Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202222.roa
File:                     AS202222.roa (raw, json)
Hash identifier:          Th+GXX55wneilKnL6Oo9Tp5WDGxYNJwJBMuwrDDwVVU=
Subject key identifier:   5E:26:3A:E1:DA:D8:E4:37:E1:F9:2A:09:93:54:37:86:C3:BC:12:C9
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       1A9C8886010D8BD5D0AE6EDF6B04308AB357127D
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202222.roa
Signing time:             Thu 04 Jun 2026 15:58:48 +0000
ROA not before:           Thu 04 Jun 2026 15:53:48 +0000
ROA not after:            Thu 03 Jun 2027 15:58:48 +0000
asID:                     202222
IP address blocks:        2a06:a005:d2c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:9c:88:86:01:0d:8b:d5:d0:ae:6e:df:6b:04:30:8a:b3:57:12:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:48 2026 GMT
            Not After : Jun  3 15:58:48 2027 GMT
        Subject: CN=5E263AE1DAD8E437E1F92A0993543786C3BC12C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:90:a3:ce:62:79:26:f9:98:e8:a0:4b:aa:99:
                    c0:bc:11:9d:11:d8:08:21:cb:9e:52:b4:98:82:ac:
                    13:4f:26:da:b4:0f:78:dd:af:b5:9c:eb:d6:9e:2b:
                    5c:e8:7c:03:91:ac:bb:05:43:40:45:93:2d:48:7d:
                    db:2e:5a:be:b9:d8:eb:87:db:c5:76:76:a4:35:e8:
                    db:c9:83:a1:f7:f7:99:a5:34:20:6e:6c:22:27:ff:
                    25:c4:9e:0f:c2:bd:f7:8c:eb:84:f0:e7:ff:d6:68:
                    54:71:94:89:4f:ce:b7:47:c1:62:3d:95:de:02:cc:
                    62:1d:24:42:24:95:99:42:d3:e6:6b:c9:8b:88:cf:
                    a2:64:0d:76:f6:14:05:b0:0d:73:01:18:3c:6c:34:
                    7f:f7:1e:6a:8a:8c:ae:4c:bc:9c:20:7a:5a:c4:aa:
                    aa:66:5f:68:3b:49:a9:df:a6:28:2e:d9:17:fb:62:
                    e6:0b:3c:bd:54:1e:a4:a0:7e:9a:0c:7e:7c:58:1a:
                    51:6e:76:91:9f:47:98:f3:30:63:60:55:42:ec:28:
                    df:86:9a:75:8c:13:a8:7c:c7:e4:7e:3b:39:df:70:
                    c2:56:cf:86:b2:26:70:b7:d8:d0:68:b7:d2:80:ec:
                    32:9a:f0:1d:71:38:88:5b:fb:db:81:90:32:27:b2:
                    83:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:26:3A:E1:DA:D8:E4:37:E1:F9:2A:09:93:54:37:86:C3:BC:12:C9
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202222.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:d2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:2f:98:da:1c:56:a4:b2:db:10:39:f0:63:66:cf:14:3f:d7:
         88:6d:1a:44:d1:28:c3:5e:65:83:e2:f6:22:05:aa:14:0b:60:
         b9:c1:1e:22:d7:23:93:c4:04:ad:99:09:06:37:4b:a5:52:09:
         04:85:8f:25:7f:93:26:45:a2:13:ed:64:ef:2e:2b:99:ad:fd:
         77:a5:d3:e4:e7:d5:1d:0a:0e:84:15:91:20:93:67:7c:31:9e:
         f0:0d:e8:26:e6:8f:3d:04:22:bc:e5:fd:9f:c0:05:07:c0:2f:
         dc:78:02:be:3d:e2:ee:45:a7:fe:56:de:8c:59:01:5c:aa:ac:
         5f:ba:b1:ff:73:33:39:94:b3:77:42:ff:4c:53:d6:60:eb:03:
         9b:f1:31:83:eb:1e:a8:68:2d:df:29:7c:b1:a3:38:47:f6:91:
         3f:f7:04:69:38:4d:f5:a6:c8:2e:29:e2:34:bf:dc:c5:54:b0:
         3a:bf:5b:dd:ab:4a:58:bf:9e:61:2f:d7:67:18:33:91:5f:a0:
         70:f3:bb:d6:03:ab:42:02:9f:53:3b:d8:77:91:d0:e8:5c:d0:
         45:84:21:10:2e:42:cd:25:ee:90:42:15:56:8a:7b:0d:c5:8f:
         41:c8:a0:68:9a:d1:59:9e:d9:db:e3:c6:77:39:54:09:ac:a3:
         e9:52:97:26
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUGpyIhgENi9XQrm7fawQwirNXEn0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDhaFw0yNzA2MDMxNTU4NDhaMDMxMTAvBgNV
BAMTKDVFMjYzQUUxREFEOEU0MzdFMUY5MkEwOTkzNTQzNzg2QzNCQzEyQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPkKPOYnkm+ZjooEuqmcC8EZ0R
2Aghy55StJiCrBNPJtq0D3jdr7Wc69aeK1zofAORrLsFQ0BFky1IfdsuWr652OuH
28V2dqQ16NvJg6H395mlNCBubCIn/yXEng/CvfeM64Tw5//WaFRxlIlPzrdHwWI9
ld4CzGIdJEIklZlC0+ZryYuIz6JkDXb2FAWwDXMBGDxsNH/3HmqKjK5MvJwgelrE
qqpmX2g7Sanfpigu2Rf7YuYLPL1UHqSgfpoMfnxYGlFudpGfR5jzMGNgVULsKN+G
mnWME6h8x+R+OznfcMJWz4ayJnC32NBot9KA7DKa8B1xOIhb+9uBkDInsoOtAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUXiY64drY5Dfh+SoJk1Q3hsO8EskwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAyMjIyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQ0sMA0GCSqGSIb3DQEBCwUAA4IBAQBoL5ja
HFakstsQOfBjZs8UP9eIbRpE0SjDXmWD4vYiBaoUC2C5wR4i1yOTxAStmQkGN0ul
UgkEhY8lf5MmRaIT7WTvLiuZrf13pdPk59UdCg6EFZEgk2d8MZ7wDegm5o89BCK8
5f2fwAUHwC/ceAK+PeLuRaf+Vt6MWQFcqqxfurH/czM5lLN3Qv9MU9Zg6wOb8TGD
6x6oaC3fKXyxozhH9pE/9wRpOE31psguKeI0v9zFVLA6v1vdq0pYv55hL9dnGDOR
X6Bw87vWA6tCAp9TO9h3kdDoXNBFhCEQLkLNJe6QQhVWinsNxY9ByKBomtFZntnb
48Z3OVQJrKPpUpcm
-----END CERTIFICATE-----