Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213288.roa
File:                     AS213288.roa (raw, json)
Hash identifier:          tDeDJGpmutyh1yxcSWo4ei7THz1NdbTQFqk8UHg2mLg=
Subject key identifier:   B9:2D:57:19:16:44:AB:67:48:D1:23:C0:B6:17:61:77:BB:00:FD:7D
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       4AE32B7B2FF9503337B11C753890CFEC2FC0E0D7
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213288.roa
Signing time:             Tue 05 Nov 2024 16:40:12 +0000
ROA not before:           Tue 05 Nov 2024 16:35:12 +0000
ROA not after:            Tue 04 Nov 2025 16:40:12 +0000
asID:                     213288
IP address blocks:        2a06:a005:ba0::/48 maxlen: 48
                          2a06:a005:29e0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:e3:2b:7b:2f:f9:50:33:37:b1:1c:75:38:90:cf:ec:2f:c0:e0:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 16:35:12 2024 GMT
            Not After : Nov  4 16:40:12 2025 GMT
        Subject: CN=B92D57191644AB6748D123C0B6176177BB00FD7D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:df:ac:ed:ab:7f:4d:87:08:a8:5f:4b:88:54:
                    3d:10:bf:6e:34:e1:51:c4:b1:90:d4:1d:a8:c6:96:
                    86:07:c1:4b:a8:96:7e:9f:b6:9a:2d:5a:36:c3:ed:
                    e8:75:a6:a1:5e:7c:9b:df:78:e9:c7:fa:90:49:ed:
                    f6:ff:f7:61:3c:20:92:6b:3c:ae:06:a7:39:70:52:
                    e9:1e:66:d8:29:eb:0e:41:55:c3:82:78:f4:3f:2e:
                    18:14:99:cc:75:e3:5d:98:86:1e:a8:cb:89:b2:5d:
                    43:a5:90:a3:bb:49:58:8e:ae:d5:13:6f:d3:c8:9d:
                    38:52:d2:17:99:35:c2:57:7f:bb:c7:22:97:17:d7:
                    0d:c1:d4:f9:5d:da:70:a0:26:08:3a:72:99:2d:f6:
                    b6:a0:86:cd:6f:7b:65:17:49:a5:30:9f:43:c3:18:
                    ae:8c:51:99:04:81:33:ee:1b:6e:e7:d9:ab:21:48:
                    60:0e:51:b2:24:41:92:42:c5:7c:77:b1:d0:39:b7:
                    c7:dc:61:23:1d:5d:d9:f5:c1:3a:ca:d4:df:2b:8d:
                    45:e3:d8:12:b3:9a:1f:4a:17:b6:df:cb:17:c3:93:
                    7d:03:70:bc:24:fd:42:48:49:e9:43:6b:44:2e:ac:
                    1a:49:0b:73:76:0d:85:20:a9:b7:ea:a0:71:c4:ad:
                    4a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:2D:57:19:16:44:AB:67:48:D1:23:C0:B6:17:61:77:BB:00:FD:7D
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213288.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:ba0::/48
                  2a06:a005:29e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         82:45:aa:ae:22:b8:48:a3:18:9e:b1:91:4c:74:b2:ae:be:ae:
         4f:5b:bb:f7:85:44:e5:5f:29:08:58:1e:2d:53:a6:57:82:58:
         ab:de:9a:9c:e7:24:46:0c:e6:36:fe:61:ad:a1:9c:19:a9:76:
         16:3d:7b:8b:13:22:00:e7:14:76:2c:ed:bf:e8:97:13:78:58:
         c3:57:af:4b:5b:7f:65:67:32:16:27:7d:48:db:34:ed:1c:20:
         3d:32:4d:43:ad:53:a9:6f:96:8f:b8:e3:34:cd:b8:5f:5b:3e:
         92:8e:66:0c:91:95:db:3d:97:08:fd:c4:b0:46:e8:22:ba:cf:
         d1:51:d4:ae:d0:86:b5:5c:2e:95:ec:56:c7:97:ae:91:54:44:
         4d:5e:e3:b8:0f:c2:d3:86:57:cb:24:f9:08:b2:8b:48:e4:31:
         19:2d:af:dd:a9:a7:ec:91:b1:14:dc:3b:0c:f4:35:5b:17:42:
         fd:be:d6:01:08:e5:db:61:02:38:a2:0c:aa:26:ff:43:7c:56:
         c8:aa:85:92:cb:76:c4:4a:63:26:98:28:43:9f:a2:df:7a:c5:
         d4:af:55:94:21:00:34:af:ee:de:42:44:50:31:8f:c4:b1:48:
         a8:bd:f7:66:de:c5:e8:6c:e5:07:b5:55:8b:c8:49:9f:13:3f:
         db:fb:dc:63
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUSuMrey/5UDM3sRx1OJDP7C/A4NcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUxNjM1MTJaFw0yNTExMDQxNjQwMTJaMDMxMTAvBgNV
BAMTKEI5MkQ1NzE5MTY0NEFCNjc0OEQxMjNDMEI2MTc2MTc3QkIwMEZEN0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ36ztq39NhwioX0uIVD0Qv240
4VHEsZDUHajGloYHwUuoln6ftpotWjbD7eh1pqFefJvfeOnH+pBJ7fb/92E8IJJr
PK4GpzlwUukeZtgp6w5BVcOCePQ/LhgUmcx1412Yhh6oy4myXUOlkKO7SViOrtUT
b9PInThS0heZNcJXf7vHIpcX1w3B1Pld2nCgJgg6cpkt9raghs1ve2UXSaUwn0PD
GK6MUZkEgTPuG27n2ashSGAOUbIkQZJCxXx3sdA5t8fcYSMdXdn1wTrK1N8rjUXj
2BKzmh9KF7bfyxfDk30DcLwk/UJISelDa0QurBpJC3N2DYUgqbfqoHHErUoNAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUuS1XGRZEq2dI0SPAthdhd7sA/X0wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEzMjg4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQugAwcEKgagBSngMA0GCSqGSIb3DQEBCwUA
A4IBAQCCRaquIrhIoxiesZFMdLKuvq5PW7v3hUTlXykIWB4tU6ZXglir3pqc5yRG
DOY2/mGtoZwZqXYWPXuLEyIA5xR2LO2/6JcTeFjDV69LW39lZzIWJ31I2zTtHCA9
Mk1DrVOpb5aPuOM0zbhfWz6SjmYMkZXbPZcI/cSwRugius/RUdSu0Ia1XC6V7FbH
l66RVERNXuO4D8LThlfLJPkIsotI5DEZLa/dqafskbEU3DsM9DVbF0L9vtYBCOXb
YQI4ogyqJv9DfFbIqoWSy3bESmMmmChDn6LfesXUr1WUIQA0r+7eQkRQMY/EsUio
vfdm3sXobOUHtVWLyEmfEz/b+9xj
-----END CERTIFICATE-----