Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/821eef7e060345e4be569cd347ccbe36/1/326131343a333030303a3a2f32392d3438203d3e20323136313338.roa
File:                     326131343a333030303a3a2f32392d3438203d3e20323136313338.roa (raw, json)
Hash identifier:          qt1lRixJHh9XyItwoGIF3dWNakYVeDxMJqfX168G6bM=
Subject key identifier:   4C:85:80:43:FE:FD:45:F0:26:02:EB:79:CA:B8:7D:3C:0C:11:F2:6C
Certificate issuer:       /CN=07b1fb1839a414f2bbaafbe0efcd0f202bcf74fe
Certificate serial:       1A1C6BD9E820646E0366BDB055B6F897D4D1EB91
Authority key identifier: 07:B1:FB:18:39:A4:14:F2:BB:AA:FB:E0:EF:CD:0F:20:2B:CF:74:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B7H7GDmkFPK7qvvg780PICvPdP4.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/821eef7e060345e4be569cd347ccbe36/1/326131343a333030303a3a2f32392d3438203d3e20323136313338.roa
Signing time:             Thu 05 Feb 2026 18:19:49 +0000
ROA not before:           Thu 05 Feb 2026 18:14:49 +0000
ROA not after:            Thu 04 Feb 2027 18:19:49 +0000
asID:                     216138
IP address blocks:        2a14:3000::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/821eef7e060345e4be569cd347ccbe36/1/07B1FB1839A414F2BBAAFBE0EFCD0F202BCF74FE.crl
                          rsync://rpki-rps.arin.net/repository/821eef7e060345e4be569cd347ccbe36/1/07B1FB1839A414F2BBAAFBE0EFCD0F202BCF74FE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B7H7GDmkFPK7qvvg780PICvPdP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:45:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:1c:6b:d9:e8:20:64:6e:03:66:bd:b0:55:b6:f8:97:d4:d1:eb:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07b1fb1839a414f2bbaafbe0efcd0f202bcf74fe
        Validity
            Not Before: Feb  5 18:14:49 2026 GMT
            Not After : Feb  4 18:19:49 2027 GMT
        Subject: CN=4C858043FEFD45F02602EB79CAB87D3C0C11F26C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c4:ab:c8:2d:74:1e:61:23:78:32:a3:5f:cf:
                    7c:04:6b:b9:6f:23:7c:cb:3a:5d:6b:ba:0c:08:f4:
                    1f:0b:af:3c:70:5e:22:30:2c:68:a0:6c:25:fd:9e:
                    cd:96:e9:c6:d3:53:e8:99:88:46:bd:84:da:cc:f9:
                    38:ae:37:25:83:1b:ca:32:a5:67:46:25:88:d5:f1:
                    57:dc:50:f8:77:e1:cc:ec:f0:e3:e2:ac:f1:80:7f:
                    c2:6d:f3:6f:af:f1:74:2d:d7:ac:e7:d0:0c:24:f4:
                    8c:7d:3a:3c:58:51:bd:96:94:49:a9:b4:ec:6a:fc:
                    c3:4a:c3:06:56:0c:8b:2c:72:79:b9:3c:c1:0e:97:
                    e3:32:78:e8:a3:64:99:dd:31:d2:fe:0a:b5:e9:30:
                    7c:39:d6:fa:60:5a:fa:2d:38:a9:9c:c7:3c:39:29:
                    9b:44:41:78:04:b5:1b:86:4a:51:77:d5:94:8a:2f:
                    bc:66:80:a2:58:68:06:ad:b3:2f:f4:10:c8:96:b9:
                    6c:20:fd:b2:96:05:4b:11:66:1a:41:0a:72:6b:1f:
                    be:28:15:4b:36:ec:f7:00:0a:ba:01:c2:a5:da:17:
                    61:92:04:87:ea:98:d4:54:9f:0e:36:b1:7d:d4:43:
                    65:85:14:40:23:46:aa:e2:dd:b2:39:69:17:e1:a5:
                    97:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:85:80:43:FE:FD:45:F0:26:02:EB:79:CA:B8:7D:3C:0C:11:F2:6C
            X509v3 Authority Key Identifier:
                keyid:07:B1:FB:18:39:A4:14:F2:BB:AA:FB:E0:EF:CD:0F:20:2B:CF:74:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/821eef7e060345e4be569cd347ccbe36/1/07B1FB1839A414F2BBAAFBE0EFCD0F202BCF74FE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B7H7GDmkFPK7qvvg780PICvPdP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/821eef7e060345e4be569cd347ccbe36/1/326131343a333030303a3a2f32392d3438203d3e20323136313338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:3000::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:c3:6d:0d:a5:9d:d2:6e:ee:c2:fb:5d:11:b9:61:82:21:77:
         60:c1:75:a6:fa:42:6b:c8:ac:97:d9:98:0e:1c:98:a9:09:3a:
         b5:34:92:50:1b:79:64:1b:74:70:67:63:a1:75:55:3e:2a:12:
         03:40:84:ca:b3:ad:e2:c5:57:fe:28:ea:d7:f8:cf:22:09:fa:
         e8:56:eb:48:95:e1:a4:19:0c:8c:62:9f:d0:b6:ef:9b:c5:9a:
         c9:dc:af:3a:f1:69:ad:6f:29:f8:ba:12:77:71:86:50:d4:50:
         7e:8b:32:86:e9:c4:ce:30:fc:04:34:4b:66:f0:e1:a0:b5:20:
         02:4c:12:2c:d0:d5:06:11:9a:a3:5c:4b:41:d9:d1:98:9d:4b:
         f4:b9:77:62:fa:2f:92:4a:5f:32:f2:c5:56:3d:1b:04:87:94:
         b3:ac:c4:7c:1c:69:d1:70:b4:0c:5d:95:84:8a:7f:e4:2e:91:
         b4:28:22:4b:26:76:61:e5:c1:00:86:a1:d9:60:cd:7b:54:f6:
         ac:e8:6a:97:0f:11:d0:57:72:a8:21:f8:7d:8c:17:e0:04:d9:
         81:19:77:49:54:44:d6:b1:bd:a9:7b:5f:eb:11:5b:ac:9a:7c:
         40:11:6d:a4:7d:32:dd:16:06:bc:4a:f1:9b:a0:84:64:a6:6d:
         84:f8:de:6e
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIUGhxr2eggZG4DZr2wVbb4l9TR65EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDdiMWZiMTgzOWE0MTRmMmJiYWFmYmUwZWZjZDBmMjAy
YmNmNzRmZTAeFw0yNjAyMDUxODE0NDlaFw0yNzAyMDQxODE5NDlaMDMxMTAvBgNV
BAMTKDRDODU4MDQzRkVGRDQ1RjAyNjAyRUI3OUNBQjg3RDNDMEMxMUYyNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQxKvILXQeYSN4MqNfz3wEa7lv
I3zLOl1rugwI9B8LrzxwXiIwLGigbCX9ns2W6cbTU+iZiEa9hNrM+TiuNyWDG8oy
pWdGJYjV8VfcUPh34czs8OPirPGAf8Jt82+v8XQt16zn0Awk9Ix9OjxYUb2WlEmp
tOxq/MNKwwZWDIsscnm5PMEOl+MyeOijZJndMdL+CrXpMHw51vpgWvotOKmcxzw5
KZtEQXgEtRuGSlF31ZSKL7xmgKJYaAatsy/0EMiWuWwg/bKWBUsRZhpBCnJrH74o
FUs27PcACroBwqXaF2GSBIfqmNRUnw42sX3UQ2WFFEAjRqri3bI5aRfhpZfnAgMB
AAGjggIjMIICHzAdBgNVHQ4EFgQUTIWAQ/79RfAmAut5yrh9PAwR8mwwHwYDVR0j
BBgwFoAUB7H7GDmkFPK7qvvg780PICvPdP4wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvODIxZWVmN2UwNjAzNDVlNGJlNTY5Y2QzNDdjY2JlMzYvMS8wN0IxRkIxODM5
QTQxNEYyQkJBQUZCRTBFRkNEMEYyMDJCQ0Y3NEZFLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvQjdIN0dEbWtGUEs3cXZ2Zzc4MFBJQ3ZQZFA0LmNlcjCBogYIKwYB
BQUHAQsEgZUwgZIwgY8GCCsGAQUFBzALhoGCcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzgyMWVlZjdlMDYwMzQ1ZTRiZTU2OWNkMzQ3Y2NiZTM2
LzEvMzI2MTMxMzQzYTMzMzAzMDMwM2EzYTJmMzIzOTJkMzQzODIwM2QzZTIwMzIz
MTM2MzEzMzM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKhQwADANBgkqhkiG9w0BAQsFAAOCAQEAPsNt
DaWd0m7uwvtdEblhgiF3YMF1pvpCa8isl9mYDhyYqQk6tTSSUBt5ZBt0cGdjoXVV
PioSA0CEyrOt4sVX/ijq1/jPIgn66FbrSJXhpBkMjGKf0Lbvm8WaydyvOvFprW8p
+LoSd3GGUNRQfosyhunEzjD8BDRLZvDhoLUgAkwSLNDVBhGao1xLQdnRmJ1L9Ll3
YvovkkpfMvLFVj0bBIeUs6zEfBxp0XC0DF2VhIp/5C6RtCgiSyZ2YeXBAIah2WDN
e1T2rOhqlw8R0FdyqCH4fYwX4ATZgRl3SVRE1rG9qXtf6xFbrJp8QBFtpH0y3RYG
vErxm6CEZKZthPjebg==
-----END CERTIFICATE-----