Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212149.roa
File:                     AS212149.roa (raw, json)
Hash identifier:          ijhQv3Wk8E7cWS8VubbGmPOAlFfnSXIjAcw0catm0NE=
Subject key identifier:   33:4D:D4:09:7B:4F:88:77:45:3F:6C:A2:6C:3F:28:7C:D0:2D:32:58
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       6F26622040B0735ABA77C93ABC232BA4912F840C
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212149.roa
Signing time:             Sun 29 Sep 2024 21:48:32 +0000
ROA not before:           Sun 29 Sep 2024 21:43:32 +0000
ROA not after:            Sun 28 Sep 2025 21:48:32 +0000
asID:                     212149
IP address blocks:        2a05:dfc1:b00b::/48 maxlen: 48
                          2a06:1280:b00b::/48 maxlen: 48
                          2a06:1285:b00b::/48 maxlen: 48
                          2a09:54c4:b00b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:26:62:20:40:b0:73:5a:ba:77:c9:3a:bc:23:2b:a4:91:2f:84:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Sep 29 21:43:32 2024 GMT
            Not After : Sep 28 21:48:32 2025 GMT
        Subject: CN=334DD4097B4F8877453F6CA26C3F287CD02D3258
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:50:ff:6b:2e:5f:4d:e6:89:db:7e:76:57:02:
                    49:10:c3:a3:4d:f4:dc:7c:f0:59:c5:d7:34:f0:53:
                    d9:01:07:3c:95:02:10:8a:46:4e:a1:4d:6a:b6:b4:
                    27:84:79:ef:c8:0e:f7:79:0e:88:49:fc:5b:17:4f:
                    9d:a1:e4:65:9a:90:5a:ef:cb:d0:45:6f:28:e2:40:
                    78:b2:9f:1f:fe:15:54:97:b1:fc:fc:c6:d6:be:a2:
                    b7:c9:c7:95:4d:9c:a2:04:35:85:63:b0:1e:3d:a1:
                    3d:f4:5e:7d:a5:75:0a:9e:32:32:52:04:ad:85:cb:
                    20:4c:98:3d:ee:19:7d:29:e2:b8:6b:8c:83:45:a1:
                    7d:4e:5e:45:e2:f4:3d:2d:78:3d:69:43:89:8b:35:
                    71:36:7e:e9:fd:31:fa:13:60:fd:8b:2a:31:4f:9d:
                    11:ae:f9:41:3c:37:fd:c2:66:60:f0:9d:1a:ea:6f:
                    f2:b6:e4:7d:49:32:ec:eb:2b:db:0d:3a:23:fa:83:
                    77:c8:46:57:a8:67:ec:ed:ac:f2:14:f1:7f:df:08:
                    58:bc:8d:6e:82:14:a4:9d:91:63:0d:16:4c:0d:a7:
                    09:19:af:86:cd:08:93:34:90:4d:84:c8:c9:cd:92:
                    a6:5f:a5:51:83:6a:9c:a1:d6:09:50:ca:e4:9f:3d:
                    52:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:4D:D4:09:7B:4F:88:77:45:3F:6C:A2:6C:3F:28:7C:D0:2D:32:58
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212149.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc1:b00b::/48
                  2a06:1280:b00b::/48
                  2a06:1285:b00b::/48
                  2a09:54c4:b00b::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:50:66:b6:e1:33:ed:01:d9:a7:44:19:bd:7c:13:af:b0:1a:
         e2:78:1c:70:de:62:cb:58:8c:d6:b9:ac:89:79:95:c2:94:e8:
         65:78:65:61:7f:10:45:d4:34:75:1e:db:a4:73:1f:7d:0b:75:
         a0:bf:49:b5:15:c4:9e:12:58:19:06:3d:5c:92:70:be:7a:79:
         02:76:fd:98:3d:08:af:5f:57:8e:8f:61:85:41:ed:ce:b3:27:
         3c:e5:82:6d:20:a0:00:13:96:ab:d2:5c:91:9e:6b:73:4f:b8:
         59:b7:cc:64:5e:2e:7b:aa:1e:60:f4:69:0f:68:0d:61:06:ae:
         ca:ad:3b:f6:79:f3:ca:3b:96:fc:0c:f0:6d:93:44:fb:76:63:
         d8:55:ee:70:2a:92:f6:8a:66:f0:40:41:d1:a7:e2:4b:95:2c:
         0d:f4:34:e1:d1:6f:58:8a:a2:c5:33:c2:25:d0:92:bc:a3:e6:
         b6:0c:c3:12:69:83:93:e0:6e:ef:d8:79:bd:13:ba:d6:d3:74:
         61:7a:2d:fc:86:79:2d:83:bd:74:5d:96:12:4a:86:99:85:e3:
         b7:79:3d:bd:a5:a2:b2:70:88:08:44:89:20:08:85:0d:4e:cc:
         3d:5b:2e:31:a8:71:7b:a3:6d:35:78:07:dd:dc:1f:de:8c:df:
         78:39:5c:f3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUbyZiIECwc1q6d8k6vCMrpJEvhAwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA5MjkyMTQzMzJaFw0yNTA5MjgyMTQ4MzJaMDMxMTAvBgNV
BAMTKDMzNERENDA5N0I0Rjg4Nzc0NTNGNkNBMjZDM0YyODdDRDAyRDMyNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/UP9rLl9N5onbfnZXAkkQw6NN
9Nx88FnF1zTwU9kBBzyVAhCKRk6hTWq2tCeEee/IDvd5DohJ/FsXT52h5GWakFrv
y9BFbyjiQHiynx/+FVSXsfz8xta+orfJx5VNnKIENYVjsB49oT30Xn2ldQqeMjJS
BK2FyyBMmD3uGX0p4rhrjINFoX1OXkXi9D0teD1pQ4mLNXE2fun9MfoTYP2LKjFP
nRGu+UE8N/3CZmDwnRrqb/K25H1JMuzrK9sNOiP6g3fIRleoZ+ztrPIU8X/fCFi8
jW6CFKSdkWMNFkwNpwkZr4bNCJM0kE2EyMnNkqZfpVGDapyh1glQyuSfPVLzAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUM03UCXtPiHdFP2yibD8ofNAtMlgwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEyMTQ5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEH
AQH/BC4wLDAqBAIAAjAkAwcAKgXfwbALAwcAKgYSgLALAwcAKgYShbALAwcAKglU
xLALMA0GCSqGSIb3DQEBCwUAA4IBAQBMUGa24TPtAdmnRBm9fBOvsBrieBxw3mLL
WIzWuayJeZXClOhleGVhfxBF1DR1Htukcx99C3Wgv0m1FcSeElgZBj1cknC+enkC
dv2YPQivX1eOj2GFQe3Osyc85YJtIKAAE5ar0lyRnmtzT7hZt8xkXi57qh5g9GkP
aA1hBq7KrTv2efPKO5b8DPBtk0T7dmPYVe5wKpL2imbwQEHRp+JLlSwN9DTh0W9Y
iqLFM8Il0JK8o+a2DMMSaYOT4G7v2Hm9E7rW03Rhei38hnktg710XZYSSoaZheO3
eT29paKycIgIRIkgCIUNTsw9Wy4xqHF7o201eAfd3B/ejN94OVzz
-----END CERTIFICATE-----