Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS142289.roa
File:                     AS142289.roa (raw, json)
Hash identifier:          trhb3VNiCTAVjqRrH+dnw/lxevJfxtnFU80OENjzPIo=
Subject key identifier:   02:A1:45:54:D4:6F:E5:C3:B0:51:1C:F2:02:B2:A8:FA:6E:B1:79:46
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       7DEF00BDCB76E7E4BE0D277C842EE3C1A29A82CA
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS142289.roa
Signing time:             Thu 04 Jun 2026 15:58:53 +0000
ROA not before:           Thu 04 Jun 2026 15:53:53 +0000
ROA not after:            Thu 03 Jun 2027 15:58:53 +0000
asID:                     142289
IP address blocks:        2a06:a005:700::/44 maxlen: 48
                          2a06:a005:a30::/44 maxlen: 48
                          2a06:a005:a40::/44 maxlen: 48
                          2a06:a005:a50::/44 maxlen: 48
                          2a06:a005:a60::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:ef:00:bd:cb:76:e7:e4:be:0d:27:7c:84:2e:e3:c1:a2:9a:82:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:53 2026 GMT
            Not After : Jun  3 15:58:53 2027 GMT
        Subject: CN=02A14554D46FE5C3B0511CF202B2A8FA6EB17946
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:80:23:ae:25:ea:d6:9f:d6:50:18:c7:88:cf:
                    c2:6a:db:4e:db:33:d7:59:ed:fc:1d:9a:f3:d6:c0:
                    39:f2:ee:6a:0e:84:e7:a5:67:33:22:3e:84:10:37:
                    3d:9c:76:14:7d:3a:d5:c8:6d:70:ce:f3:70:26:eb:
                    ad:b4:a5:c8:f2:ef:01:99:c9:dd:68:f4:f1:d0:3a:
                    a0:16:48:e9:55:71:69:bb:5e:ab:4d:4c:51:f7:85:
                    a9:16:b3:d7:b6:e0:39:18:6e:d8:de:98:d5:2e:07:
                    33:8a:b6:05:03:fb:24:e8:ad:f5:34:b2:d9:8e:7a:
                    db:1b:e4:32:9b:1e:8c:04:31:07:c9:4d:b9:50:48:
                    52:fd:43:ca:ae:c1:6c:1a:10:c4:a1:05:47:d1:c6:
                    0a:9e:97:cb:e4:34:2d:1d:43:36:4c:04:05:04:30:
                    5b:ff:52:05:c9:72:31:1b:69:6b:91:d0:56:39:15:
                    94:15:48:40:29:a0:ef:b7:eb:91:c2:dc:b0:57:81:
                    9d:b5:23:aa:38:c8:c3:4c:81:a4:d4:c1:94:ce:df:
                    d8:a0:92:f9:4e:1e:b1:3a:83:be:7e:3b:4e:1d:3d:
                    f7:fa:a4:04:19:6e:41:91:59:b2:e6:b2:8c:40:4f:
                    52:fe:9c:06:3d:1f:ed:59:13:76:9e:3f:bd:5c:fa:
                    35:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:A1:45:54:D4:6F:E5:C3:B0:51:1C:F2:02:B2:A8:FA:6E:B1:79:46
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS142289.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:700::/44
                  2a06:a005:a30::-2a06:a005:a6f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         9e:01:43:8c:4b:a1:70:27:b4:8d:59:c0:3c:53:73:48:32:da:
         d9:41:56:99:d1:9a:3d:16:82:87:78:38:46:48:5d:ab:c8:fa:
         38:35:bf:b8:e3:9b:61:35:a8:79:40:3d:9f:78:d6:8f:6e:34:
         91:9d:7d:42:3d:07:de:f7:8e:da:45:ed:6d:78:01:d9:79:f4:
         fa:6f:de:25:3e:6e:5b:cf:f4:b7:6f:31:2c:e2:31:64:c7:be:
         3f:ee:f5:33:e8:5c:d8:b3:47:1a:42:dc:77:4d:b6:02:88:e6:
         2a:4d:0f:e3:cf:42:14:a5:57:c5:57:96:78:3c:ef:91:6f:f3:
         55:01:f0:83:63:7a:7d:81:2a:21:19:26:b5:db:69:fb:d1:28:
         6e:15:91:00:b5:f7:56:94:f4:cd:72:30:c9:71:9a:70:56:55:
         36:f2:26:43:45:74:19:7d:c4:c9:39:c3:18:85:d3:b8:0b:34:
         03:8f:fd:a5:41:98:89:24:d6:7c:d7:88:62:76:b0:1f:72:c2:
         f8:ac:95:0d:48:3c:f7:1c:7d:82:d1:64:de:56:63:98:c0:5c:
         52:f5:8e:fc:23:de:eb:79:7d:a7:ca:b2:29:db:26:2f:3a:e7:
         be:2c:df:59:58:f7:43:f4:de:1f:0a:c4:cc:94:29:a6:f7:c7:
         f0:5a:d1:3b
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgIUfe8Avct25+S+DSd8hC7jwaKagsowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTNaFw0yNzA2MDMxNTU4NTNaMDMxMTAvBgNV
BAMTKDAyQTE0NTU0RDQ2RkU1QzNCMDUxMUNGMjAyQjJBOEZBNkVCMTc5NDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrgCOuJerWn9ZQGMeIz8Jq207b
M9dZ7fwdmvPWwDny7moOhOelZzMiPoQQNz2cdhR9OtXIbXDO83Am6620pcjy7wGZ
yd1o9PHQOqAWSOlVcWm7XqtNTFH3hakWs9e24DkYbtjemNUuBzOKtgUD+yTorfU0
stmOetsb5DKbHowEMQfJTblQSFL9Q8quwWwaEMShBUfRxgqel8vkNC0dQzZMBAUE
MFv/UgXJcjEbaWuR0FY5FZQVSEApoO+365HC3LBXgZ21I6o4yMNMgaTUwZTO39ig
kvlOHrE6g75+O04dPff6pAQZbkGRWbLmsoxAT1L+nAY9H+1ZE3aeP71c+jWfAgMB
AAGjggIGMIICAjAdBgNVHQ4EFgQUAqFFVNRv5cOwURzyArKo+m6xeUYwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTQyMjg5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEH
AQH/BCcwJTAjBAIAAjAdAwcEKgagBQcAMBIDBwQqBqAFCjADBwQqBqAFCmAwDQYJ
KoZIhvcNAQELBQADggEBAJ4BQ4xLoXAntI1ZwDxTc0gy2tlBVpnRmj0Wgod4OEZI
XavI+jg1v7jjm2E1qHlAPZ941o9uNJGdfUI9B973jtpF7W14Adl59Ppv3iU+blvP
9LdvMSziMWTHvj/u9TPoXNizRxpC3HdNtgKI5ipND+PPQhSlV8VXlng875Fv81UB
8INjen2BKiEZJrXbafvRKG4VkQC191aU9M1yMMlxmnBWVTbyJkNFdBl9xMk5wxiF
07gLNAOP/aVBmIkk1nzXiGJ2sB9ywvislQ1IPPccfYLRZN5WY5jAXFL1jvwj3ut5
fafKsinbJi86574s31lY90P03h8KxMyUKab3x/Ba0Ts=
-----END CERTIFICATE-----