Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS18041.roa
File:                     AS18041.roa (raw, json)
Hash identifier:          lnraFbWRkBySmBQXlJnIcj1wPyVdhJzdamnU8hRYJ14=
Subject key identifier:   DF:A9:84:43:CE:D1:A3:2B:00:DD:82:2D:D4:38:C6:82:60:A7:46:6B
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       1F138572531A1B1B961D95DB5C6D42FC8A0F1A33
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS18041.roa
Signing time:             Thu 04 Jun 2026 15:58:53 +0000
ROA not before:           Thu 04 Jun 2026 15:53:53 +0000
ROA not after:            Thu 03 Jun 2027 15:58:53 +0000
asID:                     18041
IP address blocks:        2a06:a005:500::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:13:85:72:53:1a:1b:1b:96:1d:95:db:5c:6d:42:fc:8a:0f:1a:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:53 2026 GMT
            Not After : Jun  3 15:58:53 2027 GMT
        Subject: CN=DFA98443CED1A32B00DD822DD438C68260A7466B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:59:8d:85:2a:ca:c5:f3:cf:91:61:df:ae:57:
                    78:25:0a:27:04:64:2f:f1:d3:a7:a0:8d:db:8a:23:
                    ef:b1:75:10:9c:d5:71:d8:3a:5b:00:40:5a:9b:39:
                    2d:17:d1:0b:80:7c:b6:79:1c:68:cd:09:4e:23:4d:
                    5e:fc:ea:3a:ad:18:78:ce:23:8c:30:69:7c:6d:5a:
                    e2:6b:2a:dc:ec:64:85:1e:e4:07:24:5b:83:52:8e:
                    a6:42:c0:ec:3e:e8:c9:34:8d:ff:06:40:dd:fe:22:
                    8f:23:e8:02:68:b9:59:67:13:90:2d:d9:9a:09:9d:
                    d3:73:42:a1:6e:e6:be:91:1a:99:d8:1a:92:43:28:
                    fe:42:49:75:1f:3b:ad:97:48:21:3c:c3:d0:3f:a0:
                    24:18:c3:42:56:a8:fc:1c:6f:fe:2d:82:d0:08:48:
                    f5:59:1e:52:1e:d2:be:0e:0d:4a:67:b0:c2:f5:4b:
                    12:2e:0e:66:71:d8:f0:b8:2f:a5:fd:2b:b1:9e:48:
                    f2:af:4e:a6:bb:17:70:ab:4d:d5:1e:8e:2d:cc:b4:
                    20:df:65:2d:7d:2f:28:f1:4e:67:c3:77:7e:e1:fd:
                    88:0d:d5:4e:1e:99:5e:e8:7d:bc:f8:99:84:65:b3:
                    ca:8d:b7:94:cf:b6:97:93:eb:7d:1a:82:97:8d:94:
                    25:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:A9:84:43:CE:D1:A3:2B:00:DD:82:2D:D4:38:C6:82:60:A7:46:6B
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS18041.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:500::/44

    Signature Algorithm: sha256WithRSAEncryption
         9e:86:6c:af:15:05:80:e1:41:55:23:97:60:c9:d6:ab:4f:e7:
         d3:de:cb:f8:44:4d:c6:ae:be:8e:a7:36:20:bf:9d:b6:19:db:
         d9:f4:11:2e:53:90:45:6a:93:e9:52:9b:31:62:ab:17:6f:18:
         0c:ee:6b:6b:46:d1:b4:fa:92:83:04:42:52:1e:16:90:54:d9:
         b6:7f:65:a5:6f:e2:15:4c:9d:20:83:bc:c6:90:74:2b:59:40:
         13:d4:5a:9f:96:66:69:98:6d:78:c5:cf:9f:03:76:96:0d:ac:
         cd:e9:60:8d:97:72:19:56:d0:0a:a7:1c:eb:bd:92:39:19:61:
         92:fb:d0:f6:62:2c:26:91:d4:c6:37:8d:b9:3d:2d:d4:5f:fb:
         8c:b6:bb:00:55:06:e8:9a:ad:00:de:28:86:0f:ac:1a:71:31:
         68:e5:d3:1f:ba:8f:da:e4:e5:56:a6:73:4b:6b:a2:00:85:95:
         a4:97:1f:54:cc:ee:53:56:bc:e4:98:d9:10:1b:79:49:83:3a:
         09:15:d2:2d:0c:72:ff:68:c2:cb:f0:9a:47:24:0e:5d:50:db:
         3e:d2:95:ac:54:0e:2c:f4:9a:b8:3e:6f:92:99:93:8d:ce:cd:
         95:a5:ac:49:13:21:b8:97:63:2b:06:45:5f:b9:3c:ac:6b:52:
         50:85:9b:e8
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUHxOFclMaGxuWHZXbXG1C/IoPGjMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTNaFw0yNzA2MDMxNTU4NTNaMDMxMTAvBgNV
BAMTKERGQTk4NDQzQ0VEMUEzMkIwMEREODIyREQ0MzhDNjgyNjBBNzQ2NkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWY2FKsrF88+RYd+uV3glCicE
ZC/x06egjduKI++xdRCc1XHYOlsAQFqbOS0X0QuAfLZ5HGjNCU4jTV786jqtGHjO
I4wwaXxtWuJrKtzsZIUe5AckW4NSjqZCwOw+6Mk0jf8GQN3+Io8j6AJouVlnE5At
2ZoJndNzQqFu5r6RGpnYGpJDKP5CSXUfO62XSCE8w9A/oCQYw0JWqPwcb/4tgtAI
SPVZHlIe0r4ODUpnsML1SxIuDmZx2PC4L6X9K7GeSPKvTqa7F3CrTdUeji3MtCDf
ZS19LyjxTmfDd37h/YgN1U4emV7ofbz4mYRls8qNt5TPtpeT630agpeNlCXFAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQU36mEQ87RoysA3YIt1DjGgmCnRmswHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTgwNDEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwQqBqAFBQAwDQYJKoZIhvcNAQELBQADggEBAJ6GbK8V
BYDhQVUjl2DJ1qtP59Pey/hETcauvo6nNiC/nbYZ29n0ES5TkEVqk+lSmzFiqxdv
GAzua2tG0bT6koMEQlIeFpBU2bZ/ZaVv4hVMnSCDvMaQdCtZQBPUWp+WZmmYbXjF
z58DdpYNrM3pYI2XchlW0AqnHOu9kjkZYZL70PZiLCaR1MY3jbk9LdRf+4y2uwBV
BuiarQDeKIYPrBpxMWjl0x+6j9rk5Vamc0trogCFlaSXH1TM7lNWvOSY2RAbeUmD
OgkV0i0Mcv9owsvwmkckDl1Q2z7SlaxUDiz0mrg+b5KZk43OzZWlrEkTIbiXYysG
RV+5PKxrUlCFm+g=
-----END CERTIFICATE-----