Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS60438.roa
File:                     AS60438.roa (raw, json)
Hash identifier:          gFsYMryWvoNpRj4wzK4qC/nkQAGBrd2ZYwRTRZK77/Y=
Subject key identifier:   C2:2E:6C:C7:86:72:C3:7E:71:A2:8A:C4:8D:09:DA:B7:D1:0F:C1:76
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       6D7A05E61B72107951AC9A99608902045D2181A7
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS60438.roa
Signing time:             Fri 08 Dec 2023 11:44:21 +0000
ROA not before:           Fri 08 Dec 2023 11:39:21 +0000
ROA not after:            Fri 06 Dec 2024 11:44:21 +0000
asID:                     60438
IP address blocks:        2a06:a005:26c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:7a:05:e6:1b:72:10:79:51:ac:9a:99:60:89:02:04:5d:21:81:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Dec  8 11:39:21 2023 GMT
            Not After : Dec  6 11:44:21 2024 GMT
        Subject: CN=C22E6CC78672C37E71A28AC48D09DAB7D10FC176
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:52:7f:54:48:3d:f5:7e:53:96:96:2d:a6:4d:
                    33:fa:ab:2f:0d:09:b5:01:bb:0b:6c:cb:10:64:5b:
                    0b:9c:5b:11:e9:aa:28:c6:26:78:4a:af:40:9c:c9:
                    37:81:d0:c9:32:ce:f0:5c:39:99:61:6e:04:ae:c8:
                    d1:cf:22:9e:ac:48:6d:da:35:63:5b:56:c3:fd:e5:
                    59:04:2e:04:34:35:2a:47:5d:88:2b:90:f3:47:a7:
                    73:e0:1f:54:2b:ed:39:73:f9:f3:74:cb:cd:d1:8e:
                    a9:82:29:91:d4:74:1a:fb:c9:fe:fb:70:3f:21:c5:
                    d9:8f:36:68:ec:1d:98:99:a7:c4:fb:c5:d6:01:05:
                    03:6c:a4:06:a7:45:21:2e:79:82:47:b7:ee:a5:d8:
                    3e:90:7c:5a:df:8b:52:af:a5:cc:40:a1:52:6d:f8:
                    3c:9f:7d:a4:3d:c0:c4:3b:03:44:84:78:26:68:81:
                    28:6b:2d:0d:6a:bf:4b:05:67:21:21:3e:36:1e:e5:
                    d9:c4:fd:af:6d:9e:f1:c9:66:c8:cf:63:7d:66:d7:
                    85:ba:49:c7:b0:1f:76:22:81:8a:7b:67:23:98:8d:
                    ad:d4:71:09:73:1a:15:18:00:59:ee:96:e6:68:8d:
                    0b:1e:92:02:d0:ab:91:f0:a7:95:ed:ac:34:c7:1e:
                    e9:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:2E:6C:C7:86:72:C3:7E:71:A2:8A:C4:8D:09:DA:B7:D1:0F:C1:76
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS60438.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:26c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:4a:8a:38:f9:62:8a:12:3c:66:88:81:9d:61:13:a4:0d:ba:
         e3:6c:f3:e5:c2:06:87:08:27:77:c8:2f:3c:05:d6:79:c8:54:
         70:48:38:62:b3:41:11:20:4c:05:46:c8:a4:a3:09:17:2a:b8:
         99:fa:26:31:74:bf:52:9f:27:ec:2d:47:1f:c8:e5:b7:db:ed:
         4a:78:72:6b:0d:3a:b6:f5:c3:8c:8c:de:ba:3b:01:f5:c3:6c:
         39:87:2b:84:94:ef:2a:0e:84:8c:f3:e5:49:84:c7:ed:a1:88:
         57:0c:72:b2:96:09:da:2e:48:e4:1d:b0:52:59:2a:51:8f:26:
         fb:d6:a3:0b:80:f6:81:90:b8:ef:3c:10:cb:50:14:94:10:ff:
         d7:00:c8:d5:11:fd:e2:94:12:4b:84:e6:5c:79:19:e9:5e:53:
         6d:85:7b:0a:e5:cc:8f:92:38:d5:02:ff:18:09:b0:a7:88:7d:
         15:6c:75:90:02:05:48:7b:e7:1b:a9:f3:c2:f2:d8:8b:37:ca:
         87:7d:28:07:6f:fd:eb:e4:b0:dc:e3:3d:00:34:74:3f:78:f5:
         5e:8e:b7:b3:4e:a6:55:c3:23:26:fc:b1:ac:e1:e4:c9:34:f9:
         a7:49:c5:d0:e0:90:83:9b:63:51:7e:21:2a:20:78:5c:1e:20:
         46:f0:04:e6
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUbXoF5htyEHlRrJqZYIkCBF0hgacwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yMzEyMDgxMTM5MjFaFw0yNDEyMDYxMTQ0MjFaMDMxMTAvBgNV
BAMTKEMyMkU2Q0M3ODY3MkMzN0U3MUEyOEFDNDhEMDlEQUI3RDEwRkMxNzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLUn9USD31flOWli2mTTP6qy8N
CbUBuwtsyxBkWwucWxHpqijGJnhKr0CcyTeB0MkyzvBcOZlhbgSuyNHPIp6sSG3a
NWNbVsP95VkELgQ0NSpHXYgrkPNHp3PgH1Qr7Tlz+fN0y83RjqmCKZHUdBr7yf77
cD8hxdmPNmjsHZiZp8T7xdYBBQNspAanRSEueYJHt+6l2D6QfFrfi1KvpcxAoVJt
+DyffaQ9wMQ7A0SEeCZogShrLQ1qv0sFZyEhPjYe5dnE/a9tnvHJZsjPY31m14W6
ScewH3YigYp7ZyOYja3UcQlzGhUYAFnuluZojQsekgLQq5Hwp5XtrDTHHumvAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUwi5sx4Zyw35xoorEjQnat9EPwXYwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
NjA0Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwAqBqAFJsAwDQYJKoZIhvcNAQELBQADggEBAIpKijj5
YooSPGaIgZ1hE6QNuuNs8+XCBocIJ3fILzwF1nnIVHBIOGKzQREgTAVGyKSjCRcq
uJn6JjF0v1KfJ+wtRx/I5bfb7Up4cmsNOrb1w4yM3ro7AfXDbDmHK4SU7yoOhIzz
5UmEx+2hiFcMcrKWCdouSOQdsFJZKlGPJvvWowuA9oGQuO88EMtQFJQQ/9cAyNUR
/eKUEkuE5lx5GeleU22FewrlzI+SONUC/xgJsKeIfRVsdZACBUh75xup88Ly2Is3
yod9KAdv/evksNzjPQA0dD949V6Ot7NOplXDIyb8sazh5Mk0+adJxdDgkIObY1F+
ISogeFweIEbwBOY=
-----END CERTIFICATE-----