Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212196.roa
File:                     AS212196.roa (raw, json)
Hash identifier:          O3JZjUXbDRA7cS0z2R/OC26cCw2eG8dagTbPIeepOKE=
Subject key identifier:   C6:01:4B:EF:7D:A1:48:C4:F4:2F:73:57:A6:B0:4F:EE:F7:71:64:D4
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       018F2F2AAC18BC377D0A34586AF6AD76BDEAA0E7
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212196.roa
Signing time:             Thu 28 Dec 2023 04:44:21 +0000
ROA not before:           Thu 28 Dec 2023 04:39:21 +0000
ROA not after:            Thu 26 Dec 2024 04:44:21 +0000
asID:                     212196
IP address blocks:        2a06:a005:2c10::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2f:2a:ac:18:bc:37:7d:0a:34:58:6a:f6:ad:76:bd:ea:a0:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec 28 04:39:21 2023 GMT
            Not After : Dec 26 04:44:21 2024 GMT
        Subject: CN=C6014BEF7DA148C4F42F7357A6B04FEEF77164D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b5:0a:88:cb:a0:9d:83:4e:b9:2a:8a:da:f5:
                    52:0f:1b:32:8a:85:17:08:2b:e1:bc:d5:f0:b3:ae:
                    a4:1a:49:89:93:e9:df:19:36:94:e5:c1:32:58:6b:
                    03:6c:ce:d0:88:3b:05:dc:51:ad:50:37:a7:d5:bd:
                    ca:ef:76:5d:4b:fd:d1:14:fb:0b:d3:a4:77:ce:ad:
                    8a:8c:13:e5:dd:c3:05:6c:c2:59:5f:0d:55:b6:33:
                    11:38:56:25:7c:1e:c9:ee:49:3f:d7:40:fe:7a:70:
                    35:92:e9:b8:4f:6e:05:89:79:a9:4e:73:8e:78:ac:
                    8d:2b:eb:7a:f8:7e:89:20:64:78:01:88:b6:91:34:
                    4d:80:00:be:c1:e5:2f:04:2c:7a:67:0b:30:26:76:
                    04:23:68:c8:85:e6:b5:d9:a5:44:86:50:f5:c5:1f:
                    88:69:e8:ed:ae:c4:07:24:dd:b5:19:2a:4b:84:b6:
                    3c:48:68:ea:7d:c8:f0:f3:a9:80:e5:a6:ed:19:07:
                    39:73:42:c0:4f:7b:af:e1:7c:ba:8c:f2:f7:4c:a5:
                    95:6c:01:2a:4b:79:df:cc:46:fc:c9:d2:10:da:8b:
                    df:a9:79:b7:c9:62:e0:cc:c0:04:8f:05:a4:93:5c:
                    50:5d:2e:b0:bb:e5:29:b3:03:7f:0e:0a:17:ba:44:
                    75:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:01:4B:EF:7D:A1:48:C4:F4:2F:73:57:A6:B0:4F:EE:F7:71:64:D4
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212196.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2c10::/44

    Signature Algorithm: sha256WithRSAEncryption
         c4:85:0f:86:1b:8e:bf:a4:40:e9:40:f9:21:d9:67:0a:cc:7e:
         2f:dd:73:28:4f:70:b9:31:44:f0:11:1a:65:fb:7a:e4:bb:c5:
         f2:65:b9:33:56:84:e9:0c:5f:7e:07:e1:5e:0e:a4:88:12:c8:
         30:94:a3:e3:4d:36:5a:a6:31:67:99:e4:30:ca:1e:7c:4b:26:
         bc:b1:b3:d7:80:cb:cd:da:c9:cb:82:df:e1:70:53:13:f5:ca:
         a4:66:bb:af:96:7d:3b:74:59:af:fc:f5:e3:9d:b0:50:c8:0f:
         1f:38:a7:de:e8:62:7a:89:a1:74:27:67:aa:e7:f7:26:c2:bb:
         ef:72:45:d0:75:5a:68:16:8c:cb:84:f7:78:71:89:41:18:2e:
         04:9b:a3:55:95:6b:49:32:af:d6:3d:da:83:a5:f2:af:f9:01:
         dc:75:cf:60:2d:46:c2:b7:91:c2:16:d7:37:fb:73:09:a7:ad:
         a5:1f:19:14:ed:3c:81:55:0f:40:72:bc:d9:00:64:1d:4e:cb:
         e0:a0:88:0b:3a:21:ba:1e:0e:cb:09:35:0a:1b:b9:6e:d9:ac:
         88:95:82:78:a9:2f:9e:db:55:a1:08:3a:60:6f:9a:ff:0f:5e:
         d3:90:b7:dd:34:57:f6:14:f3:77:e3:72:b8:7b:e8:cb:02:fa:
         d8:d2:c7:ee
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUAY8vKqwYvDd9CjRYavatdr3qoOcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMjgwNDM5MjFaFw0yNDEyMjYwNDQ0MjFaMDMxMTAvBgNV
BAMTKEM2MDE0QkVGN0RBMTQ4QzRGNDJGNzM1N0E2QjA0RkVFRjc3MTY0RDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6tQqIy6Cdg065Kora9VIPGzKK
hRcIK+G81fCzrqQaSYmT6d8ZNpTlwTJYawNsztCIOwXcUa1QN6fVvcrvdl1L/dEU
+wvTpHfOrYqME+XdwwVswllfDVW2MxE4ViV8HsnuST/XQP56cDWS6bhPbgWJealO
c454rI0r63r4fokgZHgBiLaRNE2AAL7B5S8ELHpnCzAmdgQjaMiF5rXZpUSGUPXF
H4hp6O2uxAck3bUZKkuEtjxIaOp9yPDzqYDlpu0ZBzlzQsBPe6/hfLqM8vdMpZVs
ASpLed/MRvzJ0hDai9+pebfJYuDMwASPBaSTXFBdLrC75SmzA38OChe6RHXvAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUxgFL732hSMT0L3NXprBP7vdxZNQwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEyMTk2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSwQMA0GCSqGSIb3DQEBCwUAA4IBAQDEhQ+G
G46/pEDpQPkh2WcKzH4v3XMoT3C5MUTwERpl+3rku8XyZbkzVoTpDF9+B+FeDqSI
EsgwlKPjTTZapjFnmeQwyh58Sya8sbPXgMvN2snLgt/hcFMT9cqkZruvln07dFmv
/PXjnbBQyA8fOKfe6GJ6iaF0J2eq5/cmwrvvckXQdVpoFozLhPd4cYlBGC4Em6NV
lWtJMq/WPdqDpfKv+QHcdc9gLUbCt5HCFtc3+3MJp62lHxkU7TyBVQ9AcrzZAGQd
TsvgoIgLOiG6Hg7LCTUKG7lu2ayIlYJ4qS+e21WhCDpgb5r/D17TkLfdNFf2FPN3
43K4e+jLAvrY0sfu
-----END CERTIFICATE-----