Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200455.roa
File:                     AS200455.roa (raw, json)
Hash identifier:          3dQ8MfLK3RbZRFjZZMETZZPLDMVHIzAKQXoAXeMHJoM=
Subject key identifier:   D3:C3:4F:5F:D0:0E:04:37:98:D0:1C:69:0F:D4:5F:6B:2D:AB:CD:32
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       1CAA6A43A813310B6A4FC9B6856DA67F07E59C4B
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200455.roa
Signing time:             Thu 04 Jun 2026 15:58:47 +0000
ROA not before:           Thu 04 Jun 2026 15:53:47 +0000
ROA not after:            Thu 03 Jun 2027 15:58:47 +0000
asID:                     200455
IP address blocks:        2a06:a005:2b80::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:aa:6a:43:a8:13:31:0b:6a:4f:c9:b6:85:6d:a6:7f:07:e5:9c:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:47 2026 GMT
            Not After : Jun  3 15:58:47 2027 GMT
        Subject: CN=D3C34F5FD00E043798D01C690FD45F6B2DABCD32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4b:4e:41:fd:3a:f9:8f:d4:aa:81:9b:de:a7:
                    45:8d:85:43:c8:d7:10:b0:ec:b6:53:54:c0:f5:30:
                    26:61:b9:44:cb:97:24:f1:db:66:60:87:96:92:d4:
                    13:f0:7a:0a:1b:58:b2:02:d4:91:f7:0c:30:6f:59:
                    8c:32:8d:dc:e7:cd:26:60:f5:42:07:4f:1f:ff:74:
                    b6:2d:d3:f9:a3:fd:6d:a4:90:8f:03:0e:8e:e4:b2:
                    1d:5b:24:df:e7:fa:3b:66:92:a6:3f:db:d0:20:94:
                    9d:02:02:20:14:fb:27:d8:7b:a1:f2:9a:1e:e8:a5:
                    50:7b:01:bc:b2:a7:3c:3a:1d:69:85:d1:ef:c3:5a:
                    9c:57:cf:48:87:6d:52:69:f0:28:7d:97:e5:df:88:
                    cd:15:b8:23:a6:49:89:14:c7:63:91:15:15:18:75:
                    86:5c:e4:85:00:25:d3:71:c3:cc:25:aa:b2:4a:e6:
                    ea:c5:a1:03:73:33:dc:f8:66:dd:fd:61:33:8b:da:
                    9e:20:b9:a7:65:73:c4:26:5d:8a:c7:13:6a:e8:67:
                    73:0b:8e:2b:47:d7:f0:17:f5:9a:20:4a:91:c8:9f:
                    91:f7:e5:96:2a:93:78:0a:51:60:f7:71:a0:2e:c8:
                    bc:cd:df:96:f1:3a:2c:a4:f2:c7:7b:3f:de:b5:57:
                    53:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:C3:4F:5F:D0:0E:04:37:98:D0:1C:69:0F:D4:5F:6B:2D:AB:CD:32
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200455.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2b80::/44

    Signature Algorithm: sha256WithRSAEncryption
         78:2a:66:a4:3c:68:3e:fa:b0:0a:18:21:d3:e8:fa:c7:67:c4:
         88:ee:2e:f6:d6:73:41:31:89:95:dc:26:63:76:fd:2e:61:f0:
         b6:31:2d:87:5b:6d:a3:f3:68:45:d9:d7:f5:66:93:00:e7:5e:
         88:5d:49:d6:24:4c:bd:b9:ed:45:0b:fb:f0:72:b3:a0:30:33:
         41:e7:3e:ba:52:16:0e:f7:ac:b6:89:48:d7:a6:3f:e5:5e:d1:
         83:7d:08:61:20:20:3c:56:03:cd:1c:c6:ce:a1:43:86:36:01:
         92:b6:8a:e4:f2:93:97:3e:b6:95:38:9a:b5:2f:28:48:f5:a4:
         81:2f:ea:b0:9e:ef:bc:f2:47:bb:93:30:3f:80:25:93:c1:bc:
         ec:93:c3:7b:4f:1c:9a:9d:da:08:c5:1c:02:38:04:ff:42:e7:
         b8:7c:a5:13:d4:3c:9b:4a:c0:bb:e8:f4:af:2e:74:8f:de:d0:
         60:df:f0:02:e6:58:eb:bc:75:5f:aa:63:b1:3b:59:e9:b5:a2:
         7f:be:b7:df:2e:0b:b4:c5:86:6b:5b:c1:f5:79:22:7b:50:7e:
         53:6e:f1:47:59:eb:9a:50:c9:3f:db:ec:d5:37:75:23:a8:d7:
         9e:07:b2:f5:3d:54:00:bc:7e:4c:41:90:71:b9:a3:f7:48:8e:
         54:03:6f:8b
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUHKpqQ6gTMQtqT8m2hW2mfwflnEswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDdaFw0yNzA2MDMxNTU4NDdaMDMxMTAvBgNV
BAMTKEQzQzM0RjVGRDAwRTA0Mzc5OEQwMUM2OTBGRDQ1RjZCMkRBQkNEMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0S05B/Tr5j9SqgZvep0WNhUPI
1xCw7LZTVMD1MCZhuUTLlyTx22Zgh5aS1BPwegobWLIC1JH3DDBvWYwyjdznzSZg
9UIHTx//dLYt0/mj/W2kkI8DDo7ksh1bJN/n+jtmkqY/29AglJ0CAiAU+yfYe6Hy
mh7opVB7Abyypzw6HWmF0e/DWpxXz0iHbVJp8Ch9l+XfiM0VuCOmSYkUx2ORFRUY
dYZc5IUAJdNxw8wlqrJK5urFoQNzM9z4Zt39YTOL2p4guadlc8QmXYrHE2roZ3ML
jitH1/AX9ZogSpHIn5H35ZYqk3gKUWD3caAuyLzN35bxOiyk8sd7P961V1ORAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU08NPX9AOBDeY0BxpD9Rfay2rzTIwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAwNDU1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSuAMA0GCSqGSIb3DQEBCwUAA4IBAQB4Kmak
PGg++rAKGCHT6PrHZ8SI7i721nNBMYmV3CZjdv0uYfC2MS2HW22j82hF2df1ZpMA
516IXUnWJEy9ue1FC/vwcrOgMDNB5z66UhYO96y2iUjXpj/lXtGDfQhhICA8VgPN
HMbOoUOGNgGStork8pOXPraVOJq1LyhI9aSBL+qwnu+88ke7kzA/gCWTwbzsk8N7
TxyandoIxRwCOAT/Que4fKUT1DybSsC76PSvLnSP3tBg3/AC5ljrvHVfqmOxO1np
taJ/vrffLgu0xYZrW8H1eSJ7UH5TbvFHWeuaUMk/2+zVN3UjqNeeB7L1PVQAvH5M
QZBxuaP3SI5UA2+L
-----END CERTIFICATE-----