Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213045.roa
File:                     AS213045.roa (raw, json)
Hash identifier:          c/dBEdykw2FrPVooWaZi/lO8gXnBn2X7eMWPr9MglJk=
Subject key identifier:   43:5F:0D:C8:61:65:D2:57:F0:8A:CB:1E:C6:F0:49:BD:88:BC:E8:EC
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       0253A4091C4AE29C6214D8CE619C5FE0747E9393
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213045.roa
Signing time:             Tue 05 Nov 2024 03:40:01 +0000
ROA not before:           Tue 05 Nov 2024 03:35:01 +0000
ROA not after:            Tue 04 Nov 2025 03:40:01 +0000
asID:                     213045
IP address blocks:        2a06:a005:e20::/44 maxlen: 48
                          2a06:a005:1140::/44 maxlen: 48
                          2a06:a005:1ef0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:53:a4:09:1c:4a:e2:9c:62:14:d8:ce:61:9c:5f:e0:74:7e:93:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:01 2024 GMT
            Not After : Nov  4 03:40:01 2025 GMT
        Subject: CN=435F0DC86165D257F08ACB1EC6F049BD88BCE8EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e7:92:27:1b:d1:fa:7b:82:cd:ed:da:c0:68:
                    fe:2c:4c:71:5c:48:6e:57:f2:db:a4:6e:a3:64:31:
                    94:cd:63:ee:aa:8b:08:36:78:24:62:cf:a2:d0:bd:
                    1b:cd:3b:77:32:b1:41:a4:57:af:b7:79:65:ba:ef:
                    d0:c6:d4:bc:e4:45:eb:4d:0e:31:8a:50:f7:de:f6:
                    98:05:8c:a9:63:0a:11:07:a9:a8:a0:cb:05:67:c3:
                    d9:00:33:1d:14:ad:ed:30:e2:39:05:d7:cf:47:28:
                    4c:a8:34:93:57:33:f1:76:40:01:36:63:dc:06:87:
                    88:95:c4:ee:13:d1:3b:b5:b9:16:c3:6a:ef:f3:60:
                    54:40:c8:36:f1:7a:66:bb:ce:a2:82:49:b6:bb:fa:
                    d3:df:c4:50:2c:7d:c6:d7:b1:7a:34:6c:15:dc:27:
                    8a:ff:ea:f3:9b:72:72:9a:88:25:18:1c:db:9f:6e:
                    33:3b:54:78:aa:ae:f7:30:00:8c:4d:42:62:6b:a8:
                    aa:43:08:41:27:27:5d:30:77:7b:a1:5d:4a:53:c2:
                    f2:4b:79:70:1d:38:6d:50:8c:f9:3b:0f:7b:42:51:
                    14:26:68:a6:bf:e1:f1:62:d0:55:66:d9:a6:39:67:
                    73:01:d1:8d:5d:09:24:c2:f9:46:23:4f:13:54:80:
                    a1:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:5F:0D:C8:61:65:D2:57:F0:8A:CB:1E:C6:F0:49:BD:88:BC:E8:EC
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213045.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:e20::/44
                  2a06:a005:1140::/44
                  2a06:a005:1ef0::/44

    Signature Algorithm: sha256WithRSAEncryption
         07:41:dd:23:df:6e:ce:04:e1:92:97:3c:1b:bd:2a:b8:9b:e1:
         ce:0d:9b:15:b9:c8:26:f4:fa:bc:27:ec:c6:35:40:e3:20:b0:
         76:ff:3e:21:a3:fe:96:b0:bb:e8:ce:da:99:c8:84:9a:c4:96:
         26:b6:77:bc:16:4d:ba:e7:ac:dc:aa:8b:49:d7:6b:c5:de:e2:
         ed:2c:24:fe:3e:5c:61:29:25:e6:3e:57:ae:33:da:c1:30:85:
         1d:13:05:7c:f3:af:56:19:67:e1:34:0e:5e:ea:a5:14:d5:a7:
         18:82:9a:b7:91:17:82:cc:1d:f2:8f:2a:f4:74:1d:06:09:55:
         86:e7:5f:56:7f:c9:c1:88:f8:12:85:c1:d2:70:75:37:d9:cf:
         92:54:e6:1b:4c:50:8e:af:3d:d0:4b:c1:7c:7a:83:6b:8b:50:
         d5:2e:e0:47:d3:a6:35:60:0e:52:38:d5:1e:ad:d0:39:3b:7a:
         ff:bd:b2:90:b7:82:13:23:de:3c:7d:fb:aa:2f:bd:26:b2:55:
         dd:63:82:30:45:2c:33:6a:fb:41:70:9c:de:a8:e0:b7:32:94:
         6a:73:2a:8a:8b:7e:61:33:13:9a:9e:5b:2c:29:32:17:1d:ca:
         fc:c2:84:6d:51:ad:46:97:63:02:ac:04:1b:77:0d:f1:83:b3:
         2f:23:f6:c2
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUAlOkCRxK4pxiFNjOYZxf4HR+k5MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDFaFw0yNTExMDQwMzQwMDFaMDMxMTAvBgNV
BAMTKDQzNUYwREM4NjE2NUQyNTdGMDhBQ0IxRUM2RjA0OUJEODhCQ0U4RUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR55InG9H6e4LN7drAaP4sTHFc
SG5X8tukbqNkMZTNY+6qiwg2eCRiz6LQvRvNO3cysUGkV6+3eWW679DG1LzkRetN
DjGKUPfe9pgFjKljChEHqaigywVnw9kAMx0Ure0w4jkF189HKEyoNJNXM/F2QAE2
Y9wGh4iVxO4T0Tu1uRbDau/zYFRAyDbxema7zqKCSba7+tPfxFAsfcbXsXo0bBXc
J4r/6vObcnKaiCUYHNufbjM7VHiqrvcwAIxNQmJrqKpDCEEnJ10wd3uhXUpTwvJL
eXAdOG1QjPk7D3tCURQmaKa/4fFi0FVm2aY5Z3MB0Y1dCSTC+UYjTxNUgKHxAgMB
AAGjggIEMIICADAdBgNVHQ4EFgQUQ18NyGFl0lfwissexvBJvYi86OwwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEzMDQ1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcEKgagBQ4gAwcEKgagBRFAAwcEKgagBR7wMA0GCSqG
SIb3DQEBCwUAA4IBAQAHQd0j327OBOGSlzwbvSq4m+HODZsVucgm9Pq8J+zGNUDj
ILB2/z4ho/6WsLvoztqZyISaxJYmtne8Fk2656zcqotJ12vF3uLtLCT+PlxhKSXm
PleuM9rBMIUdEwV8869WGWfhNA5e6qUU1acYgpq3kReCzB3yjyr0dB0GCVWG519W
f8nBiPgShcHScHU32c+SVOYbTFCOrz3QS8F8eoNri1DVLuBH06Y1YA5SONUerdA5
O3r/vbKQt4ITI948ffuqL70mslXdY4IwRSwzavtBcJzeqOC3MpRqcyqKi35hMxOa
nlssKTIXHcr8woRtUa1Gl2MCrAQbdw3xg7MvI/bC
-----END CERTIFICATE-----