Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS56696.roa
File:                     AS56696.roa (raw, json)
Hash identifier:          nLWZap5B15IVTKrbzXgiW0G0/MhV54E1viGts7gYY+g=
Subject key identifier:   D0:90:20:23:4A:3A:29:59:1D:DB:C3:92:34:CF:CA:1F:0D:0C:D2:EE
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       34A488F46CA1D74D5695F55B52CAF7D134D72DB1
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS56696.roa
Signing time:             Tue 05 Nov 2024 03:40:01 +0000
ROA not before:           Tue 05 Nov 2024 03:35:01 +0000
ROA not after:            Tue 04 Nov 2025 03:40:01 +0000
asID:                     56696
IP address blocks:        2a06:a005:5e5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:a4:88:f4:6c:a1:d7:4d:56:95:f5:5b:52:ca:f7:d1:34:d7:2d:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:01 2024 GMT
            Not After : Nov  4 03:40:01 2025 GMT
        Subject: CN=D09020234A3A29591DDBC39234CFCA1F0D0CD2EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1a:97:8a:ab:37:38:5e:5e:7e:0b:17:76:c6:
                    c2:2f:fb:5a:87:9b:60:ea:8f:87:f3:69:eb:dc:e6:
                    eb:7d:fe:3c:0d:4f:18:e2:4b:37:7b:44:97:d3:70:
                    da:ab:c3:de:b8:38:c8:cd:fa:5e:a4:51:a2:1f:1d:
                    24:6e:af:b5:b2:c4:cc:2e:02:ee:18:b2:cb:12:b6:
                    0d:18:39:c9:f1:8e:62:a1:f8:2f:98:ff:2c:d5:d7:
                    51:d3:2f:62:7e:ab:f0:b1:3e:84:8c:be:8b:03:99:
                    38:c9:52:f4:67:69:5f:a0:da:4d:0b:31:21:90:6a:
                    c1:28:c6:74:14:60:33:33:ac:43:63:fd:5a:36:d1:
                    7e:83:bc:fd:2c:79:52:72:ce:c0:94:64:75:75:9c:
                    35:43:34:9f:0c:1e:9b:78:92:13:c7:15:48:c7:46:
                    86:db:26:ae:9d:c5:71:06:28:b7:84:9d:ea:1c:49:
                    02:4a:00:23:67:33:5b:1d:dc:ce:eb:59:ac:15:f9:
                    48:f5:51:f7:8f:a2:ce:22:70:d2:01:76:b8:13:cb:
                    e3:3c:e1:f2:da:af:e2:d7:28:29:ed:de:f2:bf:ba:
                    bf:f2:36:a9:e7:68:44:36:36:95:0d:1a:18:54:f6:
                    d0:f7:e3:37:d5:c8:98:28:f0:4c:a0:21:01:66:45:
                    40:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:90:20:23:4A:3A:29:59:1D:DB:C3:92:34:CF:CA:1F:0D:0C:D2:EE
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS56696.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5e5::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:a8:0f:b0:dc:ea:a3:ba:06:84:ec:82:01:42:96:51:b5:00:
         e5:8a:c9:c8:f7:70:d8:98:8b:0b:4c:fb:28:8a:8d:4b:b9:dc:
         ac:88:94:c6:a8:32:40:ff:07:23:3b:c9:cd:3e:25:b7:f3:b0:
         4b:bb:e5:b8:f7:10:f4:8a:23:15:4f:f1:e1:22:65:f3:2a:77:
         46:69:bc:a7:8d:84:e3:5e:ba:d3:9f:5d:f4:9f:d4:59:23:5f:
         3f:7e:10:34:d8:8c:b4:84:5f:8b:79:2e:c9:9c:47:8a:7e:e0:
         c2:ef:0a:f3:be:bb:25:c8:2b:58:0e:7b:5b:1a:e4:8f:2a:6a:
         b4:aa:ea:8d:56:67:9b:27:7b:c2:4e:1e:09:a4:39:71:27:7d:
         21:ae:91:db:d8:cd:5e:bb:63:23:9e:6c:87:47:7e:1c:c0:12:
         7d:c9:72:4d:39:2a:2b:dd:8d:26:30:4f:99:ea:33:ad:ea:50:
         4f:91:55:fa:3e:89:ae:21:dc:f9:b1:00:ac:27:d1:8e:19:fb:
         d0:fe:13:5f:a0:5e:e3:0f:af:c2:5e:1b:ea:4c:16:b2:41:4e:
         a2:9b:5e:ff:2f:b1:f0:69:d9:62:d8:15:2d:ac:a8:71:59:05:
         1a:61:94:4e:18:53:5a:51:12:80:9a:19:4e:e4:40:21:55:78:
         66:72:21:17
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUNKSI9Gyh101WlfVbUsr30TTXLbEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDFaFw0yNTExMDQwMzQwMDFaMDMxMTAvBgNV
BAMTKEQwOTAyMDIzNEEzQTI5NTkxRERCQzM5MjM0Q0ZDQTFGMEQwQ0QyRUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuGpeKqzc4Xl5+Cxd2xsIv+1qH
m2Dqj4fzaevc5ut9/jwNTxjiSzd7RJfTcNqrw964OMjN+l6kUaIfHSRur7WyxMwu
Au4YsssStg0YOcnxjmKh+C+Y/yzV11HTL2J+q/CxPoSMvosDmTjJUvRnaV+g2k0L
MSGQasEoxnQUYDMzrENj/Vo20X6DvP0seVJyzsCUZHV1nDVDNJ8MHpt4khPHFUjH
RobbJq6dxXEGKLeEneocSQJKACNnM1sd3M7rWawV+Uj1UfePos4icNIBdrgTy+M8
4fLar+LXKCnt3vK/ur/yNqnnaEQ2NpUNGhhU9tD34zfVyJgo8EygIQFmRUA3AgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQU0JAgI0o6KVkd28OSNM/KHw0M0u4wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
NTY2OTYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwAqBqAFBeUwDQYJKoZIhvcNAQELBQADggEBADGoD7Dc
6qO6BoTsggFCllG1AOWKycj3cNiYiwtM+yiKjUu53KyIlMaoMkD/ByM7yc0+Jbfz
sEu75bj3EPSKIxVP8eEiZfMqd0ZpvKeNhONeutOfXfSf1FkjXz9+EDTYjLSEX4t5
LsmcR4p+4MLvCvO+uyXIK1gOe1sa5I8qarSq6o1WZ5sne8JOHgmkOXEnfSGukdvY
zV67YyOebIdHfhzAEn3Jck05KivdjSYwT5nqM63qUE+RVfo+ia4h3PmxAKwn0Y4Z
+9D+E1+gXuMPr8JeG+pMFrJBTqKbXv8vsfBp2WLYFS2sqHFZBRphlE4YU1pREoCa
GU7kQCFVeGZyIRc=
-----END CERTIFICATE-----