Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS400536.roa
File:                     AS400536.roa (raw, json)
Hash identifier:          ytwbdgEr3QPSY4jHpIVjjzE0LNQJXJqwBv2cyQXFpBQ=
Subject key identifier:   7C:CC:97:3C:58:29:CF:1C:26:E4:88:6F:1A:B5:2A:E9:CC:4E:D7:64
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       59EC6D8634BB9CE830F3D2CFF8617741A39D3D81
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS400536.roa
Signing time:             Tue 05 Dec 2023 02:44:15 +0000
ROA not before:           Tue 05 Dec 2023 02:39:15 +0000
ROA not after:            Tue 03 Dec 2024 02:44:15 +0000
asID:                     400536
IP address blocks:        2a06:a005:5f7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:ec:6d:86:34:bb:9c:e8:30:f3:d2:cf:f8:61:77:41:a3:9d:3d:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:15 2023 GMT
            Not After : Dec  3 02:44:15 2024 GMT
        Subject: CN=7CCC973C5829CF1C26E4886F1AB52AE9CC4ED764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:92:60:05:9e:01:9f:dc:b8:2d:10:44:64:31:
                    ac:d3:aa:8d:41:63:41:1e:e3:7e:cd:bc:e4:2e:71:
                    e0:a7:64:40:10:0c:d0:f4:21:53:6a:66:b6:38:74:
                    90:11:7d:69:4e:72:b9:72:53:ec:2b:36:31:ad:14:
                    20:6e:01:b6:6e:d0:72:2b:09:bb:f9:0f:12:fc:3b:
                    89:55:f6:c7:bc:d8:ec:fb:1b:da:20:b5:57:02:da:
                    7c:11:74:e0:43:8b:0d:0c:02:90:8a:f1:92:61:d9:
                    da:1c:f5:a9:cb:65:ab:09:a1:4c:19:f1:4d:2a:12:
                    28:93:49:5a:90:a7:7c:ac:f0:e8:eb:28:2e:ae:44:
                    40:07:2a:84:60:04:af:84:91:ce:ea:89:b5:d4:5a:
                    cd:b2:c8:c5:b5:5d:63:f1:a2:28:c8:8d:0c:80:16:
                    8f:86:2a:95:a1:0b:f3:6a:3d:7a:7a:bd:1e:4f:7f:
                    59:e6:58:a7:63:58:b9:f4:c2:7b:e6:27:e6:c3:bc:
                    6b:37:bf:32:e1:11:30:87:47:b0:9e:db:59:f0:73:
                    2e:a9:1d:14:b4:da:7b:88:a8:cc:a0:bb:69:5a:b1:
                    e2:6d:a1:4e:04:1f:71:03:6e:72:1a:94:e0:93:a8:
                    71:4c:f8:5f:e5:21:e6:25:69:59:bf:b7:f5:00:19:
                    f3:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:CC:97:3C:58:29:CF:1C:26:E4:88:6F:1A:B5:2A:E9:CC:4E:D7:64
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS400536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5f7::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:9f:54:5d:ea:34:f2:4e:ad:f0:20:65:ea:d0:24:28:ee:1e:
         48:6d:2f:41:d0:bd:62:49:b2:ac:7c:02:1e:75:72:44:a5:69:
         5e:01:19:e3:70:aa:31:2b:c0:ff:04:89:3a:82:5c:10:86:a0:
         f5:e5:3a:e4:8d:04:23:2d:57:cf:ec:d3:1d:27:40:0e:71:70:
         df:ff:67:c8:21:31:6f:aa:50:fe:ba:68:15:4d:26:de:8c:9d:
         ad:f9:d5:ba:45:29:43:a4:2c:93:03:00:89:be:e9:30:02:fd:
         cd:a2:4c:b2:bb:53:47:f6:56:7c:f5:3a:09:90:e1:47:d4:bb:
         31:c7:46:b5:f1:1c:a9:7a:dd:b7:68:38:fc:df:55:2d:b8:5d:
         7a:d9:c3:cd:f1:9b:bd:f1:e3:75:0d:56:50:9b:31:2c:25:fb:
         d4:aa:af:b7:f7:ac:e7:48:75:68:75:7f:61:3d:04:8c:ec:30:
         83:98:0c:07:b9:89:ef:dc:34:bd:02:3e:0f:37:43:5c:b8:e8:
         d4:75:f1:af:0d:af:ca:f2:dd:60:6f:73:fa:30:ce:55:b6:37:
         85:ac:8b:b5:54:f2:4c:2a:58:9c:4a:fb:46:2d:e6:85:6e:d1:
         49:7e:88:67:07:cb:aa:88:3f:b3:fb:ba:e8:ea:95:f6:3c:9c:
         47:d2:f8:7d
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUWexthjS7nOgw89LP+GF3QaOdPYEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTVaFw0yNDEyMDMwMjQ0MTVaMDMxMTAvBgNV
BAMTKDdDQ0M5NzNDNTgyOUNGMUMyNkU0ODg2RjFBQjUyQUU5Q0M0RUQ3NjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChkmAFngGf3LgtEERkMazTqo1B
Y0Ee437NvOQuceCnZEAQDND0IVNqZrY4dJARfWlOcrlyU+wrNjGtFCBuAbZu0HIr
Cbv5DxL8O4lV9se82Oz7G9ogtVcC2nwRdOBDiw0MApCK8ZJh2doc9anLZasJoUwZ
8U0qEiiTSVqQp3ys8OjrKC6uREAHKoRgBK+Ekc7qibXUWs2yyMW1XWPxoijIjQyA
Fo+GKpWhC/NqPXp6vR5Pf1nmWKdjWLn0wnvmJ+bDvGs3vzLhETCHR7Ce21nwcy6p
HRS02nuIqMygu2laseJtoU4EH3EDbnIalOCTqHFM+F/lIeYlaVm/t/UAGfPrAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUfMyXPFgpzxwm5IhvGrUq6cxO12QwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
NDAwNTM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQX3MA0GCSqGSIb3DQEBCwUAA4IBAQAbn1Rd
6jTyTq3wIGXq0CQo7h5IbS9B0L1iSbKsfAIedXJEpWleARnjcKoxK8D/BIk6glwQ
hqD15TrkjQQjLVfP7NMdJ0AOcXDf/2fIITFvqlD+umgVTSbejJ2t+dW6RSlDpCyT
AwCJvukwAv3Nokyyu1NH9lZ89ToJkOFH1Lsxx0a18Rypet23aDj831UtuF162cPN
8Zu98eN1DVZQmzEsJfvUqq+396znSHVodX9hPQSM7DCDmAwHuYnv3DS9Aj4PN0Nc
uOjUdfGvDa/K8t1gb3P6MM5VtjeFrIu1VPJMKlicSvtGLeaFbtFJfohnB8uqiD+z
+7ro6pX2PJxH0vh9
-----END CERTIFICATE-----