Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212359.roa
File:                     AS212359.roa (raw, json)
Hash identifier:          PhGnIazdNwSmpUXD9k3yIRa/NYCYldXU9QaQvIN9/xw=
Subject key identifier:   CB:C9:C4:4D:90:A2:19:BF:13:02:61:0C:3A:7D:F6:2F:F4:8D:66:C5
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       3CE5BA59902088A1E14791B538B4DDCCF091E283
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212359.roa
Signing time:             Tue 05 Nov 2024 03:40:05 +0000
ROA not before:           Tue 05 Nov 2024 03:35:05 +0000
ROA not after:            Tue 04 Nov 2025 03:40:05 +0000
asID:                     212359
IP address blocks:        2a06:a005:1c0::/44 maxlen: 48
                          2a06:a005:1d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:e5:ba:59:90:20:88:a1:e1:47:91:b5:38:b4:dd:cc:f0:91:e2:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:05 2024 GMT
            Not After : Nov  4 03:40:05 2025 GMT
        Subject: CN=CBC9C44D90A219BF1302610C3A7DF62FF48D66C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:25:14:52:f9:95:88:36:76:3b:01:ca:15:01:
                    62:f2:8c:d6:b1:33:bc:a2:c9:07:2c:7b:ef:86:5a:
                    17:48:23:d8:5e:7c:a5:dc:98:f1:e0:c1:47:a0:57:
                    c4:bf:8d:4a:ff:ce:3e:01:5c:14:98:5c:3d:de:f8:
                    06:97:1b:ed:86:a0:25:77:f8:50:b5:43:ed:dc:35:
                    53:a6:ba:38:ce:e9:21:c5:7e:af:09:48:9d:8e:d1:
                    da:09:a6:5b:5b:64:87:5d:70:a5:30:88:ae:59:4b:
                    37:ba:e0:30:94:6c:8b:cb:e1:1c:23:09:de:e4:91:
                    13:10:12:d9:06:24:95:ff:6e:64:fa:ce:35:ce:38:
                    ef:93:48:7b:89:40:2c:7d:93:df:b8:b0:30:9a:7a:
                    5c:ef:bd:15:ed:a4:fe:37:2b:b4:d9:20:15:79:c1:
                    cc:3b:30:c2:62:1d:04:b3:6d:66:01:be:ee:62:60:
                    8f:72:39:c9:74:61:d1:aa:c0:e0:e0:87:7b:1a:6b:
                    39:69:93:2b:80:ff:12:cc:a1:ea:6c:8a:cb:20:da:
                    ac:5a:69:c5:2b:e2:02:2b:13:d6:49:7f:cc:46:4c:
                    f0:ff:e3:c5:fb:dd:de:71:f1:56:02:9c:75:2d:4e:
                    0a:26:8e:b7:9f:e4:0f:0b:12:50:0e:e6:10:63:28:
                    b8:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:C9:C4:4D:90:A2:19:BF:13:02:61:0C:3A:7D:F6:2F:F4:8D:66:C5
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212359.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1c0::/43

    Signature Algorithm: sha256WithRSAEncryption
         25:e3:0d:1f:d0:d3:2a:a4:b3:cb:23:50:a9:6a:d7:05:9d:79:
         ca:0d:90:39:bf:7c:04:9a:c7:84:7f:e6:32:f9:61:c8:55:e6:
         95:42:e4:0f:24:4f:15:66:47:2f:a6:45:45:60:fe:9e:2e:24:
         cb:99:16:14:82:64:29:1b:96:50:e0:1d:73:18:69:80:02:65:
         a4:03:cd:9e:3f:39:2b:a6:81:e8:5c:7e:a1:1f:4d:f7:81:0c:
         2f:64:48:52:22:c5:e1:62:ee:1e:90:e0:79:6a:99:e3:64:ff:
         8d:2d:aa:b7:a4:4c:b8:ad:0f:d0:2e:5a:08:ef:1f:b6:17:16:
         f4:ec:ca:6d:ad:7a:fe:32:d1:cc:de:b5:27:39:72:96:3b:79:
         67:f9:bf:fb:56:5e:2c:9b:6f:e1:e3:5c:6b:d1:d0:a6:e1:ad:
         52:14:c2:b5:8f:21:7f:15:41:3f:de:17:ac:4b:35:e6:3a:93:
         48:7f:17:aa:e2:1c:ee:91:e3:a9:45:ec:dd:e5:4e:1e:e9:3c:
         a9:11:95:fd:78:18:d6:fa:74:9a:9f:54:76:e9:a3:fa:5b:8d:
         e1:1d:c9:0e:00:36:c4:ba:bc:4c:72:42:2a:fa:81:1b:2f:fb:
         68:42:98:be:6d:97:31:a2:63:86:df:2e:98:ce:0c:4c:12:b1:
         c7:41:6c:c3
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUPOW6WZAgiKHhR5G1OLTdzPCR4oMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDVaFw0yNTExMDQwMzQwMDVaMDMxMTAvBgNV
BAMTKENCQzlDNDREOTBBMjE5QkYxMzAyNjEwQzNBN0RGNjJGRjQ4RDY2QzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUJRRS+ZWINnY7AcoVAWLyjNax
M7yiyQcse++GWhdII9hefKXcmPHgwUegV8S/jUr/zj4BXBSYXD3e+AaXG+2GoCV3
+FC1Q+3cNVOmujjO6SHFfq8JSJ2O0doJpltbZIddcKUwiK5ZSze64DCUbIvL4Rwj
Cd7kkRMQEtkGJJX/bmT6zjXOOO+TSHuJQCx9k9+4sDCaelzvvRXtpP43K7TZIBV5
wcw7MMJiHQSzbWYBvu5iYI9yOcl0YdGqwODgh3saazlpkyuA/xLMoepsissg2qxa
acUr4gIrE9ZJf8xGTPD/48X73d5x8VYCnHUtTgomjref5A8LElAO5hBjKLjZAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUy8nETZCiGb8TAmEMOn32L/SNZsUwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEyMzU5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcFKgagBQHAMA0GCSqGSIb3DQEBCwUAA4IBAQAl4w0f
0NMqpLPLI1CpatcFnXnKDZA5v3wEmseEf+Yy+WHIVeaVQuQPJE8VZkcvpkVFYP6e
LiTLmRYUgmQpG5ZQ4B1zGGmAAmWkA82ePzkrpoHoXH6hH033gQwvZEhSIsXhYu4e
kOB5apnjZP+NLaq3pEy4rQ/QLloI7x+2Fxb07MptrXr+MtHM3rUnOXKWO3ln+b/7
Vl4sm2/h41xr0dCm4a1SFMK1jyF/FUE/3hesSzXmOpNIfxeq4hzukeOpRezd5U4e
6TypEZX9eBjW+nSan1R26aP6W43hHckOADbEurxMckIq+oEbL/toQpi+bZcxomOG
3y6YzgxMErHHQWzD
-----END CERTIFICATE-----