Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212789.roa
File:                     AS212789.roa (raw, json)
Hash identifier:          xUKm6cjJiylf5V20NOZu0EHYXapkQCQs04RSbCgzM20=
Subject key identifier:   05:A7:58:62:6B:B8:CE:FE:B4:7B:C7:07:A1:18:5B:BE:B7:3E:F6:44
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       5CB508D6032239B0CF1CC5364776475AC9AE4F3A
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212789.roa
Signing time:             Tue 05 Nov 2024 03:39:59 +0000
ROA not before:           Tue 05 Nov 2024 03:34:59 +0000
ROA not after:            Tue 04 Nov 2025 03:39:59 +0000
asID:                     212789
IP address blocks:        2a06:a005:1ca0::/44 maxlen: 48
                          2a06:a005:1cb0::/44 maxlen: 48
                          2a06:a005:1cc0::/44 maxlen: 48
                          2a06:a005:1cd0::/44 maxlen: 48
                          2a06:a005:1ce0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 15:28:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:b5:08:d6:03:22:39:b0:cf:1c:c5:36:47:76:47:5a:c9:ae:4f:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:34:59 2024 GMT
            Not After : Nov  4 03:39:59 2025 GMT
        Subject: CN=05A758626BB8CEFEB47BC707A1185BBEB73EF644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f9:8d:da:bb:95:3b:59:77:8b:a3:24:9b:fd:
                    3c:84:c6:a2:cc:19:d1:63:b9:05:ec:11:23:f3:48:
                    0e:83:df:51:31:3e:f4:42:92:27:1d:15:e0:48:62:
                    72:6b:34:2e:d6:23:0f:28:e5:2b:c0:d5:07:8e:7a:
                    aa:ec:aa:03:29:9b:ad:19:31:e7:c2:84:52:9e:cf:
                    7c:c8:ca:24:6d:65:73:96:e7:87:83:65:df:6b:d2:
                    db:14:f8:ab:01:3e:67:a9:52:e2:35:f9:e2:9f:78:
                    2c:2e:37:3c:ac:28:0e:4f:ad:17:a7:96:a7:a2:db:
                    ce:56:9d:3d:0b:27:4c:4e:8b:7a:01:30:1b:b4:4d:
                    c7:a4:44:99:b3:3c:b6:25:b2:e6:dd:a0:86:ae:49:
                    dd:15:be:e2:34:df:e3:01:8a:90:5d:1a:63:e9:9e:
                    35:6c:c6:1f:bb:30:a7:a2:d6:88:b9:ac:88:bb:7b:
                    a8:18:fe:fb:de:80:c1:b7:82:45:17:71:27:f7:aa:
                    a4:ca:67:f9:43:62:88:2a:97:f7:7b:e3:3f:68:b3:
                    d2:8d:07:92:dd:fa:83:70:ed:51:25:f1:9c:f5:4a:
                    8b:ad:d7:a6:10:99:87:96:e2:26:96:6c:c7:b5:2c:
                    0c:84:50:23:24:f5:18:ae:11:3b:1a:8a:80:56:4f:
                    a8:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A7:58:62:6B:B8:CE:FE:B4:7B:C7:07:A1:18:5B:BE:B7:3E:F6:44
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS212789.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1ca0::-2a06:a005:1cef:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         41:06:71:0b:eb:e0:98:57:81:56:bf:eb:2d:5d:74:ae:be:56:
         c1:71:1d:1e:6b:b9:92:af:1c:b0:e4:77:c3:88:84:6c:bb:12:
         25:43:17:cf:98:c2:d0:87:61:e9:d6:d7:c2:53:18:4f:11:ff:
         87:8a:ff:ff:34:bb:e0:32:c2:64:1e:0a:db:18:98:52:b5:c6:
         9a:e0:6d:f2:5a:43:12:80:e7:07:e4:70:76:ce:73:63:29:5d:
         7b:a3:d0:ee:22:9a:7a:97:bc:ff:46:d5:e9:96:57:3a:62:d7:
         60:12:9c:5b:a6:32:58:e6:df:bb:9d:80:53:d1:a5:90:e1:dd:
         73:76:a0:17:66:92:f4:7c:e1:db:8e:18:d0:69:d8:58:e6:1a:
         1b:ff:77:93:94:55:1d:50:56:94:83:52:cb:20:31:3a:4b:e7:
         9e:5c:07:5b:6e:c9:59:63:b7:28:09:b7:ab:a5:98:b2:e3:7c:
         f4:17:27:5f:57:13:7f:d0:2d:c2:d0:7f:42:f4:a5:5a:0a:d8:
         52:6b:1b:9c:44:79:7d:84:29:af:46:e9:3b:68:da:ab:98:d4:
         73:61:2c:be:80:e5:41:1e:61:2d:61:d9:96:3c:01:4e:46:6e:
         69:4d:cd:4e:53:91:b7:64:e2:1d:fb:8c:25:c2:a5:ba:4e:4b:
         94:2b:57:4b
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUXLUI1gMiObDPHMU2R3ZHWsmuTzowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM0NTlaFw0yNTExMDQwMzM5NTlaMDMxMTAvBgNV
BAMTKDA1QTc1ODYyNkJCOENFRkVCNDdCQzcwN0ExMTg1QkJFQjczRUY2NDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV+Y3au5U7WXeLoySb/TyExqLM
GdFjuQXsESPzSA6D31ExPvRCkicdFeBIYnJrNC7WIw8o5SvA1QeOeqrsqgMpm60Z
MefChFKez3zIyiRtZXOW54eDZd9r0tsU+KsBPmepUuI1+eKfeCwuNzysKA5PrRen
lqei285WnT0LJ0xOi3oBMBu0TcekRJmzPLYlsubdoIauSd0VvuI03+MBipBdGmPp
njVsxh+7MKei1oi5rIi7e6gY/vvegMG3gkUXcSf3qqTKZ/lDYogql/d74z9os9KN
B5Ld+oNw7VEl8Zz1Sout16YQmYeW4iaWbMe1LAyEUCMk9RiuETsaioBWT6glAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUBadYYmu4zv60e8cHoRhbvrc+9kQwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEyNzg5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEH
AQH/BB4wHDAaBAIAAjAUMBIDBwUqBqAFHKADBwQqBqAFHOAwDQYJKoZIhvcNAQEL
BQADggEBAEEGcQvr4JhXgVa/6y1ddK6+VsFxHR5ruZKvHLDkd8OIhGy7EiVDF8+Y
wtCHYenW18JTGE8R/4eK//80u+AywmQeCtsYmFK1xprgbfJaQxKA5wfkcHbOc2Mp
XXuj0O4imnqXvP9G1emWVzpi12ASnFumMljm37udgFPRpZDh3XN2oBdmkvR84duO
GNBp2FjmGhv/d5OUVR1QVpSDUssgMTpL555cB1tuyVljtygJt6ulmLLjfPQXJ19X
E3/QLcLQf0L0pVoK2FJrG5xEeX2EKa9G6Tto2quY1HNhLL6A5UEeYS1h2ZY8AU5G
bmlNzU5Tkbdk4h37jCXCpbpOS5QrV0s=
-----END CERTIFICATE-----