Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS60326.roa
File:                     AS60326.roa (raw, json)
Hash identifier:          AiHOXoeSSyIMbdJ0oa3PfxnVf/pWEJ+jHaOymrfrCzs=
Subject key identifier:   BC:DD:20:C6:0C:FE:23:C0:42:77:6D:EC:AC:FE:4D:86:00:8D:8E:59
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       37611DE3E48720FB9F4E19332E12823E6FBDB622
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS60326.roa
Signing time:             Tue 05 Dec 2023 02:44:16 +0000
ROA not before:           Tue 05 Dec 2023 02:39:16 +0000
ROA not after:            Tue 03 Dec 2024 02:44:16 +0000
asID:                     60326
IP address blocks:        2a06:a005:590::/44 maxlen: 48
                          2a06:a005:8f0::/44 maxlen: 48
                          2a06:a005:1060::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:61:1d:e3:e4:87:20:fb:9f:4e:19:33:2e:12:82:3e:6f:bd:b6:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  5 02:39:16 2023 GMT
            Not After : Dec  3 02:44:16 2024 GMT
        Subject: CN=BCDD20C60CFE23C042776DECACFE4D86008D8E59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c6:b9:9d:8e:1a:d9:79:07:21:41:4d:53:88:
                    9e:50:50:bb:cd:00:09:0a:1f:75:43:88:9f:22:04:
                    30:1a:73:14:31:a8:84:99:26:72:88:42:04:c3:be:
                    4a:47:f1:bb:b5:51:c7:28:5a:a3:41:d4:2b:1e:39:
                    a6:68:fc:b4:2c:29:41:34:23:09:4c:fe:94:ac:4e:
                    57:95:67:3d:1a:ec:62:25:0f:70:48:1a:fa:92:d6:
                    af:55:c1:a1:78:be:0d:98:f7:e2:86:08:5a:63:79:
                    5e:81:45:81:01:cc:d2:f3:e8:6d:3f:87:6f:b3:7f:
                    1e:a4:da:09:32:a3:8f:7f:1c:a2:ea:c1:a1:72:9b:
                    60:45:c7:11:1f:1a:98:fb:9f:64:4c:8f:c8:07:91:
                    67:6b:54:2a:a9:06:67:0a:b1:7a:5b:17:ed:98:0c:
                    98:7f:c6:a0:40:b0:b5:a2:a9:95:68:e5:07:d3:e3:
                    55:52:ba:45:a8:37:4b:83:83:02:7e:d6:7b:aa:1d:
                    27:bf:a8:de:bd:e4:bc:d7:72:63:a1:f9:c8:92:ac:
                    b2:3b:21:7c:df:af:3e:47:5f:e0:24:c4:20:8e:31:
                    a8:b0:e9:1f:65:14:b0:6e:7a:64:0e:ff:ac:a0:8c:
                    ec:10:5c:26:42:07:55:fc:90:3b:21:28:44:1f:c4:
                    fd:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:DD:20:C6:0C:FE:23:C0:42:77:6D:EC:AC:FE:4D:86:00:8D:8E:59
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS60326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:590::/44
                  2a06:a005:8f0::/44
                  2a06:a005:1060::/44

    Signature Algorithm: sha256WithRSAEncryption
         c3:0a:75:1a:a1:79:b7:b8:49:80:6e:a0:90:3c:2b:f0:c3:1a:
         be:6b:b5:f2:aa:69:ec:ca:dc:30:da:34:50:f6:8f:59:44:32:
         5f:a8:29:7d:d2:41:17:d6:c7:70:d5:7a:c3:0b:bb:92:19:c0:
         c3:2c:39:bf:38:33:00:64:03:cc:da:8b:6b:96:80:3c:19:e9:
         0c:04:3f:c1:9b:f2:7c:96:ef:5e:4c:8d:9a:60:6d:14:b2:7c:
         76:3a:05:35:2b:fa:cc:68:9c:7f:5c:74:9d:b7:49:cb:c7:ff:
         94:05:8d:5a:93:a8:6f:e4:e8:fd:30:9a:42:ff:24:70:c1:91:
         a6:43:38:8f:b0:89:59:b7:9f:23:50:1f:62:0a:ce:a1:3d:27:
         bd:1b:d4:50:21:2c:38:2f:8f:d2:d9:bd:11:7f:ed:54:14:94:
         31:02:54:e4:2e:c6:a8:ba:74:f6:03:80:f6:b8:af:bf:d7:8b:
         51:70:0c:8a:61:62:0d:df:55:fb:40:e0:3b:01:5a:35:49:ea:
         c7:2c:af:a0:09:e0:48:eb:35:54:49:e1:00:24:a0:d1:41:67:
         67:b5:27:0c:29:49:7e:ef:92:c0:cc:3e:ce:1f:da:90:5b:93:
         3b:62:3b:c1:9b:69:e2:c5:5f:9f:e3:e3:02:30:68:1c:54:31:
         04:a2:fb:8b
-----BEGIN CERTIFICATE-----
MIIE+TCCA+GgAwIBAgIUN2Ed4+SHIPufThkzLhKCPm+9tiIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDUwMjM5MTZaFw0yNDEyMDMwMjQ0MTZaMDMxMTAvBgNV
BAMTKEJDREQyMEM2MENGRTIzQzA0Mjc3NkRFQ0FDRkU0RDg2MDA4RDhFNTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJxrmdjhrZeQchQU1TiJ5QULvN
AAkKH3VDiJ8iBDAacxQxqISZJnKIQgTDvkpH8bu1UccoWqNB1CseOaZo/LQsKUE0
IwlM/pSsTleVZz0a7GIlD3BIGvqS1q9VwaF4vg2Y9+KGCFpjeV6BRYEBzNLz6G0/
h2+zfx6k2gkyo49/HKLqwaFym2BFxxEfGpj7n2RMj8gHkWdrVCqpBmcKsXpbF+2Y
DJh/xqBAsLWiqZVo5QfT41VSukWoN0uDgwJ+1nuqHSe/qN695LzXcmOh+ciSrLI7
IXzfrz5HX+AkxCCOMaiw6R9lFLBuemQO/6ygjOwQXCZCB1X8kDshKEQfxP0LAgMB
AAGjggIDMIIB/zAdBgNVHQ4EFgQUvN0gxgz+I8BCd23srP5NhgCNjlkwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
NjAzMjYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwNAYIKwYBBQUHAQcB
Af8EJTAjMCEEAgACMBsDBwQqBqAFBZADBwQqBqAFCPADBwQqBqAFEGAwDQYJKoZI
hvcNAQELBQADggEBAMMKdRqhebe4SYBuoJA8K/DDGr5rtfKqaezK3DDaNFD2j1lE
Ml+oKX3SQRfWx3DVesMLu5IZwMMsOb84MwBkA8zai2uWgDwZ6QwEP8Gb8nyW715M
jZpgbRSyfHY6BTUr+sxonH9cdJ23ScvH/5QFjVqTqG/k6P0wmkL/JHDBkaZDOI+w
iVm3nyNQH2IKzqE9J70b1FAhLDgvj9LZvRF/7VQUlDECVOQuxqi6dPYDgPa4r7/X
i1FwDIphYg3fVftA4DsBWjVJ6scsr6AJ4EjrNVRJ4QAkoNFBZ2e1JwwpSX7vksDM
Ps4f2pBbkztiO8GbaeLFX5/j4wIwaBxUMQSi+4s=
-----END CERTIFICATE-----