Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213312.roa
File:                     AS213312.roa (raw, json)
Hash identifier:          T1zKvjSOmpAeLVV+xgx9t42VyBgu9yHLRat9Vx4y51c=
Subject key identifier:   89:03:0D:37:27:E5:8B:1F:B4:0A:51:B5:0A:26:7B:E2:BF:E8:53:0B
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       67280046E1514C764146639C102578759B81C577
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213312.roa
Signing time:             Tue 05 Nov 2024 03:40:00 +0000
ROA not before:           Tue 05 Nov 2024 03:35:00 +0000
ROA not after:            Tue 04 Nov 2025 03:40:00 +0000
asID:                     213312
IP address blocks:        2a06:a005:620::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:28:00:46:e1:51:4c:76:41:46:63:9c:10:25:78:75:9b:81:c5:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:00 2024 GMT
            Not After : Nov  4 03:40:00 2025 GMT
        Subject: CN=89030D3727E58B1FB40A51B50A267BE2BFE8530B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:6a:09:fc:db:cb:b3:9e:ac:02:47:8e:4d:d8:
                    56:af:f6:b2:23:df:b1:29:55:de:8d:c8:78:03:32:
                    c3:ec:ed:72:35:11:c7:25:98:40:59:18:d9:ee:27:
                    07:91:87:4d:a7:7c:95:aa:42:6c:d5:db:03:41:00:
                    1c:19:9f:dc:bc:cc:4d:ae:ba:9f:be:cb:8f:b8:6c:
                    4c:b1:64:8a:fa:d7:15:69:41:ed:fb:85:ad:40:2b:
                    98:2a:23:2f:62:5a:4d:af:f2:3c:52:5a:09:ea:88:
                    4f:c0:e5:1b:fa:ac:d1:26:29:9c:34:b9:85:2f:ff:
                    5f:11:c0:5b:93:31:e2:e5:8f:f4:90:94:02:18:6b:
                    e3:3c:f5:b5:05:ad:76:16:0b:6b:56:f2:c9:a4:2a:
                    5a:b1:e8:87:d9:bc:46:c3:31:42:dd:c8:62:e9:13:
                    2a:91:c3:51:f0:67:82:07:2e:c0:6d:fc:9d:a4:b1:
                    73:20:e0:09:c8:1c:75:76:82:22:07:03:11:02:0a:
                    fa:c1:d5:e0:07:3d:b7:3d:d7:74:66:58:39:7f:d5:
                    b7:33:cc:cc:19:39:68:a6:56:9e:0c:0c:9c:12:a6:
                    d0:85:bb:6b:8f:8f:a6:41:71:86:d1:b4:9e:6d:7d:
                    26:8f:2d:bb:84:fd:0a:8e:a3:fc:5a:b7:e4:ab:44:
                    f3:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:03:0D:37:27:E5:8B:1F:B4:0A:51:B5:0A:26:7B:E2:BF:E8:53:0B
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213312.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:620::/44

    Signature Algorithm: sha256WithRSAEncryption
         0d:71:39:87:10:1b:5f:d6:f8:67:bd:62:ed:d5:15:2f:58:80:
         c6:14:c7:76:f2:da:ee:b0:32:f2:33:b9:96:b8:a1:da:e5:38:
         93:71:66:91:a8:8c:f1:e8:63:2b:5a:c1:b3:31:92:97:92:57:
         05:b8:7d:2d:b3:1a:bd:d0:7d:6a:34:43:3c:8e:e0:69:4b:b2:
         7c:79:fb:1a:a6:09:89:03:b9:5b:09:e5:62:a1:fb:77:e1:e7:
         74:6b:4b:e2:60:ee:49:ba:4d:99:1a:e1:97:27:b8:72:e5:50:
         4c:86:ab:6a:16:e3:45:de:cf:7f:34:a3:74:b2:e4:4a:94:fa:
         9d:f8:8c:7e:58:db:35:aa:8b:a4:96:cc:d3:ca:58:75:d4:fe:
         50:aa:f0:7d:e8:20:20:c7:6c:cf:08:c3:cc:99:47:d9:89:78:
         af:29:62:f7:32:52:cd:8b:77:25:24:59:e6:9b:dd:59:7f:b9:
         21:b6:2c:0d:56:22:80:60:ff:16:37:8e:c7:22:f8:15:21:46:
         23:38:0a:75:fb:34:09:8e:e7:54:fb:e5:da:71:4d:2d:7f:ea:
         85:88:ac:27:3b:92:2b:2c:56:d6:b3:4d:11:2b:cd:5b:97:a0:
         13:31:8e:4d:16:7d:37:68:89:96:f5:ff:28:e8:49:dc:eb:ee:
         bf:2e:07:70
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUZygARuFRTHZBRmOcECV4dZuBxXcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDBaFw0yNTExMDQwMzQwMDBaMDMxMTAvBgNV
BAMTKDg5MDMwRDM3MjdFNThCMUZCNDBBNTFCNTBBMjY3QkUyQkZFODUzMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjagn828uznqwCR45N2Fav9rIj
37EpVd6NyHgDMsPs7XI1EcclmEBZGNnuJweRh02nfJWqQmzV2wNBABwZn9y8zE2u
up++y4+4bEyxZIr61xVpQe37ha1AK5gqIy9iWk2v8jxSWgnqiE/A5Rv6rNEmKZw0
uYUv/18RwFuTMeLlj/SQlAIYa+M89bUFrXYWC2tW8smkKlqx6IfZvEbDMULdyGLp
EyqRw1HwZ4IHLsBt/J2ksXMg4AnIHHV2giIHAxECCvrB1eAHPbc913RmWDl/1bcz
zMwZOWimVp4MDJwSptCFu2uPj6ZBcYbRtJ5tfSaPLbuE/QqOo/xat+SrRPPrAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUiQMNNyflix+0ClG1CiZ74r/oUwswHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEzMzEyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQYgMA0GCSqGSIb3DQEBCwUAA4IBAQANcTmH
EBtf1vhnvWLt1RUvWIDGFMd28trusDLyM7mWuKHa5TiTcWaRqIzx6GMrWsGzMZKX
klcFuH0tsxq90H1qNEM8juBpS7J8efsapgmJA7lbCeVioft34ed0a0viYO5Juk2Z
GuGXJ7hy5VBMhqtqFuNF3s9/NKN0suRKlPqd+Ix+WNs1qouklszTylh11P5QqvB9
6CAgx2zPCMPMmUfZiXivKWL3MlLNi3clJFnmm91Zf7khtiwNViKAYP8WN47HIvgV
IUYjOAp1+zQJjudU++XacU0tf+qFiKwnO5IrLFbWs00RK81bl6ATMY5NFn03aImW
9f8o6Enc6+6/Lgdw
-----END CERTIFICATE-----