Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS216412.roa
File:                     AS216412.roa (raw, json)
Hash identifier:          8Wh4K1MfhsF28CHx7iKFTB6YzLMDs/jVR4a4n2IB+Y8=
Subject key identifier:   41:F1:34:7E:A2:28:55:FE:86:CB:2C:6B:A5:57:B4:2B:86:2A:9E:CC
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       788724EF7CBCED9CFB957B60BAE77BECAA147D2A
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS216412.roa
Signing time:             Thu 25 Jul 2024 18:39:57 +0000
ROA not before:           Thu 25 Jul 2024 18:34:57 +0000
ROA not after:            Thu 24 Jul 2025 18:39:57 +0000
asID:                     216412
IP address blocks:        2a06:a002:fe00::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 11:21:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:87:24:ef:7c:bc:ed:9c:fb:95:7b:60:ba:e7:7b:ec:aa:14:7d:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jul 25 18:34:57 2024 GMT
            Not After : Jul 24 18:39:57 2025 GMT
        Subject: CN=41F1347EA22855FE86CB2C6BA557B42B862A9ECC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ba:f1:7b:27:20:42:1f:e6:ea:ca:11:c5:b0:
                    7b:ce:40:2c:63:71:2e:d3:ca:a9:b0:ec:24:6a:ea:
                    47:c1:eb:50:e6:94:91:80:6b:37:94:47:30:25:45:
                    9a:9c:64:ee:72:31:df:90:4f:1c:bc:b1:bc:e7:64:
                    83:b0:6d:c0:c8:37:83:9f:26:09:69:18:9b:c8:f0:
                    45:2b:17:a9:3e:fb:f6:37:81:ec:e8:8b:6a:91:ae:
                    aa:28:fa:b4:5a:53:cc:e5:eb:7f:9e:b2:0e:c8:02:
                    9e:2a:9b:52:c2:81:bd:10:f0:4d:9e:d7:e0:4e:5f:
                    9c:96:fe:47:4f:67:37:09:c4:66:d8:61:11:11:a8:
                    86:1b:8f:27:1f:ec:ab:1a:be:07:39:cf:b1:0d:c1:
                    63:11:2d:49:56:53:7e:bb:17:d7:68:d4:44:e9:49:
                    e3:54:f8:0c:3d:5e:45:9d:40:6a:62:77:ce:7b:49:
                    87:a4:0b:03:dc:a8:56:71:2b:b9:44:c1:47:6d:94:
                    16:88:f5:9b:b1:80:33:57:5f:10:f8:2a:7b:e0:ea:
                    99:ee:eb:d5:dd:7e:f5:0a:3f:08:2b:f5:06:f8:0f:
                    3a:26:df:20:07:ec:cd:a1:d6:3b:96:d3:c8:79:c0:
                    51:07:63:7c:be:24:10:2c:31:1f:55:49:51:68:8b:
                    75:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F1:34:7E:A2:28:55:FE:86:CB:2C:6B:A5:57:B4:2B:86:2A:9E:CC
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS216412.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a002:fe00::/39

    Signature Algorithm: sha256WithRSAEncryption
         c6:dd:44:85:43:4a:b3:d2:25:66:d1:ff:96:12:60:a0:a1:01:
         83:b5:8d:ab:b0:c9:67:f2:66:01:af:f5:7e:e8:e9:a3:61:55:
         a4:8a:c4:21:76:e4:47:16:bc:d1:c2:8b:7e:c3:32:00:28:90:
         e3:55:c1:5e:66:2f:d3:6f:6b:09:f4:02:db:7a:a7:71:32:da:
         66:a0:ea:53:7b:48:cd:4e:98:b6:5d:ef:2a:a0:6d:a3:3b:f7:
         99:64:aa:ee:25:8a:0d:91:81:f6:63:f0:1f:32:3a:96:9d:64:
         ad:b2:1d:14:08:15:91:4b:ca:fb:85:9c:d2:52:9e:4e:c9:a2:
         d4:a2:8c:63:46:71:ac:35:51:ee:b0:91:90:83:1f:5f:e8:60:
         72:c8:f3:e7:02:4b:81:e7:30:7e:dd:bb:24:db:a4:d2:3b:50:
         12:22:bb:57:a7:89:e2:35:6e:a8:e6:37:17:79:2a:ff:bb:a1:
         77:68:ad:0c:1e:25:0a:d2:63:ca:81:a5:de:0e:56:47:3d:b3:
         1b:71:4d:6e:6d:e8:46:4a:59:1d:ad:dc:61:e3:c5:6f:4a:a8:
         eb:b5:02:d9:94:98:6d:3b:9b:d5:f9:52:d7:2d:9a:83:ee:3f:
         00:ea:9c:22:93:5c:db:73:c8:ce:a8:aa:bd:17:0c:cf:d6:6c:
         20:4a:68:22
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUeIck73y87Zz7lXtguud77KoUfSowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDA3MjUxODM0NTdaFw0yNTA3MjQxODM5NTdaMDMxMTAvBgNV
BAMTKDQxRjEzNDdFQTIyODU1RkU4NkNCMkM2QkE1NTdCNDJCODYyQTlFQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGuvF7JyBCH+bqyhHFsHvOQCxj
cS7Tyqmw7CRq6kfB61DmlJGAazeURzAlRZqcZO5yMd+QTxy8sbznZIOwbcDIN4Of
JglpGJvI8EUrF6k++/Y3gezoi2qRrqoo+rRaU8zl63+esg7IAp4qm1LCgb0Q8E2e
1+BOX5yW/kdPZzcJxGbYYRERqIYbjycf7Ksavgc5z7ENwWMRLUlWU367F9do1ETp
SeNU+Aw9XkWdQGpid857SYekCwPcqFZxK7lEwUdtlBaI9ZuxgDNXXxD4Knvg6pnu
69XdfvUKPwgr9Qb4Dzom3yAH7M2h1juW08h5wFEHY3y+JBAsMR9VSVFoi3W7AgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUQfE0fqIoVf6GyyxrpVe0K4YqnswwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjE2NDEyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEH
AQH/BBIwEDAOBAIAAjAIAwYBKgagAv4wDQYJKoZIhvcNAQELBQADggEBAMbdRIVD
SrPSJWbR/5YSYKChAYO1jauwyWfyZgGv9X7o6aNhVaSKxCF25EcWvNHCi37DMgAo
kONVwV5mL9Nvawn0Att6p3Ey2mag6lN7SM1OmLZd7yqgbaM795lkqu4lig2RgfZj
8B8yOpadZK2yHRQIFZFLyvuFnNJSnk7JotSijGNGcaw1Ue6wkZCDH1/oYHLI8+cC
S4HnMH7duyTbpNI7UBIiu1enieI1bqjmNxd5Kv+7oXdorQweJQrSY8qBpd4OVkc9
sxtxTW5t6EZKWR2t3GHjxW9KqOu1AtmUmG07m9X5UtctmoPuPwDqnCKTXNtzyM6o
qr0XDM/WbCBKaCI=
-----END CERTIFICATE-----