Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200890.roa
File:                     AS200890.roa (raw, json)
Hash identifier:          gwxx0qxfNVFWBsf+kvwq6OuwB0rY6IbYnflMMH/9YZE=
Subject key identifier:   86:6D:38:14:5F:60:23:37:A6:A7:91:7F:29:BD:53:07:D4:3F:78:78
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       65CC3E88B38525C118D87DFE92834E72E6DFADBC
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200890.roa
Signing time:             Thu 04 Jun 2026 15:58:52 +0000
ROA not before:           Thu 04 Jun 2026 15:53:52 +0000
ROA not after:            Thu 03 Jun 2027 15:58:52 +0000
asID:                     200890
IP address blocks:        2a06:a005:1b60::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:cc:3e:88:b3:85:25:c1:18:d8:7d:fe:92:83:4e:72:e6:df:ad:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:52 2026 GMT
            Not After : Jun  3 15:58:52 2027 GMT
        Subject: CN=866D38145F602337A6A7917F29BD5307D43F7878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b8:40:1a:a1:4d:8e:a9:ce:ee:9f:16:c8:be:
                    d1:1c:3d:24:2c:a3:a0:a2:d2:cd:a5:7e:aa:fe:4d:
                    b3:9e:3f:a1:04:b6:7e:53:01:f1:73:95:f4:ee:c6:
                    3c:62:b8:d8:14:25:b2:8c:dd:07:73:9d:03:4f:04:
                    79:c2:ab:ba:68:a1:c2:8a:5c:44:16:3d:b9:c3:67:
                    19:91:e8:81:46:ca:9b:cc:d9:f9:6a:72:ad:b0:a2:
                    61:f9:2c:a8:ec:d8:bc:77:ce:9b:24:c1:6f:31:2f:
                    30:59:8b:8d:07:97:e0:34:53:e5:48:11:78:5b:be:
                    23:fe:f8:9a:35:04:3e:76:c7:3f:e3:0b:d6:d9:9d:
                    6b:96:9e:51:ec:5f:04:38:d4:29:ff:28:d5:a0:ec:
                    54:85:c4:6a:69:8e:1a:cc:7b:89:fe:a7:fb:99:48:
                    b6:e8:28:92:f0:df:db:dd:05:db:36:c7:1e:44:78:
                    2b:8d:17:d7:b0:5f:55:78:01:b1:b6:3f:41:31:38:
                    03:88:64:61:37:de:2a:49:00:87:1f:56:a9:ad:fc:
                    88:b7:97:6b:d9:a4:06:f7:ac:19:e1:a1:83:bc:ab:
                    80:36:1f:27:9b:9c:78:11:e0:d1:f7:a4:aa:55:cc:
                    cb:ed:94:5f:df:30:a1:76:6e:6a:de:e5:f3:79:df:
                    00:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:6D:38:14:5F:60:23:37:A6:A7:91:7F:29:BD:53:07:D4:3F:78:78
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200890.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1b60::/44

    Signature Algorithm: sha256WithRSAEncryption
         17:65:78:c0:af:a7:85:18:35:f2:cf:6f:40:89:62:d2:74:4b:
         23:d0:68:d6:09:f8:03:2b:1a:f8:af:6c:a3:c1:d9:e0:bb:a8:
         ca:00:43:13:62:c7:04:cb:3a:08:91:ca:6f:5e:d3:48:d4:69:
         5c:d3:e2:fc:1e:f4:09:58:13:33:a1:85:db:8d:e3:91:15:77:
         9e:c2:3c:05:51:78:cf:cf:86:65:b3:f1:28:1b:87:56:2b:7e:
         df:44:d2:41:d4:13:b9:11:2c:5b:89:fe:0a:eb:b8:0c:f8:da:
         d5:80:3f:c7:07:e4:01:2d:4c:4e:d4:e8:d3:4d:40:4d:1e:96:
         6e:c9:ff:81:76:1a:d8:f0:93:ba:d6:fd:07:97:db:55:50:fc:
         53:7c:ac:fc:12:e3:15:dd:bd:ae:f7:f3:30:7d:2a:64:53:63:
         d9:f5:03:d7:d2:13:f7:d2:98:0d:f8:8f:da:ac:8c:d3:f7:51:
         77:5c:cc:cf:cc:24:12:af:09:33:59:64:94:e0:9b:bd:6e:5a:
         c3:53:8a:6c:78:5a:0b:5c:36:7f:f5:16:bf:d5:c9:89:11:50:
         43:ac:45:fa:fc:c2:11:d6:c9:15:5a:78:eb:cf:ae:98:a1:67:
         d7:13:f5:9f:d1:34:b3:50:84:44:f0:d0:2a:39:ef:29:6b:eb:
         98:7e:c2:a0
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUZcw+iLOFJcEY2H3+koNOcubfrbwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTJaFw0yNzA2MDMxNTU4NTJaMDMxMTAvBgNV
BAMTKDg2NkQzODE0NUY2MDIzMzdBNkE3OTE3RjI5QkQ1MzA3RDQzRjc4NzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFuEAaoU2Oqc7unxbIvtEcPSQs
o6Ci0s2lfqr+TbOeP6EEtn5TAfFzlfTuxjxiuNgUJbKM3QdznQNPBHnCq7poocKK
XEQWPbnDZxmR6IFGypvM2flqcq2womH5LKjs2Lx3zpskwW8xLzBZi40Hl+A0U+VI
EXhbviP++Jo1BD52xz/jC9bZnWuWnlHsXwQ41Cn/KNWg7FSFxGppjhrMe4n+p/uZ
SLboKJLw39vdBds2xx5EeCuNF9ewX1V4AbG2P0ExOAOIZGE33ipJAIcfVqmt/Ii3
l2vZpAb3rBnhoYO8q4A2HyebnHgR4NH3pKpVzMvtlF/fMKF2bmre5fN53wCbAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUhm04FF9gIzemp5F/Kb1TB9Q/eHgwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAwODkwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRtgMA0GCSqGSIb3DQEBCwUAA4IBAQAXZXjA
r6eFGDXyz29AiWLSdEsj0GjWCfgDKxr4r2yjwdngu6jKAEMTYscEyzoIkcpvXtNI
1Glc0+L8HvQJWBMzoYXbjeORFXeewjwFUXjPz4Zls/EoG4dWK37fRNJB1BO5ESxb
if4K67gM+NrVgD/HB+QBLUxO1OjTTUBNHpZuyf+BdhrY8JO61v0Hl9tVUPxTfKz8
EuMV3b2u9/MwfSpkU2PZ9QPX0hP30pgN+I/arIzT91F3XMzPzCQSrwkzWWSU4Ju9
blrDU4pseFoLXDZ/9Ra/1cmJEVBDrEX6/MIR1skVWnjrz66YoWfXE/Wf0TSzUIRE
8NAqOe8pa+uYfsKg
-----END CERTIFICATE-----