Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS399866.roa
File:                     AS399866.roa (raw, json)
Hash identifier:          6+G40Kuh0ED4MLvJVXg5AS3lx6bPwktp3XIcOh7FnCU=
Subject key identifier:   1B:EC:97:6A:78:57:F7:54:C2:9E:37:62:C2:04:7C:D0:CD:32:27:D8
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       3CEEEC7224231E159034C7AC7CF616310B14A9BB
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS399866.roa
Signing time:             Tue 05 Dec 2023 02:44:15 +0000
ROA not before:           Tue 05 Dec 2023 02:39:15 +0000
ROA not after:            Tue 03 Dec 2024 02:44:15 +0000
asID:                     399866
IP address blocks:        2a06:a005:1170::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:ee:ec:72:24:23:1e:15:90:34:c7:ac:7c:f6:16:31:0b:14:a9:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:15 2023 GMT
            Not After : Dec  3 02:44:15 2024 GMT
        Subject: CN=1BEC976A7857F754C29E3762C2047CD0CD3227D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f4:e4:6d:d0:d9:fb:ee:16:50:73:93:4d:0d:
                    47:b3:7f:90:ab:b0:a8:2b:01:41:17:18:c6:fb:ee:
                    fb:d5:4d:a1:cd:85:0f:f4:bd:e1:ad:d9:47:5d:72:
                    35:34:04:b0:fc:e7:49:58:62:3e:d6:2f:f7:b4:f6:
                    f5:8a:da:a9:0f:37:5e:de:94:eb:c1:6e:e9:96:94:
                    02:17:54:e6:a8:ce:bb:e6:05:e6:19:df:fb:31:94:
                    c7:40:e7:ec:62:c1:ed:16:23:35:0d:a7:c5:a5:12:
                    48:8f:74:bb:a7:21:e5:9f:5a:03:a6:55:36:04:cb:
                    0e:4d:73:ec:81:f0:9d:39:a6:37:09:42:3f:82:7b:
                    32:29:b7:ff:c6:88:2e:f0:64:57:8a:11:08:4d:6c:
                    5f:6a:8c:68:85:5c:33:59:cc:30:26:3a:53:aa:db:
                    db:da:0b:07:04:7c:04:6a:35:fd:02:95:80:1b:c4:
                    6d:f7:60:2c:8f:46:87:c5:0c:01:18:9f:c6:fb:83:
                    4e:ec:10:3c:9e:76:28:64:fd:9e:02:88:77:31:e9:
                    38:d1:f5:54:47:64:9c:c5:6f:b3:2d:71:cb:75:e2:
                    0d:5e:7a:b1:0d:1d:45:95:3e:dd:b2:ea:d6:6f:cf:
                    b5:3a:e6:23:e7:66:11:9c:75:51:4f:bc:65:7b:9b:
                    8f:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:EC:97:6A:78:57:F7:54:C2:9E:37:62:C2:04:7C:D0:CD:32:27:D8
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS399866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1170::/44

    Signature Algorithm: sha256WithRSAEncryption
         cc:ba:d3:f5:dd:c1:4c:38:a1:7a:27:44:2d:2d:db:e0:89:e7:
         c8:8e:3c:92:52:d0:aa:c5:99:f3:fa:e5:d5:83:c1:71:e9:da:
         0a:6e:90:7c:be:87:f6:e6:b1:84:70:74:b9:33:0f:01:ad:de:
         15:85:4a:12:c7:75:04:fb:97:b7:a2:3f:1b:36:b6:11:db:8c:
         b8:e9:bb:40:c3:2c:04:7f:46:40:a4:01:77:12:c3:0f:0a:49:
         a9:2c:82:94:14:da:83:a2:5b:ab:61:ee:b8:c1:e4:ec:64:61:
         0d:3a:08:91:60:9a:a0:88:08:a8:cd:a3:41:b1:b8:36:84:ef:
         f5:87:94:7b:4a:24:ba:72:ea:dc:ba:a9:c9:92:e7:24:87:92:
         0d:64:b7:48:cb:9c:ca:8a:73:b2:bd:0a:0d:0f:29:32:79:42:
         2d:99:56:94:95:dc:54:2b:42:ab:6d:e9:3c:95:ee:59:f9:1c:
         7a:c4:2e:a7:67:93:91:3c:75:9d:b5:35:20:6a:05:ac:6f:bb:
         a3:73:50:10:2d:23:5d:04:5e:a4:eb:00:f1:23:0f:e7:bb:ec:
         f9:6e:38:73:da:d5:34:e0:9f:89:07:7e:5f:8e:5d:c3:2b:1d:
         da:8b:7e:c6:a0:41:c1:04:ed:2f:c6:06:c7:2e:4f:0b:b3:e3:
         54:e5:0a:9a
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUPO7sciQjHhWQNMesfPYWMQsUqbswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTVaFw0yNDEyMDMwMjQ0MTVaMDMxMTAvBgNV
BAMTKDFCRUM5NzZBNzg1N0Y3NTRDMjlFMzc2MkMyMDQ3Q0QwQ0QzMjI3RDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH9ORt0Nn77hZQc5NNDUezf5Cr
sKgrAUEXGMb77vvVTaHNhQ/0veGt2UddcjU0BLD850lYYj7WL/e09vWK2qkPN17e
lOvBbumWlAIXVOaozrvmBeYZ3/sxlMdA5+xiwe0WIzUNp8WlEkiPdLunIeWfWgOm
VTYEyw5Nc+yB8J05pjcJQj+CezIpt//GiC7wZFeKEQhNbF9qjGiFXDNZzDAmOlOq
29vaCwcEfARqNf0ClYAbxG33YCyPRofFDAEYn8b7g07sEDyedihk/Z4CiHcx6TjR
9VRHZJzFb7Mtcct14g1eerENHUWVPt2y6tZvz7U65iPnZhGcdVFPvGV7m48vAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUG+yXanhX91TCnjdiwgR80M0yJ9gwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
Mzk5ODY2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRFwMA0GCSqGSIb3DQEBCwUAA4IBAQDMutP1
3cFMOKF6J0QtLdvgiefIjjySUtCqxZnz+uXVg8Fx6doKbpB8vof25rGEcHS5Mw8B
rd4VhUoSx3UE+5e3oj8bNrYR24y46btAwywEf0ZApAF3EsMPCkmpLIKUFNqDolur
Ye64weTsZGENOgiRYJqgiAiozaNBsbg2hO/1h5R7SiS6curcuqnJkuckh5INZLdI
y5zKinOyvQoNDykyeUItmVaUldxUK0Krbek8le5Z+Rx6xC6nZ5ORPHWdtTUgagWs
b7ujc1AQLSNdBF6k6wDxIw/nu+z5bjhz2tU04J+JB35fjl3DKx3ai37GoEHBBO0v
xgbHLk8Ls+NU5Qqa
-----END CERTIFICATE-----