Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213045.roa
File:                     AS213045.roa (raw, json)
Hash identifier:          qbk7mB4F5C1UUg0dbqmhwAeeDmNy+bqQy5HmhmAWxVc=
Subject key identifier:   90:7B:5D:13:D8:6B:F6:80:E9:D5:2B:BA:B3:79:FA:F6:15:51:5D:6B
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       35CD3862F830382A3A4D396DD306471E2A900098
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213045.roa
Signing time:             Tue 05 Dec 2023 02:44:19 +0000
ROA not before:           Tue 05 Dec 2023 02:39:19 +0000
ROA not after:            Tue 03 Dec 2024 02:44:19 +0000
asID:                     213045
IP address blocks:        2a06:a005:e20::/44 maxlen: 48
                          2a06:a005:1140::/44 maxlen: 48
                          2a06:a005:1ef0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:cd:38:62:f8:30:38:2a:3a:4d:39:6d:d3:06:47:1e:2a:90:00:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:19 2023 GMT
            Not After : Dec  3 02:44:19 2024 GMT
        Subject: CN=907B5D13D86BF680E9D52BBAB379FAF615515D6B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:97:65:11:44:f0:94:ec:fb:4b:cd:82:da:5d:
                    82:4f:f7:b5:00:38:bd:8f:ae:0e:52:76:3d:23:76:
                    be:7b:41:cb:ab:18:63:d0:a1:eb:32:09:f7:a4:70:
                    39:35:30:db:d1:1f:6f:97:58:7c:d2:fd:3b:a1:5d:
                    98:8c:44:4b:f7:c3:b1:6d:20:f7:cb:5c:2d:f4:08:
                    d9:dd:b3:69:a9:01:ea:e9:c6:fb:31:c8:af:4d:14:
                    88:09:eb:29:7b:84:d5:44:76:82:f4:bc:c7:e6:0f:
                    5a:3a:ed:1d:14:0e:ea:b7:fe:18:fa:07:b0:76:e5:
                    71:89:c6:98:cd:0b:9c:3d:64:4d:ee:bf:7c:45:36:
                    7c:79:70:6d:d6:00:20:79:67:84:d2:e1:ed:74:0d:
                    8d:ac:eb:f6:62:fe:29:cf:af:fa:15:66:32:90:75:
                    a1:f5:1c:56:74:c1:cd:28:5c:c8:eb:c0:c3:7b:dc:
                    67:bf:f7:23:ee:e3:69:78:1d:1b:c7:21:f8:03:e4:
                    c4:9d:6b:00:0d:37:0d:30:77:6e:55:24:78:90:5d:
                    ea:ee:74:7d:c7:1b:51:d3:ea:38:5a:eb:26:67:50:
                    a7:7c:97:92:6c:05:f8:f1:39:0c:54:c5:b1:6a:d7:
                    e0:ae:b2:bb:c4:f5:a4:70:d7:4f:bf:51:23:ed:1a:
                    f6:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:7B:5D:13:D8:6B:F6:80:E9:D5:2B:BA:B3:79:FA:F6:15:51:5D:6B
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213045.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:e20::/44
                  2a06:a005:1140::/44
                  2a06:a005:1ef0::/44

    Signature Algorithm: sha256WithRSAEncryption
         20:d4:64:2c:21:1b:9f:38:f6:e0:dc:4d:6b:3a:45:86:51:92:
         e5:a0:a6:e8:40:ea:53:9b:aa:10:24:4c:72:dc:f3:35:47:78:
         33:c9:c9:e6:ab:bf:00:04:dd:bc:04:4a:7e:66:8c:77:4b:de:
         85:e5:32:29:c9:ba:dd:f8:e5:04:9a:bd:66:ee:4f:ce:ed:63:
         ce:83:9b:f9:d6:a0:8b:a2:ed:dc:3b:42:ca:bf:b4:82:a8:9a:
         d6:67:66:0d:6c:f6:40:0e:a6:14:3a:b5:9f:df:7b:00:ab:7b:
         fd:2b:73:87:ca:ec:c9:c9:50:45:e0:4a:28:af:61:2a:e2:6e:
         14:cf:ad:ff:56:a8:30:63:9a:42:ba:8d:2b:b3:c8:4f:ec:fa:
         c5:c1:b1:61:3b:fc:13:e2:0d:9d:1f:be:6e:68:91:34:65:e5:
         92:fe:7c:98:03:6f:ba:ea:75:f1:43:21:6a:42:28:cd:54:a0:
         0d:b6:f0:e9:43:77:2e:c9:3f:ca:e9:79:ec:aa:1c:b8:8a:07:
         78:ca:55:08:96:12:ee:9f:2a:26:83:43:40:f7:9d:d6:b0:69:
         f9:4c:d4:0c:aa:7d:bc:b2:56:69:76:5b:33:a3:a9:52:e7:e6:
         fd:8d:40:f1:8d:1d:48:37:94:b9:50:cb:f8:ea:e7:c5:56:ab:
         35:93:86:82
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUNc04YvgwOCo6TTlt0wZHHiqQAJgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTlaFw0yNDEyMDMwMjQ0MTlaMDMxMTAvBgNV
BAMTKDkwN0I1RDEzRDg2QkY2ODBFOUQ1MkJCQUIzNzlGQUY2MTU1MTVENkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCul2URRPCU7PtLzYLaXYJP97UA
OL2Prg5Sdj0jdr57QcurGGPQoesyCfekcDk1MNvRH2+XWHzS/TuhXZiMREv3w7Ft
IPfLXC30CNnds2mpAerpxvsxyK9NFIgJ6yl7hNVEdoL0vMfmD1o67R0UDuq3/hj6
B7B25XGJxpjNC5w9ZE3uv3xFNnx5cG3WACB5Z4TS4e10DY2s6/Zi/inPr/oVZjKQ
daH1HFZ0wc0oXMjrwMN73Ge/9yPu42l4HRvHIfgD5MSdawANNw0wd25VJHiQXeru
dH3HG1HT6jha6yZnUKd8l5JsBfjxOQxUxbFq1+CusrvE9aRw10+/USPtGvZhAgMB
AAGjggIEMIICADAdBgNVHQ4EFgQUkHtdE9hr9oDp1Su6s3n69hVRXWswHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEzMDQ1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcEKgagBQ4gAwcEKgagBRFAAwcEKgagBR7wMA0GCSqG
SIb3DQEBCwUAA4IBAQAg1GQsIRufOPbg3E1rOkWGUZLloKboQOpTm6oQJExy3PM1
R3gzycnmq78ABN28BEp+Zox3S96F5TIpybrd+OUEmr1m7k/O7WPOg5v51qCLou3c
O0LKv7SCqJrWZ2YNbPZADqYUOrWf33sAq3v9K3OHyuzJyVBF4Eoor2Eq4m4Uz63/
VqgwY5pCuo0rs8hP7PrFwbFhO/wT4g2dH75uaJE0ZeWS/nyYA2+66nXxQyFqQijN
VKANtvDpQ3cuyT/K6Xnsqhy4igd4ylUIlhLunyomg0NA953WsGn5TNQMqn28slZp
dlszo6lS5+b9jUDxjR1IN5S5UMv46ufFVqs1k4aC
-----END CERTIFICATE-----