Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS399866.roa
File:                     AS399866.roa (raw, json)
Hash identifier:          fQwI/pq7Vovqpa+uRSB8f31/3BGzxoVVoMUOzSLAFM0=
Subject key identifier:   DE:E9:43:D1:30:7C:0D:E9:30:0F:27:8C:BC:91:85:D5:94:36:4E:0A
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       7329BD51F1365EEBDCE5F1AAEE6B56D3413682DE
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS399866.roa
Signing time:             Tue 03 Jan 2023 02:07:06 +0000
ROA not before:           Tue 03 Jan 2023 02:02:06 +0000
ROA not after:            Tue 02 Jan 2024 02:07:06 +0000
asID:                     399866
IP address blocks:        2a06:a005:1170::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 07:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:29:bd:51:f1:36:5e:eb:dc:e5:f1:aa:ee:6b:56:d3:41:36:82:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jan  3 02:02:06 2023 GMT
            Not After : Jan  2 02:07:06 2024 GMT
        Subject: CN=DEE943D1307C0DE9300F278CBC9185D594364E0A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c1:8c:de:4f:d6:9d:e2:bb:0c:9a:8f:83:c8:
                    ac:d7:b0:31:12:94:65:23:c0:e4:88:e1:8d:f8:f7:
                    c2:bd:d3:88:e5:25:79:8d:58:c0:c6:e6:a5:d9:b6:
                    e2:3b:11:21:d1:76:50:09:98:76:7d:9f:c5:45:17:
                    ce:dc:36:47:6e:58:6f:61:45:82:a6:cd:a8:35:8b:
                    f9:a6:16:f0:df:bc:9a:b2:81:d8:cb:8b:4a:b4:fe:
                    4f:21:65:47:54:64:56:e5:90:7e:a2:9e:0d:10:5c:
                    a3:cf:38:e8:b7:e6:e6:06:07:78:b5:3c:16:58:67:
                    4b:35:76:f9:19:5f:8d:7f:1e:bc:75:c7:d5:1f:73:
                    75:0b:79:84:13:bf:6c:79:d1:d7:69:43:ec:62:0c:
                    95:56:aa:a2:72:f5:f4:f9:c8:a8:9f:e6:ba:8f:ca:
                    54:01:ee:43:87:b2:80:5a:f1:13:4d:b9:50:22:84:
                    00:71:3c:ff:17:91:70:9a:67:89:09:aa:b9:2d:d2:
                    a5:7e:b6:a0:b6:ae:67:fd:e9:82:37:78:0a:e5:e8:
                    38:4e:87:fc:23:ab:9f:a9:d9:06:36:36:ac:ed:69:
                    ec:22:51:59:3b:7d:74:e3:e6:27:6e:bd:25:4b:bc:
                    a9:76:fe:ab:a8:c5:07:32:dd:9f:02:9d:88:8f:5a:
                    0f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                DE:E9:43:D1:30:7C:0D:E9:30:0F:27:8C:BC:91:85:D5:94:36:4E:0A
            X509v3 Authority Key Identifier: 
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS399866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1170::/44

    Signature Algorithm: sha256WithRSAEncryption
         71:7a:ec:8b:b8:95:60:62:9f:25:2d:4b:ae:34:e1:05:17:94:
         0d:73:32:2a:48:d6:91:fb:3d:70:dd:b8:60:91:3d:fc:ad:9a:
         9c:b4:a8:a5:14:80:5b:77:13:d2:93:c1:65:83:f6:ce:03:7e:
         bb:05:1d:19:85:ce:31:68:eb:1d:93:c4:33:84:ef:b9:1c:ca:
         55:c2:01:49:8b:4a:cc:71:7c:d9:bf:bd:3e:79:ae:9b:87:e0:
         e3:5f:a7:92:5d:27:84:eb:3f:1c:50:e5:8c:76:3b:ae:38:2c:
         b6:63:75:0c:21:0e:bd:25:ea:3c:a4:22:2d:e6:b1:d9:27:e1:
         57:4d:8d:d7:b5:09:fa:31:a8:b3:b4:80:02:76:d1:d1:a3:85:
         9e:a8:55:5b:ba:79:12:e3:57:29:39:f0:20:c1:b5:b2:20:f7:
         2d:3a:4b:d8:0c:2d:95:ea:cc:3e:8b:4a:81:29:fa:b1:ae:07:
         f1:e8:0e:77:3a:97:b9:15:7b:6a:64:f1:fa:2e:6f:ad:0b:31:
         ac:68:c0:ef:62:2c:e1:cf:13:bc:1c:34:da:bb:e4:d4:a0:41:
         20:36:92:0d:be:cc:70:d1:d8:41:fd:78:da:b3:0e:ca:45:75:
         47:91:15:b3:26:43:28:6b:cc:67:5e:a3:56:28:c9:de:ba:6d:
         39:6c:f4:11
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUcym9UfE2Xuvc5fGq7mtW00E2gt4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzAxMDMwMjAyMDZaFw0yNDAxMDIwMjA3MDZaMDMxMTAvBgNV
BAMTKERFRTk0M0QxMzA3QzBERTkzMDBGMjc4Q0JDOTE4NUQ1OTQzNjRFMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJwYzeT9ad4rsMmo+DyKzXsDES
lGUjwOSI4Y3498K904jlJXmNWMDG5qXZtuI7ESHRdlAJmHZ9n8VFF87cNkduWG9h
RYKmzag1i/mmFvDfvJqygdjLi0q0/k8hZUdUZFblkH6ing0QXKPPOOi35uYGB3i1
PBZYZ0s1dvkZX41/Hrx1x9Ufc3ULeYQTv2x50ddpQ+xiDJVWqqJy9fT5yKif5rqP
ylQB7kOHsoBa8RNNuVAihABxPP8XkXCaZ4kJqrkt0qV+tqC2rmf96YI3eArl6DhO
h/wjq5+p2QY2NqztaewiUVk7fXTj5iduvSVLvKl2/quoxQcy3Z8CnYiPWg8xAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU3ulD0TB8DekwDyeMvJGF1ZQ2TgowHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
Mzk5ODY2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRFwMA0GCSqGSIb3DQEBCwUAA4IBAQBxeuyL
uJVgYp8lLUuuNOEFF5QNczIqSNaR+z1w3bhgkT38rZqctKilFIBbdxPSk8Flg/bO
A367BR0Zhc4xaOsdk8QzhO+5HMpVwgFJi0rMcXzZv70+ea6bh+DjX6eSXSeE6z8c
UOWMdjuuOCy2Y3UMIQ69Jeo8pCIt5rHZJ+FXTY3XtQn6MaiztIACdtHRo4WeqFVb
unkS41cpOfAgwbWyIPctOkvYDC2V6sw+i0qBKfqxrgfx6A53Ope5FXtqZPH6Lm+t
CzGsaMDvYizhzxO8HDTau+TUoEEgNpINvsxw0dhB/Xjasw7KRXVHkRWzJkMoa8xn
XqNWKMneum05bPQR
-----END CERTIFICATE-----