Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212746.roa
File:                     AS212746.roa (raw, json)
Hash identifier:          VfZtzxWfsYHifH01hSaIC9aed/DJVKW2gLjvKMueD68=
Subject key identifier:   22:BE:27:65:85:36:12:43:E6:6E:59:9F:A8:D7:2E:0A:FE:78:25:37
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       3CF60BC1B16AB57626B81CF40A25E90AE2F06AD1
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212746.roa
Signing time:             Tue 05 Dec 2023 02:44:18 +0000
ROA not before:           Tue 05 Dec 2023 02:39:18 +0000
ROA not after:            Tue 03 Dec 2024 02:44:18 +0000
asID:                     212746
IP address blocks:        2a06:a005:1020::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:f6:0b:c1:b1:6a:b5:76:26:b8:1c:f4:0a:25:e9:0a:e2:f0:6a:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:18 2023 GMT
            Not After : Dec  3 02:44:18 2024 GMT
        Subject: CN=22BE276585361243E66E599FA8D72E0AFE782537
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:32:88:53:33:5b:8c:8c:22:c4:72:a2:50:31:
                    38:5e:4d:b4:f0:67:1a:48:13:5c:ea:c7:1b:27:cd:
                    4a:51:86:f3:6d:54:92:94:19:6b:e5:1d:ff:37:67:
                    8e:48:00:9a:b9:75:13:da:96:2f:01:39:a9:84:d9:
                    cb:40:07:5f:96:e4:b1:bf:74:31:c3:54:09:1b:2a:
                    97:3f:cb:c9:96:4f:05:81:e0:6a:94:29:87:18:d5:
                    36:93:16:be:e1:d6:6c:09:2b:a7:95:f8:f2:3a:fd:
                    1d:dd:ef:ee:a5:38:16:5c:19:c6:c0:20:c3:2b:3c:
                    92:be:3f:14:3a:b9:b2:6a:f0:49:37:67:fb:3a:92:
                    2b:4f:68:12:43:8d:a4:d3:21:81:b0:39:43:a9:bb:
                    1f:58:83:d1:a6:9f:00:0b:9b:f8:36:a3:94:e7:b5:
                    2b:31:80:f5:e1:71:53:61:ac:96:07:bf:6f:0c:39:
                    63:ed:38:4e:62:f3:bd:f6:b4:6a:7f:32:d5:0c:05:
                    d2:98:7d:e1:f6:c5:34:26:bb:14:5c:d6:15:61:4a:
                    15:c6:29:a8:83:dc:7d:a5:5c:7f:a5:ad:b8:fc:ee:
                    82:c6:88:47:a8:82:45:f0:a8:51:ee:44:8e:55:a2:
                    53:e4:7e:ce:de:89:1e:d3:ee:e5:42:99:81:ba:f0:
                    f0:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:BE:27:65:85:36:12:43:E6:6E:59:9F:A8:D7:2E:0A:FE:78:25:37
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212746.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1020::/44

    Signature Algorithm: sha256WithRSAEncryption
         1c:f9:82:6e:7c:b2:0c:d7:61:a5:17:c3:1f:17:5f:7d:20:06:
         04:0e:b6:90:f3:13:b8:df:f7:13:8a:cc:4f:3d:bb:41:67:1b:
         9d:5b:01:7d:4e:8c:fe:a8:62:0b:9f:f5:69:c1:82:23:e5:c9:
         d0:de:ca:b6:41:ed:4a:41:bb:b7:19:97:c2:19:9d:b8:ad:7d:
         f4:4a:9e:62:be:e4:11:32:aa:fa:32:e2:f4:6e:d5:07:6e:74:
         d7:5b:d5:dc:89:49:58:7b:4d:2e:a8:d7:01:43:d5:df:8e:61:
         09:09:8e:1f:85:9e:70:3f:7f:ec:ac:f8:80:12:82:c9:4b:bc:
         26:57:4d:31:5d:df:b2:4b:f3:48:36:97:06:2f:aa:61:f3:39:
         86:1e:95:2b:a3:9a:e4:2d:53:f2:3e:55:62:0e:d1:d9:ac:ad:
         d2:a8:3c:ed:1b:2d:cd:55:1e:39:aa:9f:0d:7b:ad:e3:53:80:
         e7:f6:33:7f:95:5d:ac:50:14:e8:00:46:05:00:44:8b:87:cb:
         1f:c7:e6:d7:f2:2b:f6:37:e8:ab:eb:10:b3:33:de:26:d7:3e:
         0b:ae:c1:b5:54:b1:74:0f:5c:58:8e:2f:51:c7:7a:08:58:59:
         42:b6:61:9d:6f:f1:14:0c:96:c4:4a:f1:6e:d7:14:f3:13:37:
         b5:ac:d2:3b
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUPPYLwbFqtXYmuBz0CiXpCuLwatEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MThaFw0yNDEyMDMwMjQ0MThaMDMxMTAvBgNV
BAMTKDIyQkUyNzY1ODUzNjEyNDNFNjZFNTk5RkE4RDcyRTBBRkU3ODI1MzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpMohTM1uMjCLEcqJQMTheTbTw
ZxpIE1zqxxsnzUpRhvNtVJKUGWvlHf83Z45IAJq5dRPali8BOamE2ctAB1+W5LG/
dDHDVAkbKpc/y8mWTwWB4GqUKYcY1TaTFr7h1mwJK6eV+PI6/R3d7+6lOBZcGcbA
IMMrPJK+PxQ6ubJq8Ek3Z/s6kitPaBJDjaTTIYGwOUOpux9Yg9GmnwALm/g2o5Tn
tSsxgPXhcVNhrJYHv28MOWPtOE5i8732tGp/MtUMBdKYfeH2xTQmuxRc1hVhShXG
KaiD3H2lXH+lrbj87oLGiEeogkXwqFHuRI5VolPkfs7eiR7T7uVCmYG68PBNAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUIr4nZYU2EkPmblmfqNcuCv54JTcwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEyNzQ2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRAgMA0GCSqGSIb3DQEBCwUAA4IBAQAc+YJu
fLIM12GlF8MfF199IAYEDraQ8xO43/cTisxPPbtBZxudWwF9Toz+qGILn/VpwYIj
5cnQ3sq2Qe1KQbu3GZfCGZ24rX30Sp5ivuQRMqr6MuL0btUHbnTXW9XciUlYe00u
qNcBQ9XfjmEJCY4fhZ5wP3/srPiAEoLJS7wmV00xXd+yS/NINpcGL6ph8zmGHpUr
o5rkLVPyPlViDtHZrK3SqDztGy3NVR45qp8Ne63jU4Dn9jN/lV2sUBToAEYFAESL
h8sfx+bX8iv2N+ir6xCzM94m1z4LrsG1VLF0D1xYji9Rx3oIWFlCtmGdb/EUDJbE
SvFu1xTzEze1rNI7
-----END CERTIFICATE-----