Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS3257.roa
File:                     AS3257.roa (raw, json)
Hash identifier:          cERfUmRBLita01ROh0aPYLckF8nb9RpZPkTnl6q45TY=
Subject key identifier:   7C:D7:00:C9:CA:C3:82:1E:0D:89:D5:B5:85:5B:64:E4:63:1A:D1:16
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       0B5BEC55B5E1CD345B60DD405DD44EC743ECFC5B
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS3257.roa
Signing time:             Mon 12 May 2025 20:29:47 +0000
ROA not before:           Mon 12 May 2025 20:24:47 +0000
ROA not after:            Mon 11 May 2026 20:29:47 +0000
asID:                     3257
IP address blocks:        2a06:9f47::/32 maxlen: 48
                          2a0a:6041::/32 maxlen: 48
                          2a0a:6047::/32 maxlen: 48
                          2a0d:d901::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:5b:ec:55:b5:e1:cd:34:5b:60:dd:40:5d:d4:4e:c7:43:ec:fc:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: May 12 20:24:47 2025 GMT
            Not After : May 11 20:29:47 2026 GMT
        Subject: CN=7CD700C9CAC3821E0D89D5B5855B64E4631AD116
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:22:4b:28:b7:37:16:c2:7c:86:ef:8d:95:d6:
                    f4:39:99:f3:ee:94:6e:a7:ae:89:f4:c2:b1:88:1e:
                    3f:46:41:d1:ae:d4:9a:5d:81:ee:42:f7:8e:45:12:
                    92:25:c2:44:3f:78:ae:d4:b6:81:dd:de:df:21:03:
                    d3:b3:44:92:f3:46:50:b1:d3:8f:93:0a:6f:2b:bc:
                    fd:37:31:6f:0c:90:83:9f:c6:c6:9a:38:4a:34:6e:
                    f0:12:65:07:5f:d1:91:70:ea:7a:ab:70:62:d9:8f:
                    7a:0e:9f:c6:57:a9:60:6d:89:e0:f9:9d:9c:95:89:
                    33:76:f4:b2:9e:be:87:59:97:9f:3d:61:13:86:df:
                    b0:6a:16:10:7a:84:c2:50:fe:29:2c:1a:b1:28:7b:
                    ce:dc:4d:34:ef:58:ff:df:3c:fa:88:18:0c:e0:24:
                    35:90:f6:23:b6:20:56:c6:21:d6:b8:c2:2e:6c:62:
                    0a:5f:da:a3:72:14:8b:a8:75:18:e6:b9:c7:e4:84:
                    f0:07:5c:38:c9:67:fc:76:36:b2:ad:06:8e:45:84:
                    ba:1e:61:62:52:0e:81:cb:fe:c6:ea:f7:db:6c:f6:
                    76:f6:33:c8:d8:c9:d3:35:96:98:83:df:cc:d5:00:
                    eb:92:d6:f3:19:a9:84:72:26:9b:0a:11:2c:0c:03:
                    cf:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:D7:00:C9:CA:C3:82:1E:0D:89:D5:B5:85:5B:64:E4:63:1A:D1:16
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS3257.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9f47::/32
                  2a0a:6041::/32
                  2a0a:6047::/32
                  2a0d:d901::/32

    Signature Algorithm: sha256WithRSAEncryption
         39:dd:60:53:cb:06:78:87:c6:f4:01:1f:85:43:6d:d9:4a:84:
         ae:c0:a6:2c:93:92:e3:be:84:ee:91:b7:ae:a1:31:68:3f:8a:
         56:f5:7c:78:5b:34:57:5b:fa:fc:38:20:45:43:39:aa:a7:71:
         6b:34:7c:19:88:ba:42:ca:36:76:ac:fc:84:d2:98:0b:30:33:
         b4:6d:8f:4e:24:26:89:1d:cf:1b:46:1c:00:2d:34:78:9a:1d:
         f9:14:87:93:2c:0a:63:08:10:09:0f:98:e0:b0:b8:51:fd:ba:
         36:97:78:60:27:45:91:d1:d7:e0:55:ec:55:17:f6:ee:27:f6:
         21:10:42:9c:e8:a1:d7:62:c9:19:ad:16:05:db:97:23:29:ad:
         18:61:9f:49:2e:5b:94:2b:c3:da:56:cf:5c:c3:89:40:a9:e0:
         63:53:0c:b9:8b:d4:fb:c1:eb:e9:4b:d1:8a:16:74:e0:45:4a:
         c8:a1:43:36:60:95:70:a1:54:56:1e:fe:b2:c9:6b:91:63:13:
         ba:5e:26:77:0e:b5:61:4c:63:3d:a5:16:06:95:9a:8e:3e:53:
         9e:84:2b:1d:ad:5c:d8:5c:e5:c2:cd:ac:a4:82:a9:5f:37:85:
         30:95:95:b4:97:ab:d5:52:d5:83:6e:a3:7c:8a:68:45:d0:88:
         d0:c9:24:6a
-----BEGIN CERTIFICATE-----
MIIE+TCCA+GgAwIBAgIUC1vsVbXhzTRbYN1AXdROx0Ps/FswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNTA1MTIyMDI0NDdaFw0yNjA1MTEyMDI5NDdaMDMxMTAvBgNV
BAMTKDdDRDcwMEM5Q0FDMzgyMUUwRDg5RDVCNTg1NUI2NEU0NjMxQUQxMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaIksotzcWwnyG742V1vQ5mfPu
lG6nron0wrGIHj9GQdGu1Jpdge5C945FEpIlwkQ/eK7UtoHd3t8hA9OzRJLzRlCx
04+TCm8rvP03MW8MkIOfxsaaOEo0bvASZQdf0ZFw6nqrcGLZj3oOn8ZXqWBtieD5
nZyViTN29LKevodZl589YROG37BqFhB6hMJQ/iksGrEoe87cTTTvWP/fPPqIGAzg
JDWQ9iO2IFbGIda4wi5sYgpf2qNyFIuodRjmucfkhPAHXDjJZ/x2NrKtBo5FhLoe
YWJSDoHL/sbq99ts9nb2M8jYydM1lpiD38zVAOuS1vMZqYRyJpsKESwMA88rAgMB
AAGjggIDMIIB/zAdBgNVHQ4EFgQUfNcAycrDgh4NidW1hVtk5GMa0RYwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBuBggrBgEF
BQcBCwRiMGAwXgYIKwYBBQUHMAuGUnJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MzI1Ny5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA1BggrBgEFBQcBBwEB
/wQmMCQwIgQCAAIwHAMFACoGn0cDBQAqCmBBAwUAKgpgRwMFACoN2QEwDQYJKoZI
hvcNAQELBQADggEBADndYFPLBniHxvQBH4VDbdlKhK7ApiyTkuO+hO6Rt66hMWg/
ilb1fHhbNFdb+vw4IEVDOaqncWs0fBmIukLKNnas/ITSmAswM7Rtj04kJokdzxtG
HAAtNHiaHfkUh5MsCmMIEAkPmOCwuFH9ujaXeGAnRZHR1+BV7FUX9u4n9iEQQpzo
oddiyRmtFgXblyMprRhhn0kuW5Qrw9pWz1zDiUCp4GNTDLmL1PvB6+lL0YoWdOBF
SsihQzZglXChVFYe/rLJa5FjE7peJncOtWFMYz2lFgaVmo4+U56EKx2tXNhc5cLN
rKSCqV83hTCVlbSXq9VS1YNuo3yKaEXQiNDJJGo=
-----END CERTIFICATE-----