Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS7721.roa
File:                     AS7721.roa (raw, json)
Hash identifier:          GwF179fchtmLPoLCy46mdKfS70EaxkOjQ5nI4O8VbwA=
Subject key identifier:   4E:91:61:37:03:F5:AA:29:A6:BE:84:F8:83:D9:61:4F:D5:04:4A:FA
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       6FC07B1EFEAB6566338FECC077B1CF253C28AAFA
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS7721.roa
Signing time:             Tue 05 Nov 2024 03:40:09 +0000
ROA not before:           Tue 05 Nov 2024 03:35:09 +0000
ROA not after:            Tue 04 Nov 2025 03:40:09 +0000
asID:                     7721
IP address blocks:        2a06:a005:220::/44 maxlen: 48
                          2a06:a005:230::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:c0:7b:1e:fe:ab:65:66:33:8f:ec:c0:77:b1:cf:25:3c:28:aa:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:09 2024 GMT
            Not After : Nov  4 03:40:09 2025 GMT
        Subject: CN=4E91613703F5AA29A6BE84F883D9614FD5044AFA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c1:78:25:2d:c3:75:5c:7b:28:cf:b5:14:54:
                    42:a2:73:8b:2c:7c:65:33:23:52:88:55:c1:d9:90:
                    04:2e:33:e3:af:7b:da:1e:f4:b4:c3:c1:25:4e:8c:
                    de:62:25:ea:42:f3:31:2a:8c:81:2e:b6:e3:0a:01:
                    ec:46:35:7b:dc:f1:9d:6d:28:ab:65:1b:0b:a3:58:
                    0d:b9:68:74:e8:47:57:a7:1b:ca:50:a1:79:42:1b:
                    25:07:ef:a5:6f:f2:8f:66:f3:3c:95:65:8d:e6:e3:
                    59:0e:d9:ce:ad:83:dc:c6:56:b2:c6:5f:6d:c9:03:
                    dd:be:3f:35:72:ae:ca:86:83:1b:63:c3:61:50:c1:
                    4a:af:2a:5d:c6:0a:55:7f:73:d4:65:d8:b9:23:5e:
                    88:73:4a:b2:ca:19:4a:04:41:fd:b2:8e:b6:f8:59:
                    3b:36:07:6a:84:e5:4b:9b:8b:a8:99:2e:d7:13:4b:
                    29:21:8d:b1:9d:67:92:3e:29:4f:69:05:e6:2e:4b:
                    12:7c:c2:f3:a7:10:f6:cc:46:5e:5b:78:ac:27:16:
                    99:6b:c0:9b:98:ec:82:a0:34:43:40:a3:11:53:2d:
                    8b:43:8c:6e:01:dd:ed:6b:4b:2c:05:8b:56:4c:e2:
                    7d:45:d4:15:81:7e:f7:7f:63:f1:66:68:74:6a:43:
                    9d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:91:61:37:03:F5:AA:29:A6:BE:84:F8:83:D9:61:4F:D5:04:4A:FA
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS7721.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:220::/43

    Signature Algorithm: sha256WithRSAEncryption
         85:e7:6a:cd:bc:39:b9:bd:8f:24:40:10:3e:85:b6:52:c4:0c:
         92:48:ee:e1:1d:55:71:2b:42:b1:58:f9:85:ee:4b:48:37:f8:
         a3:32:cc:83:98:f1:67:3d:87:31:cf:e4:bc:0e:9d:89:0b:40:
         39:20:fd:2c:3e:1e:9a:19:22:97:e7:17:7e:df:99:fd:4a:0d:
         52:7c:e2:4e:d5:f4:ab:d9:f5:fb:cd:0b:4f:cc:63:9f:41:29:
         ca:43:d1:e6:f3:91:46:fd:f8:0b:a3:a3:9b:9e:7c:3b:66:ca:
         df:87:d2:07:8b:ea:aa:7d:e7:02:4e:2a:51:b1:23:05:3b:80:
         da:89:a6:cc:04:01:b0:77:cf:4d:11:55:07:2b:0d:ab:f1:d9:
         6e:32:1d:a2:e7:fe:a5:04:10:75:e4:24:44:2e:03:88:3f:69:
         4a:ba:cc:ea:58:f9:4b:68:41:d6:ae:63:71:fc:f7:37:a4:7c:
         3f:17:a7:fa:dd:e6:45:41:49:9d:dd:dd:16:db:90:8c:0c:87:
         e4:19:a3:ad:97:ba:5d:28:25:ce:2b:9b:77:5f:9f:04:76:1a:
         c6:c3:fd:ac:7c:89:34:b9:74:56:c3:27:7d:e5:af:97:15:06:
         e8:fa:47:77:b5:56:3b:e6:cb:ce:4f:2f:05:9d:0a:e9:bd:d1:
         f4:24:b3:fb
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIUb8B7Hv6rZWYzj+zAd7HPJTwoqvowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDlaFw0yNTExMDQwMzQwMDlaMDMxMTAvBgNV
BAMTKDRFOTE2MTM3MDNGNUFBMjlBNkJFODRGODgzRDk2MTRGRDUwNDRBRkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCawXglLcN1XHsoz7UUVEKic4ss
fGUzI1KIVcHZkAQuM+Ove9oe9LTDwSVOjN5iJepC8zEqjIEutuMKAexGNXvc8Z1t
KKtlGwujWA25aHToR1enG8pQoXlCGyUH76Vv8o9m8zyVZY3m41kO2c6tg9zGVrLG
X23JA92+PzVyrsqGgxtjw2FQwUqvKl3GClV/c9Rl2LkjXohzSrLKGUoEQf2yjrb4
WTs2B2qE5Uubi6iZLtcTSykhjbGdZ5I+KU9pBeYuSxJ8wvOnEPbMRl5beKwnFplr
wJuY7IKgNENAoxFTLYtDjG4B3e1rSywFi1ZM4n1F1BWBfvd/Y/FmaHRqQ519AgMB
AAGjggHwMIIB7DAdBgNVHQ4EFgQUTpFhNwP1qimmvoT4g9lhT9UESvowHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBuBggrBgEF
BQcBCwRiMGAwXgYIKwYBBQUHMAuGUnJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
NzcyMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB
/wQTMBEwDwQCAAIwCQMHBSoGoAUCIDANBgkqhkiG9w0BAQsFAAOCAQEAhedqzbw5
ub2PJEAQPoW2UsQMkkju4R1VcStCsVj5he5LSDf4ozLMg5jxZz2HMc/kvA6diQtA
OSD9LD4emhkil+cXft+Z/UoNUnziTtX0q9n1+80LT8xjn0EpykPR5vORRv34C6Oj
m558O2bK34fSB4vqqn3nAk4qUbEjBTuA2ommzAQBsHfPTRFVBysNq/HZbjIdouf+
pQQQdeQkRC4DiD9pSrrM6lj5S2hB1q5jcfz3N6R8Pxen+t3mRUFJnd3dFtuQjAyH
5BmjrZe6XSglziubd1+fBHYaxsP9rHyJNLl0VsMnfeWvlxUG6PpHd7VWO+bLzk8v
BZ0K6b3R9CSz+w==
-----END CERTIFICATE-----