Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS398325.roa
File:                     AS398325.roa (raw, json)
Hash identifier:          flOgc7O5dLriTFEV23uq1Tfx+0wbQXWFRFjQ94cygOs=
Subject key identifier:   BD:8A:13:E6:65:6C:53:86:08:E0:07:6E:81:07:6C:24:86:F1:0D:CC
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       78BF38E041A1D03A6242428CFE0F7A1487BA4049
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS398325.roa
Signing time:             Tue 03 Jan 2023 02:07:07 +0000
ROA not before:           Tue 03 Jan 2023 02:02:07 +0000
ROA not after:            Tue 02 Jan 2024 02:07:07 +0000
asID:                     398325
IP address blocks:        2a06:a005:5ba::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 07:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:bf:38:e0:41:a1:d0:3a:62:42:42:8c:fe:0f:7a:14:87:ba:40:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan  3 02:02:07 2023 GMT
            Not After : Jan  2 02:07:07 2024 GMT
        Subject: CN=BD8A13E6656C538608E0076E81076C2486F10DCC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:24:4b:16:3a:5f:c9:18:7a:86:47:a0:f5:ff:
                    47:ae:0f:b8:31:fd:98:a0:48:84:85:cb:fa:bf:2e:
                    89:1d:a4:7f:9b:b9:26:19:a2:6f:05:49:58:87:6e:
                    36:bd:51:1f:97:84:8f:11:51:19:8d:f7:95:83:93:
                    f4:0e:9f:87:f9:ee:49:51:42:28:51:41:10:3e:cc:
                    51:24:47:a6:a8:89:68:c8:2d:32:14:e6:8f:74:7c:
                    91:63:fa:fa:df:15:ee:9a:54:d8:a3:74:68:ef:49:
                    f3:55:93:0d:0b:0f:b4:41:34:21:e9:3d:73:19:90:
                    3f:28:cb:86:60:13:cc:45:3e:26:d9:7e:4f:1b:31:
                    9c:2e:da:45:de:91:a4:e6:f9:ef:fe:18:1a:d3:c6:
                    59:b5:18:08:2e:c2:9b:93:01:a5:1b:25:b6:23:99:
                    77:cd:b4:f6:87:5d:fe:7c:86:5f:03:91:a4:13:62:
                    a0:53:4b:b7:80:99:67:6d:85:33:64:55:d3:c6:cb:
                    04:86:c1:c6:b3:8d:2f:97:8e:ab:d7:71:2e:f1:98:
                    3e:a5:8b:c5:50:ff:9d:55:7f:5b:49:ef:9f:5d:60:
                    92:1a:0d:10:e0:fe:4e:eb:e9:4e:dc:1e:bb:ad:8c:
                    a0:b0:61:7a:5d:c4:2f:82:49:ad:c9:ae:cb:9d:6c:
                    3a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                BD:8A:13:E6:65:6C:53:86:08:E0:07:6E:81:07:6C:24:86:F1:0D:CC
            X509v3 Authority Key Identifier: 
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS398325.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5ba::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:88:95:2c:f5:44:a3:f7:32:cc:05:c2:b2:a7:87:f8:bf:b8:
         42:73:ce:97:f4:b6:88:3b:8d:b9:ae:31:a1:71:c0:65:d4:b4:
         84:e2:ab:9f:41:fb:ce:5c:47:4e:a7:9c:1d:10:ec:4b:1a:1e:
         52:88:41:2b:dc:30:ba:da:00:7e:c4:42:9c:22:43:6e:70:0a:
         60:12:6e:17:b0:99:99:69:57:4a:2e:ab:72:f4:5a:70:63:c9:
         f4:81:e0:8f:48:ab:a6:e0:e3:8a:00:54:a4:49:04:b7:ed:0c:
         f1:30:92:e4:04:47:67:b7:24:02:c3:7f:ae:65:98:cb:a8:d0:
         06:d9:bd:94:ce:bc:c9:a3:b9:5b:f3:51:a3:6b:22:91:20:38:
         c2:0f:86:2b:61:42:0c:b8:8f:24:5e:45:70:41:60:ae:d6:40:
         58:39:30:54:c5:ab:92:f0:77:e8:2e:59:a7:96:c3:48:fe:f5:
         57:d6:db:77:55:4c:cb:de:6f:5e:7e:99:50:6c:d6:b6:5f:21:
         cf:29:5b:d0:ff:f8:83:27:10:ff:5e:e3:ce:48:8f:4e:6b:6d:
         51:0a:89:64:f7:8d:1d:e9:50:c2:c4:d2:9a:2e:96:36:25:20:
         79:d4:79:97:01:c1:35:9b:f8:54:b3:78:88:fc:52:d8:48:42:
         97:f5:62:be
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUeL844EGh0DpiQkKM/g96FIe6QEkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzAxMDMwMjAyMDdaFw0yNDAxMDIwMjA3MDdaMDMxMTAvBgNV
BAMTKEJEOEExM0U2NjU2QzUzODYwOEUwMDc2RTgxMDc2QzI0ODZGMTBEQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAJEsWOl/JGHqGR6D1/0euD7gx
/ZigSISFy/q/LokdpH+buSYZom8FSViHbja9UR+XhI8RURmN95WDk/QOn4f57klR
QihRQRA+zFEkR6aoiWjILTIU5o90fJFj+vrfFe6aVNijdGjvSfNVkw0LD7RBNCHp
PXMZkD8oy4ZgE8xFPibZfk8bMZwu2kXekaTm+e/+GBrTxlm1GAguwpuTAaUbJbYj
mXfNtPaHXf58hl8DkaQTYqBTS7eAmWdthTNkVdPGywSGwcazjS+XjqvXcS7xmD6l
i8VQ/51Vf1tJ759dYJIaDRDg/k7r6U7cHrutjKCwYXpdxC+CSa3JrsudbDoNAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUvYoT5mVsU4YI4AdugQdsJIbxDcwwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
Mzk4MzI1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQW6MA0GCSqGSIb3DQEBCwUAA4IBAQAfiJUs
9USj9zLMBcKyp4f4v7hCc86X9LaIO425rjGhccBl1LSE4qufQfvOXEdOp5wdEOxL
Gh5SiEEr3DC62gB+xEKcIkNucApgEm4XsJmZaVdKLqty9FpwY8n0geCPSKum4OOK
AFSkSQS37QzxMJLkBEdntyQCw3+uZZjLqNAG2b2UzrzJo7lb81GjayKRIDjCD4Yr
YUIMuI8kXkVwQWCu1kBYOTBUxauS8HfoLlmnlsNI/vVX1tt3VUzL3m9efplQbNa2
XyHPKVvQ//iDJxD/XuPOSI9Oa21RColk940d6VDCxNKaLpY2JSB51HmXAcE1m/hU
s3iI/FLYSEKX9WK+
-----END CERTIFICATE-----