFLAoNMpgDcwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEyMDg1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagAaBwMA0GCSqGSIb3DQEBCwUAA4IBAQCBBuQp
CAzCLnH8Lw4kqSXFCzUBCTLAjtJyDwgvvvDF2JfKDgzwgTfI4Q+R70fIZ+mOb+wm
cm447JhGgnk5MOLF8CHyJnLXcsOCdF4GCuL6gQuoJxxtwv27Sjlzg0i/Ml0MKP4y
IrnwrOMyc56PB2X1kLJU1RQR9NJ1MsGEqCtwvVeDoxcedrYL4dmm6eVd+SN3+KS/
kHJmCGRrI/2d9AsTLWKMqecfw8EPfzxF6VqLg0MPQ1VmC2OVtEdMYUcv/X7XfTJx
khWhJu+fXs6LGlrtBqSWP+Cl5BtFi/4F6Lb/Z/dYSvLHIK2dT47BQYWj+/gUf90a
OVXMKR67LmdyUbY7
-----END CERTIFICATE-----