Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202002.roa
File:                     AS202002.roa (raw, json)
Hash identifier:          eE37mvwOH07ahT0l95E82Wvippkzlxf22OFf+UP+Ick=
Subject key identifier:   A9:93:9F:CB:64:E0:EF:75:3B:1C:84:30:A8:A8:83:7F:76:4B:16:B4
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       534C876217CF224AD380C582A6BB9EAABF5FD786
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202002.roa
Signing time:             Thu 04 Jun 2026 15:58:48 +0000
ROA not before:           Thu 04 Jun 2026 15:53:48 +0000
ROA not after:            Thu 03 Jun 2027 15:58:48 +0000
asID:                     202002
IP address blocks:        2a06:a005:cf0::/44 maxlen: 48
                          2a06:a005:2d20::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:4c:87:62:17:cf:22:4a:d3:80:c5:82:a6:bb:9e:aa:bf:5f:d7:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:48 2026 GMT
            Not After : Jun  3 15:58:48 2027 GMT
        Subject: CN=A9939FCB64E0EF753B1C8430A8A8837F764B16B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d7:a2:36:fb:ac:45:ba:16:4f:1b:50:f5:1c:
                    f9:5e:4a:d6:8f:d6:84:99:d7:b3:5a:ff:6a:93:0a:
                    16:fd:ae:84:23:7e:1e:a5:6b:32:00:df:02:b4:d4:
                    5a:41:ea:64:74:2f:ce:80:62:d5:41:7a:52:c9:5b:
                    87:7b:1c:57:9c:25:c2:a3:13:d6:dc:cf:3a:49:15:
                    9f:8d:91:ca:00:c0:30:a0:be:9e:3e:8e:66:92:e0:
                    80:f1:0b:20:cc:ff:7d:17:d4:b3:e8:f1:f0:54:61:
                    e1:63:22:aa:79:c5:3c:69:91:6f:1f:01:8e:dc:03:
                    cc:c8:bf:c0:1c:35:2e:95:29:03:87:75:1d:ab:84:
                    90:79:9e:4d:2c:74:4c:44:84:37:96:a0:a1:15:02:
                    22:58:55:c2:4a:43:3f:e2:ed:84:19:71:e0:8e:11:
                    99:dd:69:24:f7:10:88:7a:3b:ca:b4:a4:0e:f3:1a:
                    35:cf:d3:9d:ad:72:a1:4d:d9:16:76:3c:58:76:e6:
                    d3:52:9e:e9:5b:8f:82:7e:54:c3:31:d8:04:08:09:
                    8e:50:a5:a8:7b:a7:18:67:e3:ee:65:73:a4:e1:ef:
                    0f:cf:25:76:d5:4f:98:5c:61:dd:37:a1:bf:46:1a:
                    da:6c:25:1f:d0:9c:d2:f8:a7:2a:d6:c4:ae:ab:fb:
                    33:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:93:9F:CB:64:E0:EF:75:3B:1C:84:30:A8:A8:83:7F:76:4B:16:B4
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202002.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:cf0::/44
                  2a06:a005:2d20::/44

    Signature Algorithm: sha256WithRSAEncryption
         8b:4b:94:06:cd:96:d3:fd:55:12:49:18:38:c0:e5:0b:b6:38:
         a8:d4:3c:de:e1:08:2e:13:d6:52:57:34:3c:88:c7:f0:b4:9d:
         ad:84:50:c6:50:8b:20:67:65:fc:8d:b3:bf:11:bb:4c:55:95:
         9a:21:88:00:14:14:0d:2a:71:14:80:04:d7:b3:e6:9d:ed:56:
         4e:02:10:2d:f6:38:27:c3:01:4a:35:44:91:cf:1a:29:5d:b1:
         c6:73:ce:eb:67:95:cf:e5:4c:f4:bc:bf:1d:bc:49:a0:b3:89:
         7d:f8:83:86:68:32:58:96:d6:49:a9:ff:35:6b:c8:c0:b7:fb:
         3d:0c:e7:52:91:0d:c9:63:8a:29:97:df:90:8b:ea:3a:ae:47:
         6d:80:cc:48:4f:02:d4:ef:73:3e:8e:0c:5d:a0:e3:ac:b2:ea:
         96:97:db:09:8f:fb:d0:46:3e:06:b7:b2:12:55:d7:cc:d1:9f:
         61:51:19:73:d4:e0:eb:ed:9c:d9:7a:e7:8a:05:ec:88:36:d9:
         6b:06:18:70:79:c7:a0:ab:e8:f0:57:37:ec:ef:23:d3:d4:29:
         1f:91:d3:07:f4:04:e0:af:7f:58:e2:42:ec:9a:77:04:a6:6d:
         4e:57:58:3d:8e:88:65:fc:fa:0f:39:39:41:43:97:48:fa:6f:
         53:c6:25:44
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUU0yHYhfPIkrTgMWCprueqr9f14YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDhaFw0yNzA2MDMxNTU4NDhaMDMxMTAvBgNV
BAMTKEE5OTM5RkNCNjRFMEVGNzUzQjFDODQzMEE4QTg4MzdGNzY0QjE2QjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN16I2+6xFuhZPG1D1HPleStaP
1oSZ17Na/2qTChb9roQjfh6lazIA3wK01FpB6mR0L86AYtVBelLJW4d7HFecJcKj
E9bczzpJFZ+NkcoAwDCgvp4+jmaS4IDxCyDM/30X1LPo8fBUYeFjIqp5xTxpkW8f
AY7cA8zIv8AcNS6VKQOHdR2rhJB5nk0sdExEhDeWoKEVAiJYVcJKQz/i7YQZceCO
EZndaST3EIh6O8q0pA7zGjXP052tcqFN2RZ2PFh25tNSnulbj4J+VMMx2AQICY5Q
pah7pxhn4+5lc6Th7w/PJXbVT5hcYd03ob9GGtpsJR/QnNL4pyrWxK6r+zNpAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUqZOfy2Tg73U7HIQwqKiDf3ZLFrQwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAyMDAyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcEKgagBQzwAwcEKgagBS0gMA0GCSqGSIb3DQEBCwUA
A4IBAQCLS5QGzZbT/VUSSRg4wOULtjio1Dze4QguE9ZSVzQ8iMfwtJ2thFDGUIsg
Z2X8jbO/EbtMVZWaIYgAFBQNKnEUgATXs+ad7VZOAhAt9jgnwwFKNUSRzxopXbHG
c87rZ5XP5Uz0vL8dvEmgs4l9+IOGaDJYltZJqf81a8jAt/s9DOdSkQ3JY4opl9+Q
i+o6rkdtgMxITwLU73M+jgxdoOOssuqWl9sJj/vQRj4Gt7ISVdfM0Z9hURlz1ODr
7ZzZeueKBeyINtlrBhhwecegq+jwVzfs7yPT1CkfkdMH9ATgr39Y4kLsmncEpm1O
V1g9johl/PoPOTlBQ5dI+m9TxiVE
-----END CERTIFICATE-----