Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213286.roa
File:                     AS213286.roa (raw, json)
Hash identifier:          xO4WR2ARBnVLFcGaB1qWazbvGtUqH9NxiyUXx/KuY3Q=
Subject key identifier:   4C:0B:2C:28:36:41:D1:CD:FA:C1:E4:B9:E8:22:79:D1:0B:D6:28:38
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       48BCA235DF8B97E6E8AD1EBE8D246771548745FF
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213286.roa
Signing time:             Tue 05 Dec 2023 02:44:16 +0000
ROA not before:           Tue 05 Dec 2023 02:39:16 +0000
ROA not after:            Tue 03 Dec 2024 02:44:16 +0000
asID:                     213286
IP address blocks:        2a06:a005:17::/48 maxlen: 48
                          2a06:a005:1e::/48 maxlen: 48
                          2a06:a005:852::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:bc:a2:35:df:8b:97:e6:e8:ad:1e:be:8d:24:67:71:54:87:45:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:16 2023 GMT
            Not After : Dec  3 02:44:16 2024 GMT
        Subject: CN=4C0B2C283641D1CDFAC1E4B9E82279D10BD62838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6b:fc:e3:52:96:21:31:70:6e:63:b1:9b:89:
                    cf:0e:5e:32:54:5c:5b:c8:d1:73:71:27:b3:0b:cb:
                    a9:5e:34:d4:9b:7b:d8:22:42:67:c4:6c:79:5b:d2:
                    76:62:28:b4:38:cd:fe:23:88:9a:db:9b:7e:8f:aa:
                    25:65:71:bc:92:cb:7e:aa:32:e3:11:30:3a:fd:37:
                    92:4a:36:53:f2:05:d5:30:77:02:a8:3b:62:0b:7e:
                    54:48:99:e5:45:a6:a1:61:f5:ae:c7:ac:6a:02:01:
                    9e:4c:23:e8:42:ce:ab:4a:b3:9d:bb:bf:79:94:32:
                    65:38:23:af:d5:20:14:83:99:42:ba:7c:ea:c2:b6:
                    1f:a6:e6:2e:c0:70:ae:34:b8:5e:b8:37:e9:2e:b4:
                    07:ac:0d:6a:aa:b5:d4:08:07:01:25:d7:cc:88:49:
                    28:6d:a7:b6:97:55:76:b4:7c:1c:47:c4:db:71:20:
                    57:c3:62:fa:fe:11:45:ec:8f:dd:c4:fe:c0:67:01:
                    f0:8c:84:de:e3:07:4b:b9:a3:4e:54:25:04:98:30:
                    f8:58:26:06:2e:9b:e9:50:97:0c:69:69:24:71:94:
                    c1:b0:46:a3:48:57:89:06:40:14:d4:90:b2:a7:74:
                    35:03:b8:ae:2f:b5:14:e7:42:d1:20:81:a1:56:df:
                    15:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:0B:2C:28:36:41:D1:CD:FA:C1:E4:B9:E8:22:79:D1:0B:D6:28:38
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213286.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:17::/48
                  2a06:a005:1e::/48
                  2a06:a005:852::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:68:85:0a:44:ec:38:06:ea:8d:80:1a:da:10:6e:2c:ec:85:
         38:71:e2:57:79:16:65:a8:58:bc:fe:57:5c:15:d7:c8:f7:0e:
         54:be:db:f9:97:a9:79:0a:07:f9:de:a1:69:1e:60:bf:f5:f3:
         7d:29:ce:b5:a8:16:30:01:22:1d:cf:80:fb:19:b0:1f:bb:83:
         d4:bf:c5:75:be:16:b5:cb:b1:2e:37:45:a4:8b:9e:c9:cc:c2:
         4b:12:f0:55:5d:bf:50:4e:84:1a:06:d4:f3:d0:aa:26:d2:01:
         04:ec:64:7a:84:89:8d:c9:4a:bc:c7:71:15:69:a1:d3:c1:db:
         2a:59:22:16:6b:2c:f7:f4:3b:4f:7d:f1:f2:32:11:8b:23:12:
         85:5c:eb:8d:42:3e:70:57:ed:e4:b9:53:f8:b7:07:49:c1:f5:
         f1:98:bb:b2:a7:a3:cb:04:ee:27:2b:84:2b:cd:07:20:de:d0:
         51:81:84:5c:67:d2:b2:54:8a:e3:94:f2:d4:ee:c2:07:19:fc:
         af:a4:e3:14:47:63:db:db:5f:54:fc:a5:41:58:cf:0c:f4:2a:
         66:98:7b:6b:c5:fe:ea:82:3f:8d:22:6f:f0:12:1f:2f:ff:84:
         92:ef:57:ec:d8:7e:20:6d:38:5a:c0:b4:68:80:1a:58:43:b5:
         11:82:a9:5f
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUSLyiNd+Ll+borR6+jSRncVSHRf8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTZaFw0yNDEyMDMwMjQ0MTZaMDMxMTAvBgNV
BAMTKDRDMEIyQzI4MzY0MUQxQ0RGQUMxRTRCOUU4MjI3OUQxMEJENjI4MzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoa/zjUpYhMXBuY7Gbic8OXjJU
XFvI0XNxJ7MLy6leNNSbe9giQmfEbHlb0nZiKLQ4zf4jiJrbm36PqiVlcbySy36q
MuMRMDr9N5JKNlPyBdUwdwKoO2ILflRImeVFpqFh9a7HrGoCAZ5MI+hCzqtKs527
v3mUMmU4I6/VIBSDmUK6fOrCth+m5i7AcK40uF64N+kutAesDWqqtdQIBwEl18yI
SShtp7aXVXa0fBxHxNtxIFfDYvr+EUXsj93E/sBnAfCMhN7jB0u5o05UJQSYMPhY
JgYum+lQlwxpaSRxlMGwRqNIV4kGQBTUkLKndDUDuK4vtRTnQtEggaFW3xXTAgMB
AAGjggIEMIICADAdBgNVHQ4EFgQUTAssKDZB0c36weS56CJ50QvWKDgwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEzMjg2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcAKgagBQAXAwcAKgagBQAeAwcAKgagBQhSMA0GCSqG
SIb3DQEBCwUAA4IBAQCdaIUKROw4BuqNgBraEG4s7IU4ceJXeRZlqFi8/ldcFdfI
9w5Uvtv5l6l5Cgf53qFpHmC/9fN9Kc61qBYwASIdz4D7GbAfu4PUv8V1vha1y7Eu
N0Wki57JzMJLEvBVXb9QToQaBtTz0Kom0gEE7GR6hImNyUq8x3EVaaHTwdsqWSIW
ayz39DtPffHyMhGLIxKFXOuNQj5wV+3kuVP4twdJwfXxmLuyp6PLBO4nK4QrzQcg
3tBRgYRcZ9KyVIrjlPLU7sIHGfyvpOMUR2Pb219U/KVBWM8M9CpmmHtrxf7qgj+N
Im/wEh8v/4SS71fs2H4gbThawLRogBpYQ7URgqlf
-----END CERTIFICATE-----