Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS56328.roa
File:                     AS56328.roa (raw, json)
Hash identifier:          ErNJTPf6SxDoHvSOvhwOhMB7+nCcDCZ2NqGaML94udQ=
Subject key identifier:   CC:86:AA:ED:46:66:D8:26:33:C6:A5:68:35:06:4F:45:F1:3C:14:44
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       5A2F454250305CE2AE108898415AD07FC3FEA990
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS56328.roa
Signing time:             Tue 05 Dec 2023 02:44:18 +0000
ROA not before:           Tue 05 Dec 2023 02:39:18 +0000
ROA not after:            Tue 03 Dec 2024 02:44:18 +0000
asID:                     56328
IP address blocks:        2a06:a005:3b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:2f:45:42:50:30:5c:e2:ae:10:88:98:41:5a:d0:7f:c3:fe:a9:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:18 2023 GMT
            Not After : Dec  3 02:44:18 2024 GMT
        Subject: CN=CC86AAED4666D82633C6A56835064F45F13C1444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ce:6c:c7:26:b2:53:08:76:1c:58:9f:de:6a:
                    2e:4c:41:da:db:7b:af:21:fc:ca:cf:ed:cc:9e:1b:
                    f3:6b:a9:fc:35:c0:fc:80:d4:17:46:69:eb:39:cf:
                    ba:8c:c7:0a:57:4d:ea:17:c3:08:0a:74:b1:f0:bb:
                    3f:0d:8f:cd:6d:cb:f4:d5:1e:b0:cc:fc:34:82:8d:
                    7a:a8:e6:78:aa:ab:f7:b2:39:ef:79:db:2f:1e:6a:
                    9d:69:1d:02:ed:ac:8a:5e:36:b5:31:cf:e9:13:ff:
                    2d:1a:89:83:f8:fa:cf:33:bf:49:23:c0:a2:73:e7:
                    99:4a:86:3f:0c:1f:91:49:ae:2f:6f:a7:da:de:94:
                    be:b3:05:97:b2:73:a8:dc:5e:d3:c9:af:c7:37:45:
                    fa:09:73:df:25:20:c0:d9:be:74:c6:27:39:18:3e:
                    2d:0d:55:80:35:a5:ca:a2:d4:e0:b7:91:83:d8:cf:
                    f1:c7:2c:1f:9b:bf:8c:e9:0f:fe:12:a6:db:68:f3:
                    86:7a:41:a6:50:bf:89:3e:19:0f:1a:4c:4c:7f:de:
                    5d:1b:5d:fc:46:96:73:33:4b:d4:14:71:32:22:bd:
                    4f:3c:46:ac:06:7b:da:5e:52:7b:7c:69:a3:42:a2:
                    de:35:b9:f5:b8:01:6c:6b:71:2f:b3:fd:55:b3:31:
                    fb:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:86:AA:ED:46:66:D8:26:33:C6:A5:68:35:06:4F:45:F1:3C:14:44
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS56328.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:3b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         0d:f0:a7:a3:6c:f5:9c:56:5e:36:3b:ac:e9:51:9b:26:aa:e0:
         74:69:f6:94:9e:b8:74:38:81:f2:2b:79:03:31:96:bf:da:78:
         ae:9f:cb:c2:1a:cb:6d:a0:fb:5c:fb:22:a8:91:0d:75:90:a8:
         21:2c:35:ce:1e:53:4e:1a:3f:ab:75:7e:8e:b9:c1:1e:aa:48:
         a8:8b:57:2b:7c:18:51:2c:00:ac:8d:f2:25:37:47:d3:f6:fb:
         40:c5:e9:0c:cd:3d:b7:72:3e:5e:40:a6:33:97:0f:f4:2f:27:
         12:31:5b:de:84:0a:c5:ef:cd:7d:6d:a7:ff:b4:c5:4c:76:e7:
         d9:d1:64:8d:2b:07:54:5d:ee:b0:0e:de:0e:cd:43:19:e3:8e:
         60:40:6b:d2:51:d7:bc:e0:90:b7:40:9d:55:d3:ff:ca:56:73:
         2e:24:bc:63:e7:26:ea:e4:66:79:9f:2b:1d:51:0e:21:86:66:
         81:84:fa:fd:e0:62:fd:e3:a7:4c:d0:0b:76:88:71:ed:fb:cb:
         76:99:a9:10:18:c7:76:12:a9:00:aa:70:fa:af:0c:2c:b6:bb:
         0a:c8:4b:b5:ac:2c:5d:22:e1:ff:22:a2:da:2b:6b:0c:13:32:
         57:68:85:94:25:0e:89:18:2e:9f:3e:6b:9e:13:a6:67:40:04:
         8a:eb:3a:76
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUWi9FQlAwXOKuEIiYQVrQf8P+qZAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MThaFw0yNDEyMDMwMjQ0MThaMDMxMTAvBgNV
BAMTKENDODZBQUVENDY2NkQ4MjYzM0M2QTU2ODM1MDY0RjQ1RjEzQzE0NDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyzmzHJrJTCHYcWJ/eai5MQdrb
e68h/MrP7cyeG/Nrqfw1wPyA1BdGaes5z7qMxwpXTeoXwwgKdLHwuz8Nj81ty/TV
HrDM/DSCjXqo5niqq/eyOe952y8eap1pHQLtrIpeNrUxz+kT/y0aiYP4+s8zv0kj
wKJz55lKhj8MH5FJri9vp9relL6zBZeyc6jcXtPJr8c3RfoJc98lIMDZvnTGJzkY
Pi0NVYA1pcqi1OC3kYPYz/HHLB+bv4zpD/4Sptto84Z6QaZQv4k+GQ8aTEx/3l0b
XfxGlnMzS9QUcTIivU88RqwGe9peUnt8aaNCot41ufW4AWxrcS+z/VWzMfu7AgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUzIaq7UZm2CYzxqVoNQZPRfE8FEQwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
NTYzMjgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwQqBqAFA7AwDQYJKoZIhvcNAQELBQADggEBAA3wp6Ns
9ZxWXjY7rOlRmyaq4HRp9pSeuHQ4gfIreQMxlr/aeK6fy8Iay22g+1z7IqiRDXWQ
qCEsNc4eU04aP6t1fo65wR6qSKiLVyt8GFEsAKyN8iU3R9P2+0DF6QzNPbdyPl5A
pjOXD/QvJxIxW96ECsXvzX1tp/+0xUx259nRZI0rB1Rd7rAO3g7NQxnjjmBAa9JR
17zgkLdAnVXT/8pWcy4kvGPnJurkZnmfKx1RDiGGZoGE+v3gYv3jp0zQC3aIce37
y3aZqRAYx3YSqQCqcPqvDCy2uwrIS7WsLF0i4f8iotorawwTMldohZQlDokYLp8+
a54TpmdABIrrOnY=
-----END CERTIFICATE-----