Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213316.roa
File:                     AS213316.roa (raw, json)
Hash identifier:          GOXtjl8Zp8wNRccTcj7ZccW3dXLFP/rKfEKtOor5xOI=
Subject key identifier:   69:D1:A7:CA:50:B0:CC:4A:97:C2:40:D4:F6:38:4F:4F:50:A2:52:92
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       5B7C502E1D2517C3D9F608821DBDBEABD6EACA66
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213316.roa
Signing time:             Fri 26 Jan 2024 13:44:24 +0000
ROA not before:           Fri 26 Jan 2024 13:39:24 +0000
ROA not after:            Fri 24 Jan 2025 13:44:24 +0000
asID:                     213316
IP address blocks:        2a06:a005:28c0::/44 maxlen: 48
                          2a06:a005:28d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:7c:50:2e:1d:25:17:c3:d9:f6:08:82:1d:bd:be:ab:d6:ea:ca:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan 26 13:39:24 2024 GMT
            Not After : Jan 24 13:44:24 2025 GMT
        Subject: CN=69D1A7CA50B0CC4A97C240D4F6384F4F50A25292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ae:dd:1c:0e:f1:84:3e:0e:1e:c4:98:d7:a2:
                    63:6a:1a:9a:80:a6:5e:a1:4f:7a:97:76:20:49:2c:
                    9d:ad:70:9f:3b:a1:8d:87:64:95:6a:8a:ee:71:b4:
                    de:16:3d:c9:61:96:3f:a7:21:57:fb:16:47:d6:ee:
                    4c:e0:e7:92:94:7e:05:05:e1:78:dc:6a:b2:9a:e7:
                    52:49:85:51:06:80:b1:94:3f:ee:02:bf:38:23:0a:
                    e2:bf:ac:4f:46:07:18:89:e0:99:e8:c4:e4:8d:6e:
                    7a:c5:09:5b:38:45:1e:09:4a:fc:b4:48:1d:c8:f5:
                    f8:b7:08:10:d4:cc:24:e2:02:ba:51:22:ff:f1:69:
                    e7:99:72:02:8b:f2:0f:6f:e6:6d:2d:2a:04:4f:0a:
                    91:51:82:37:59:da:4b:71:ed:df:f4:57:b7:e5:36:
                    3b:06:32:26:c1:1a:20:11:94:11:83:65:b8:92:3d:
                    1e:5f:6e:39:3c:6f:12:a5:54:a9:2d:0c:2b:51:1e:
                    8c:4b:ad:3c:10:da:e0:d0:b7:c3:33:9e:9c:a1:cf:
                    49:94:ae:85:ca:01:70:89:13:ff:84:18:9a:e0:ab:
                    7f:60:7a:03:c4:01:40:7e:dd:0f:05:cc:58:17:f7:
                    08:86:e0:8d:ac:93:f9:b4:46:6b:15:a2:fc:08:a4:
                    77:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:D1:A7:CA:50:B0:CC:4A:97:C2:40:D4:F6:38:4F:4F:50:A2:52:92
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS213316.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:28c0::/43

    Signature Algorithm: sha256WithRSAEncryption
         b8:4c:b6:be:59:dc:39:ce:b0:9d:e9:d4:9b:d4:1e:17:5d:21:
         1b:94:f0:a7:a5:2e:22:01:c4:9e:03:6e:73:69:3f:4c:03:42:
         05:f8:09:42:7e:36:63:29:7c:d1:ed:b4:20:8f:f4:2a:45:bd:
         c4:29:13:75:4b:1c:85:e8:87:d5:dd:fe:98:fc:c2:4b:31:87:
         7a:c1:86:d1:ab:5c:f3:69:f0:34:c8:56:8c:b0:3c:a6:b8:39:
         ef:0c:f6:26:de:52:a5:82:1c:bb:3c:76:3a:c1:db:0f:1b:1a:
         64:0b:d5:8d:cb:db:29:86:35:71:48:f1:f7:d6:c7:02:6f:f6:
         50:81:98:36:0b:40:32:7b:df:60:32:24:3a:a5:99:8e:ea:fc:
         73:69:1d:9a:f1:ad:42:22:6c:03:86:3f:4a:f9:3f:a2:7f:b5:
         62:b5:4f:0c:5f:4b:8d:d0:8b:62:7a:0f:c8:48:b3:58:bd:48:
         36:6b:c9:29:7e:90:09:c4:9d:1b:8d:a2:c3:e6:5e:61:8c:94:
         f1:2e:c2:60:c1:a7:df:62:1a:e0:05:e6:e2:a7:7e:a3:72:78:
         e5:f8:5c:b5:a6:62:6f:54:78:be:dd:cd:0a:24:2d:26:0d:86:
         0e:2c:15:a5:88:11:2d:4c:90:68:f8:16:00:14:e1:63:c9:08:
         c0:a7:41:2d
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUW3xQLh0lF8PZ9giCHb2+q9bqymYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDAxMjYxMzM5MjRaFw0yNTAxMjQxMzQ0MjRaMDMxMTAvBgNV
BAMTKDY5RDFBN0NBNTBCMENDNEE5N0MyNDBENEY2Mzg0RjRGNTBBMjUyOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqrt0cDvGEPg4exJjXomNqGpqA
pl6hT3qXdiBJLJ2tcJ87oY2HZJVqiu5xtN4WPclhlj+nIVf7FkfW7kzg55KUfgUF
4XjcarKa51JJhVEGgLGUP+4CvzgjCuK/rE9GBxiJ4JnoxOSNbnrFCVs4RR4JSvy0
SB3I9fi3CBDUzCTiArpRIv/xaeeZcgKL8g9v5m0tKgRPCpFRgjdZ2ktx7d/0V7fl
NjsGMibBGiARlBGDZbiSPR5fbjk8bxKlVKktDCtRHoxLrTwQ2uDQt8Mznpyhz0mU
roXKAXCJE/+EGJrgq39gegPEAUB+3Q8FzFgX9wiG4I2sk/m0RmsVovwIpHd1AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUadGnylCwzEqXwkDU9jhPT1CiUpIwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjEzMzE2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcFKgagBSjAMA0GCSqGSIb3DQEBCwUAA4IBAQC4TLa+
Wdw5zrCd6dSb1B4XXSEblPCnpS4iAcSeA25zaT9MA0IF+AlCfjZjKXzR7bQgj/Qq
Rb3EKRN1SxyF6IfV3f6Y/MJLMYd6wYbRq1zzafA0yFaMsDymuDnvDPYm3lKlghy7
PHY6wdsPGxpkC9WNy9sphjVxSPH31scCb/ZQgZg2C0Aye99gMiQ6pZmO6vxzaR2a
8a1CImwDhj9K+T+if7VitU8MX0uN0Itieg/ISLNYvUg2a8kpfpAJxJ0bjaLD5l5h
jJTxLsJgwaffYhrgBebip36jcnjl+Fy1pmJvVHi+3c0KJC0mDYYOLBWliBEtTJBo
+BYAFOFjyQjAp0Et
-----END CERTIFICATE-----