Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS215683.roa
File:                     AS215683.roa (raw, json)
Hash identifier:          jzsXkqZtTxSTKUHGfmb/OgMNr5NBqhiEMHIc/GLwqQ8=
Subject key identifier:   AE:CA:1D:C3:ED:DC:03:76:B1:82:94:44:C1:87:55:ED:1E:08:3C:E2
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       78E43493C308A8EDBA6F9D62CF6C25FE027D0C44
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS215683.roa
Signing time:             Mon 02 Sep 2024 15:59:47 +0000
ROA not before:           Mon 02 Sep 2024 15:54:47 +0000
ROA not after:            Mon 01 Sep 2025 15:59:47 +0000
asID:                     215683
IP address blocks:        2a06:9f44:f130::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:e4:34:93:c3:08:a8:ed:ba:6f:9d:62:cf:6c:25:fe:02:7d:0c:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Sep  2 15:54:47 2024 GMT
            Not After : Sep  1 15:59:47 2025 GMT
        Subject: CN=AECA1DC3EDDC0376B1829444C18755ED1E083CE2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1e:ac:53:3d:10:38:e9:64:8f:f8:6e:46:8f:
                    46:47:da:a0:34:2a:3b:42:a4:e3:46:8c:02:1f:18:
                    b6:ad:b7:b6:61:2f:b4:96:c3:3f:15:c0:eb:1a:4b:
                    b7:4e:6d:81:49:d6:bd:79:08:ed:8d:3c:f6:8e:e4:
                    fc:9a:87:4e:db:e0:7e:9a:8c:89:73:ca:65:70:c1:
                    43:f8:e1:d6:77:fa:48:84:19:50:6a:70:f9:57:5b:
                    fc:9c:1f:24:b1:b4:a2:f4:db:3a:3c:1c:8b:c9:ff:
                    12:ca:74:e6:d6:19:d2:47:a3:83:0f:7c:8d:46:d7:
                    3f:29:da:bb:d5:2f:e0:fe:40:fc:8d:40:50:39:bd:
                    9d:c1:3e:cc:92:c3:67:5f:23:ab:5f:92:6b:e3:97:
                    e5:2d:7e:ba:1a:29:4d:a5:8b:c6:e8:2d:ce:bb:9f:
                    12:85:a2:8c:0e:96:02:3d:90:c3:42:0e:e3:ef:98:
                    a4:3b:f0:f4:53:39:aa:f7:db:e8:4a:d6:ce:c7:38:
                    70:ae:31:ef:8c:52:09:7a:53:94:3b:7c:07:80:47:
                    e7:22:36:49:e4:1e:a4:39:32:28:eb:92:68:9b:db:
                    0e:01:c2:fe:9a:34:43:e0:45:0d:9e:b5:ce:70:91:
                    a2:4e:e7:da:b7:60:c7:bb:be:6a:99:09:82:bf:5f:
                    28:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:CA:1D:C3:ED:DC:03:76:B1:82:94:44:C1:87:55:ED:1E:08:3C:E2
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS215683.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9f44:f130::/44

    Signature Algorithm: sha256WithRSAEncryption
         9c:ca:02:2b:f2:a6:95:83:37:9f:50:12:05:63:d4:fb:93:1c:
         fa:75:65:3d:b8:0a:5e:7d:c0:87:71:30:0f:22:57:9d:6c:70:
         16:a4:ca:63:a7:82:f6:b8:d0:fc:10:14:78:a1:cc:77:14:bf:
         68:53:11:f6:c8:e2:57:78:da:c0:d2:7d:35:9c:c6:45:70:cc:
         fe:ae:45:69:8d:8a:06:af:7b:36:8d:80:e4:70:2f:b8:48:db:
         4c:e2:bc:27:64:8d:bc:cf:3f:5f:f2:93:88:61:09:a7:97:fe:
         3e:22:b9:e7:11:80:ba:9a:b6:6c:40:a2:f1:c5:52:48:37:42:
         77:e3:c6:1f:b1:0e:b0:4e:35:b8:a0:82:99:10:ae:b3:5e:3f:
         a9:28:81:ab:6d:61:54:7b:bc:27:d7:3d:e8:e3:c2:5c:55:b9:
         f0:81:47:67:65:39:2b:51:f5:cd:11:16:6b:92:a4:5e:9a:f0:
         71:33:5a:39:d0:00:41:70:f9:39:81:c5:73:f6:17:61:99:13:
         42:1e:16:18:02:65:a9:73:79:53:88:a9:2e:8b:48:83:ff:93:
         63:fa:b2:b3:9a:23:c4:b8:c6:35:a3:5b:5d:f3:62:02:ff:3a:
         46:29:5e:26:1d:cd:e9:bf:ac:4b:7f:79:7b:95:27:22:55:e8:
         43:1f:13:fb
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUeOQ0k8MIqO26b51iz2wl/gJ9DEQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA5MDIxNTU0NDdaFw0yNTA5MDExNTU5NDdaMDMxMTAvBgNV
BAMTKEFFQ0ExREMzRUREQzAzNzZCMTgyOTQ0NEMxODc1NUVEMUUwODNDRTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgHqxTPRA46WSP+G5Gj0ZH2qA0
KjtCpONGjAIfGLatt7ZhL7SWwz8VwOsaS7dObYFJ1r15CO2NPPaO5Pyah07b4H6a
jIlzymVwwUP44dZ3+kiEGVBqcPlXW/ycHySxtKL02zo8HIvJ/xLKdObWGdJHo4MP
fI1G1z8p2rvVL+D+QPyNQFA5vZ3BPsySw2dfI6tfkmvjl+UtfroaKU2li8boLc67
nxKFoowOlgI9kMNCDuPvmKQ78PRTOar32+hK1s7HOHCuMe+MUgl6U5Q7fAeAR+ci
NknkHqQ5Mijrkmib2w4Bwv6aNEPgRQ2etc5wkaJO59q3YMe7vmqZCYK/XyjzAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUrsodw+3cA3axgpREwYdV7R4IPOIwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjE1NjgzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgafRPEwMA0GCSqGSIb3DQEBCwUAA4IBAQCcygIr
8qaVgzefUBIFY9T7kxz6dWU9uApefcCHcTAPIledbHAWpMpjp4L2uND8EBR4ocx3
FL9oUxH2yOJXeNrA0n01nMZFcMz+rkVpjYoGr3s2jYDkcC+4SNtM4rwnZI28zz9f
8pOIYQmnl/4+IrnnEYC6mrZsQKLxxVJIN0J348YfsQ6wTjW4oIKZEK6zXj+pKIGr
bWFUe7wn1z3o48JcVbnwgUdnZTkrUfXNERZrkqRemvBxM1o50ABBcPk5gcVz9hdh
mRNCHhYYAmWpc3lTiKkui0iD/5Nj+rKzmiPEuMY1o1td82IC/zpGKV4mHc3pv6xL
f3l7lSciVehDHxP7
-----END CERTIFICATE-----