Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200227.roa
File:                     AS200227.roa (raw, json)
Hash identifier:          3TvsueL0wDScJ3ehp3XcGWyxCMDMF/7DikgP5DR98Jk=
Subject key identifier:   46:F2:2E:20:45:13:4B:28:9D:84:45:DD:3D:1D:12:E2:E3:22:75:63
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       6F5C033F061DC0DB5E608CA24A288C9359A8227A
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200227.roa
Signing time:             Thu 04 Jun 2026 15:58:50 +0000
ROA not before:           Thu 04 Jun 2026 15:53:50 +0000
ROA not after:            Thu 03 Jun 2027 15:58:50 +0000
asID:                     200227
IP address blocks:        2a06:a005:5a5::/48 maxlen: 48
                          2a06:a005:b64::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:5c:03:3f:06:1d:c0:db:5e:60:8c:a2:4a:28:8c:93:59:a8:22:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:50 2026 GMT
            Not After : Jun  3 15:58:50 2027 GMT
        Subject: CN=46F22E2045134B289D8445DD3D1D12E2E3227563
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:d6:6a:47:0f:1f:38:e3:06:c3:8a:d6:5e:71:
                    3e:78:bf:c8:83:3b:d9:53:fb:01:4e:fa:dd:75:0b:
                    1a:3a:4a:94:a4:93:8e:f6:bd:69:83:99:1b:b5:a2:
                    9c:01:81:52:13:5b:0b:1c:af:ab:17:42:6b:22:24:
                    b3:59:92:11:2d:08:d0:98:4a:65:78:f2:0c:3b:60:
                    7d:b3:19:aa:21:7d:09:1e:be:0c:dc:cc:5f:c2:a2:
                    6a:cf:12:84:2a:1a:54:3c:07:c7:71:37:7a:b3:2e:
                    6f:79:e6:93:da:87:14:b9:67:1e:b3:f3:dd:91:b9:
                    32:f2:b7:96:48:1c:d7:b2:70:88:43:2e:cc:e3:37:
                    13:22:f1:86:36:02:7f:74:6a:3e:f5:9d:01:ea:4b:
                    75:b8:aa:b3:42:e7:44:3c:85:c1:17:f1:88:aa:dc:
                    64:67:6b:51:32:e0:33:54:ea:bc:43:df:71:fb:00:
                    f0:fa:c8:54:60:c7:c7:08:de:eb:c8:ee:2a:11:d8:
                    e9:70:3f:f6:be:c2:4e:f2:a7:d3:6f:e9:7d:9d:4f:
                    3e:08:06:14:0b:f0:19:0b:87:f2:07:fa:41:b8:43:
                    33:d5:ba:84:d5:c7:ef:b9:5c:1a:84:1e:46:bc:0d:
                    41:9d:8d:02:df:85:4a:9d:57:31:44:df:92:4c:76:
                    bf:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:F2:2E:20:45:13:4B:28:9D:84:45:DD:3D:1D:12:E2:E3:22:75:63
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200227.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5a5::/48
                  2a06:a005:b64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:33:c2:66:68:1c:1f:6f:e0:bc:f7:b9:3d:48:0f:de:d5:61:
         ee:db:51:f7:0d:f9:f0:55:c3:40:71:8b:8a:c1:ba:e2:81:f6:
         b7:bb:42:67:21:bc:d7:7a:00:36:8a:c3:29:08:29:60:06:90:
         af:32:9c:ff:ec:bf:b6:07:c9:d4:59:92:08:41:29:ed:9d:c2:
         9a:32:12:07:91:ae:7c:18:10:21:9e:a6:07:44:65:f5:88:28:
         b8:5d:c0:0f:71:8d:eb:f5:00:99:0a:33:d4:a8:fe:9c:71:74:
         c8:59:1a:35:e6:06:70:61:fa:cc:47:2f:d0:e2:7c:5d:c7:39:
         e5:b8:41:ac:2a:12:70:9e:d4:bb:72:94:19:7e:0a:2d:34:63:
         f4:a4:8e:95:c0:ac:11:02:90:47:94:3a:2a:28:32:a1:d7:7e:
         55:44:ae:70:a0:34:8e:6e:10:99:35:65:0e:78:e6:38:aa:15:
         ad:fe:96:94:79:91:8b:b9:2b:d9:48:d3:31:f9:ab:23:aa:c9:
         d5:00:f9:4c:bf:de:8f:e0:8f:ee:aa:95:89:d4:89:62:0e:6c:
         47:27:b8:89:34:e0:ef:bd:5e:4c:0c:1d:b4:1a:3a:c0:ac:e2:
         e0:f4:8c:7b:55:bb:02:45:e0:d8:b7:b6:cf:88:46:3b:cb:64:
         dd:34:4e:86
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUb1wDPwYdwNteYIyiSiiMk1moInowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTBaFw0yNzA2MDMxNTU4NTBaMDMxMTAvBgNV
BAMTKDQ2RjIyRTIwNDUxMzRCMjg5RDg0NDVERDNEMUQxMkUyRTMyMjc1NjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi1mpHDx844wbDitZecT54v8iD
O9lT+wFO+t11Cxo6SpSkk472vWmDmRu1opwBgVITWwscr6sXQmsiJLNZkhEtCNCY
SmV48gw7YH2zGaohfQkevgzczF/ComrPEoQqGlQ8B8dxN3qzLm955pPahxS5Zx6z
892RuTLyt5ZIHNeycIhDLszjNxMi8YY2An90aj71nQHqS3W4qrNC50Q8hcEX8Yiq
3GRna1Ey4DNU6rxD33H7APD6yFRgx8cI3uvI7ioR2OlwP/a+wk7yp9Nv6X2dTz4I
BhQL8BkLh/IH+kG4QzPVuoTVx++5XBqEHka8DUGdjQLfhUqdVzFE35JMdr/pAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQURvIuIEUTSyidhEXdPR0S4uMidWMwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAwMjI3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQWlAwcAKgagBQtkMA0GCSqGSIb3DQEBCwUA
A4IBAQAbM8JmaBwfb+C897k9SA/e1WHu21H3DfnwVcNAcYuKwbrigfa3u0JnIbzX
egA2isMpCClgBpCvMpz/7L+2B8nUWZIIQSntncKaMhIHka58GBAhnqYHRGX1iCi4
XcAPcY3r9QCZCjPUqP6ccXTIWRo15gZwYfrMRy/Q4nxdxznluEGsKhJwntS7cpQZ
fgotNGP0pI6VwKwRApBHlDoqKDKh135VRK5woDSObhCZNWUOeOY4qhWt/paUeZGL
uSvZSNMx+asjqsnVAPlMv96P4I/uqpWJ1IliDmxHJ7iJNODvvV5MDB20GjrArOLg
9Ix7VbsCReDYt7bPiEY7y2TdNE6G
-----END CERTIFICATE-----