Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS398325.roa
File:                     AS398325.roa (raw, json)
Hash identifier:          yv2FwaeSJrndZzXMYOlbu2STL7IxIWMisBSYwYKERUI=
Subject key identifier:   66:2F:F8:A8:D4:74:41:F5:D3:3B:A9:15:CE:88:74:B4:B2:40:3D:88
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       4AD7A8912F2CAC9EDCBAAED4B058AA6BA5B9E768
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS398325.roa
Signing time:             Tue 05 Dec 2023 02:44:10 +0000
ROA not before:           Tue 05 Dec 2023 02:39:10 +0000
ROA not after:            Tue 03 Dec 2024 02:44:10 +0000
asID:                     398325
IP address blocks:        2a06:a005:5ba::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:d7:a8:91:2f:2c:ac:9e:dc:ba:ae:d4:b0:58:aa:6b:a5:b9:e7:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:10 2023 GMT
            Not After : Dec  3 02:44:10 2024 GMT
        Subject: CN=662FF8A8D47441F5D33BA915CE8874B4B2403D88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:27:77:0b:aa:bc:45:8e:8e:1c:30:43:18:5b:
                    57:94:d1:40:70:96:f3:8c:a9:b8:e3:fb:14:3b:35:
                    91:bf:e0:98:f8:44:94:4a:42:80:77:58:89:e9:02:
                    3a:10:48:4d:04:11:b6:a3:46:63:99:7f:b2:4f:dd:
                    34:1b:39:d1:40:e5:10:51:14:a3:37:71:2d:91:cb:
                    60:bc:3c:75:8b:d7:94:dd:6b:53:90:61:d3:8c:e9:
                    80:81:21:67:77:88:ec:10:07:7d:6c:a2:7c:0d:e9:
                    5a:43:84:7d:31:81:ee:5b:cd:f4:3f:11:a2:a3:32:
                    75:69:29:0d:d8:7b:cc:b8:4f:89:06:28:26:38:8f:
                    60:80:e0:76:c6:3b:53:91:d0:35:4c:4f:80:80:2a:
                    79:70:30:eb:23:71:74:9f:81:5a:d0:2a:ea:f1:81:
                    88:f7:12:21:40:98:74:c7:6b:41:0d:df:c1:64:37:
                    47:bc:c2:8f:fb:a4:06:ca:84:97:e5:74:d5:42:60:
                    be:3f:4c:13:c0:d4:60:13:40:9a:9b:aa:89:a4:a1:
                    d4:0b:cc:4f:4e:a6:b2:59:8c:e3:fe:55:42:e4:05:
                    ba:4f:27:49:fc:04:52:23:e9:c1:ad:dc:07:16:2b:
                    16:0f:83:5b:76:aa:93:80:e3:0d:3b:a7:a9:38:9d:
                    43:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:2F:F8:A8:D4:74:41:F5:D3:3B:A9:15:CE:88:74:B4:B2:40:3D:88
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS398325.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5ba::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:4c:74:40:87:d1:ac:b6:c2:76:e8:85:c5:44:83:c4:00:1e:
         a4:41:ba:0a:7e:91:27:b2:bd:32:cc:8d:c4:7d:56:d0:a2:d4:
         dd:1e:f5:78:22:95:73:2e:5c:8d:3a:07:37:02:69:fd:b7:02:
         ae:f4:b1:6b:42:95:69:cb:5d:90:8f:34:8c:61:68:53:d6:5b:
         52:71:59:76:bc:dc:c7:dd:9e:89:fe:9e:aa:3c:4e:dd:50:3e:
         0b:0b:bc:94:32:58:3b:16:01:81:51:5e:2d:d8:57:b0:56:9f:
         cb:c3:62:2d:c2:f9:e9:23:f5:a5:53:25:92:db:f7:88:3d:dd:
         7d:24:46:e0:8a:6c:c0:bf:62:02:46:d4:29:67:8a:c9:37:3a:
         44:60:2f:9e:59:ca:3d:97:ad:ac:23:1d:5b:92:02:b9:4f:fd:
         ac:7a:53:ef:80:44:6e:35:19:74:35:3d:26:ec:24:a5:ac:13:
         95:ed:f0:3e:8a:a5:56:e9:6c:3b:d1:3a:ed:99:a8:6c:ba:d0:
         60:bd:37:14:42:81:70:cf:98:da:38:55:55:1d:74:6a:75:c6:
         b0:cd:7b:1d:97:00:00:82:cd:74:57:99:a0:db:f4:5f:93:43:
         d6:40:a6:c1:77:10:7b:c4:7b:49:de:6f:d5:c2:d2:36:35:d1:
         b8:ed:bc:c0
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUSteokS8srJ7cuq7UsFiqa6W552gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTBaFw0yNDEyMDMwMjQ0MTBaMDMxMTAvBgNV
BAMTKDY2MkZGOEE4RDQ3NDQxRjVEMzNCQTkxNUNFODg3NEI0QjI0MDNEODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBJ3cLqrxFjo4cMEMYW1eU0UBw
lvOMqbjj+xQ7NZG/4Jj4RJRKQoB3WInpAjoQSE0EEbajRmOZf7JP3TQbOdFA5RBR
FKM3cS2Ry2C8PHWL15Tda1OQYdOM6YCBIWd3iOwQB31sonwN6VpDhH0xge5bzfQ/
EaKjMnVpKQ3Ye8y4T4kGKCY4j2CA4HbGO1OR0DVMT4CAKnlwMOsjcXSfgVrQKurx
gYj3EiFAmHTHa0EN38FkN0e8wo/7pAbKhJfldNVCYL4/TBPA1GATQJqbqomkodQL
zE9OprJZjOP+VULkBbpPJ0n8BFIj6cGt3AcWKxYPg1t2qpOA4w07p6k4nUM/AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUZi/4qNR0QfXTO6kVzoh0tLJAPYgwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
Mzk4MzI1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQW6MA0GCSqGSIb3DQEBCwUAA4IBAQAkTHRA
h9GstsJ26IXFRIPEAB6kQboKfpEnsr0yzI3EfVbQotTdHvV4IpVzLlyNOgc3Amn9
twKu9LFrQpVpy12QjzSMYWhT1ltScVl2vNzH3Z6J/p6qPE7dUD4LC7yUMlg7FgGB
UV4t2FewVp/Lw2ItwvnpI/WlUyWS2/eIPd19JEbgimzAv2ICRtQpZ4rJNzpEYC+e
Wco9l62sIx1bkgK5T/2selPvgERuNRl0NT0m7CSlrBOV7fA+iqVW6Ww70Trtmahs
utBgvTcUQoFwz5jaOFVVHXRqdcawzXsdlwAAgs10V5mg2/Rfk0PWQKbBdxB7xHtJ
3m/VwtI2NdG47bzA
-----END CERTIFICATE-----