Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213170.roa
File:                     AS213170.roa (raw, json)
Hash identifier:          HvSTocIwB6jwvsvYgH2uP8Zp1WL3kmz++UgCxfqkJS4=
Subject key identifier:   38:3A:2D:46:CD:83:B5:57:E4:79:B6:85:7D:35:39:60:B4:D2:51:E4
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       25467180CB93728EC707B71D5EDF69FA3E1975F7
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213170.roa
Signing time:             Sat 13 Jan 2024 08:44:21 +0000
ROA not before:           Sat 13 Jan 2024 08:39:21 +0000
ROA not after:            Sat 11 Jan 2025 08:44:21 +0000
asID:                     213170
IP address blocks:        2a06:a005:853::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:46:71:80:cb:93:72:8e:c7:07:b7:1d:5e:df:69:fa:3e:19:75:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan 13 08:39:21 2024 GMT
            Not After : Jan 11 08:44:21 2025 GMT
        Subject: CN=383A2D46CD83B557E479B6857D353960B4D251E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ca:2b:e5:7c:62:4b:94:2c:1a:60:a4:42:91:
                    81:46:0c:10:fe:67:e2:fa:2b:04:3c:87:4c:c8:aa:
                    9f:fc:da:88:3e:57:a4:9d:f6:5b:59:18:93:6e:f8:
                    a8:b0:62:97:2e:4b:ba:30:8b:88:cb:22:b5:21:d2:
                    ac:cf:64:85:ea:62:a4:6c:78:33:d8:56:52:df:23:
                    df:fb:fc:d5:92:84:cc:f6:55:ee:7b:cf:bf:f1:0e:
                    34:d1:2d:77:9c:d3:86:c7:e4:b3:e5:35:47:9e:e7:
                    c9:87:50:6b:f4:ce:e4:60:86:bb:20:dc:2d:e6:4f:
                    34:85:6f:24:bf:1c:11:88:cc:21:b1:2c:89:2c:fd:
                    28:ca:05:fc:6d:6c:97:f4:7c:51:70:0a:ab:2a:0f:
                    7e:80:b4:ae:84:a8:58:ea:57:c4:a5:57:04:53:18:
                    63:19:5e:2a:e1:d3:dc:78:20:72:50:0c:79:0d:b7:
                    1e:26:31:66:97:ef:b9:dc:b4:7d:80:79:7e:26:60:
                    fe:2c:e8:de:ff:4f:78:70:f6:0b:59:4c:46:ef:72:
                    59:34:57:b6:d0:ea:26:5a:d4:c4:ce:1c:52:fb:73:
                    04:b2:a7:e5:32:76:0e:3e:21:04:d5:d8:e9:6e:16:
                    d1:8d:3b:4b:b1:20:04:dc:a2:3d:56:fa:c4:bc:2f:
                    d0:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:3A:2D:46:CD:83:B5:57:E4:79:B6:85:7D:35:39:60:B4:D2:51:E4
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213170.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:853::/48

    Signature Algorithm: sha256WithRSAEncryption
         c9:bb:cd:b6:0d:0d:f4:3d:15:ef:22:98:fb:6c:ca:7b:f8:a5:
         67:f4:f7:a8:84:4f:f9:8d:dd:7f:d4:97:63:74:50:e8:ab:9a:
         fe:24:4d:59:31:56:66:81:63:64:f2:96:e2:2d:ce:23:dc:e8:
         1d:50:53:ff:7b:79:41:04:69:15:c9:a2:93:93:14:97:20:c9:
         eb:5b:5a:c0:45:5c:95:36:e4:69:66:5d:ba:3c:94:cc:f2:e9:
         25:7e:fc:ad:6b:a2:27:b2:cc:80:ca:f7:57:37:c2:ce:8d:91:
         41:77:97:16:82:c2:bb:bd:4e:1f:2c:80:7e:de:d7:ee:12:87:
         ea:58:44:d8:e3:3f:7d:59:5b:bc:3d:41:63:37:0a:82:9e:09:
         2a:8f:61:84:60:f1:27:1b:ed:d5:8f:43:73:32:ad:9c:d0:01:
         ad:ce:c1:9a:e5:51:87:9f:a2:60:1e:4d:34:06:0f:8c:b4:83:
         6b:64:de:54:0c:0e:09:9a:48:e8:ee:21:ff:60:a9:3b:72:bf:
         cb:8e:e4:61:7d:06:23:ca:46:d5:6b:5e:23:a1:5c:9f:08:a1:
         e5:5e:3d:c8:d8:e4:5d:c9:03:14:7d:47:98:86:18:1e:62:10:
         13:6f:4b:84:76:8c:c6:48:dc:d5:67:66:b6:8a:79:dc:4f:42:
         b6:42:49:a6
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUJUZxgMuTco7HB7cdXt9p+j4ZdfcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMTMwODM5MjFaFw0yNTAxMTEwODQ0MjFaMDMxMTAvBgNV
BAMTKDM4M0EyRDQ2Q0Q4M0I1NTdFNDc5QjY4NTdEMzUzOTYwQjREMjUxRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4yivlfGJLlCwaYKRCkYFGDBD+
Z+L6KwQ8h0zIqp/82og+V6Sd9ltZGJNu+KiwYpcuS7owi4jLIrUh0qzPZIXqYqRs
eDPYVlLfI9/7/NWShMz2Ve57z7/xDjTRLXec04bH5LPlNUee58mHUGv0zuRghrsg
3C3mTzSFbyS/HBGIzCGxLIks/SjKBfxtbJf0fFFwCqsqD36AtK6EqFjqV8SlVwRT
GGMZXirh09x4IHJQDHkNtx4mMWaX77nctH2AeX4mYP4s6N7/T3hw9gtZTEbvclk0
V7bQ6iZa1MTOHFL7cwSyp+Uydg4+IQTV2OluFtGNO0uxIATcoj1W+sS8L9CHAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUODotRs2DtVfkebaFfTU5YLTSUeQwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEzMTcwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQhTMA0GCSqGSIb3DQEBCwUAA4IBAQDJu822
DQ30PRXvIpj7bMp7+KVn9PeohE/5jd1/1JdjdFDoq5r+JE1ZMVZmgWNk8pbiLc4j
3OgdUFP/e3lBBGkVyaKTkxSXIMnrW1rARVyVNuRpZl26PJTM8uklfvyta6InssyA
yvdXN8LOjZFBd5cWgsK7vU4fLIB+3tfuEofqWETY4z99WVu8PUFjNwqCngkqj2GE
YPEnG+3Vj0NzMq2c0AGtzsGa5VGHn6JgHk00Bg+MtINrZN5UDA4Jmkjo7iH/YKk7
cr/LjuRhfQYjykbVa14joVyfCKHlXj3I2ORdyQMUfUeYhhgeYhATb0uEdozGSNzV
Z2a2inncT0K2Qkmm
-----END CERTIFICATE-----
Generated at Fri Nov 22 08:01:55 2024 by rpki-client on console-ams.rpki-client.org