Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202427.roa
File:                     AS202427.roa (raw, json)
Hash identifier:          A/92NrTnBjRlXQc+kzSBelaEodAyCSCssnLj+NZDHUA=
Subject key identifier:   09:66:11:C6:FD:97:89:4D:8A:4F:EC:43:03:BD:5D:1B:3B:F1:08:57
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       4FABF07076F338980E5A6133F916B62AD34371E4
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202427.roa
Signing time:             Thu 04 Jun 2026 15:58:48 +0000
ROA not before:           Thu 04 Jun 2026 15:53:48 +0000
ROA not after:            Thu 03 Jun 2027 15:58:48 +0000
asID:                     202427
IP address blocks:        2a06:a005:28e0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:ab:f0:70:76:f3:38:98:0e:5a:61:33:f9:16:b6:2a:d3:43:71:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:48 2026 GMT
            Not After : Jun  3 15:58:48 2027 GMT
        Subject: CN=096611C6FD97894D8A4FEC4303BD5D1B3BF10857
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:df:67:b6:05:ec:76:0c:94:01:72:4b:41:4d:
                    55:ce:42:c6:a4:dc:60:8b:a6:85:69:e9:45:db:f2:
                    42:1f:3f:0b:01:8d:50:77:07:2d:af:36:18:a0:2f:
                    09:76:14:a0:b9:ee:c3:40:0c:22:b8:e2:d3:b6:ec:
                    a8:93:5f:8e:4a:80:68:d8:52:b2:df:1f:80:f0:52:
                    77:f0:97:c3:5d:e6:e8:3d:78:f0:ec:0e:a7:80:b7:
                    ad:ec:5b:71:21:d2:de:a3:7d:5e:0b:9a:8b:90:12:
                    05:32:64:60:f9:82:77:ee:02:46:17:ed:0d:8b:ae:
                    58:14:38:9c:dd:71:f3:52:ab:8b:65:a6:05:ee:c0:
                    63:26:cf:41:8a:18:a8:25:36:e9:a1:b2:22:b1:ab:
                    d1:31:3a:6f:23:c9:22:9d:a5:f4:96:57:00:46:64:
                    09:23:ac:5a:3d:cb:e3:91:64:e7:6e:89:f1:e4:fd:
                    b0:22:fa:4d:fa:eb:98:88:20:9b:e6:89:6b:10:83:
                    0d:ad:37:3d:38:81:70:a6:25:d3:54:ff:8f:55:6c:
                    73:87:77:0d:76:84:ac:e6:9d:81:37:17:bd:f0:dd:
                    25:a3:a5:ba:b3:b9:5b:ff:3e:17:27:7b:db:8b:59:
                    45:84:de:2c:8d:be:f8:28:8f:cd:d4:de:ae:cf:09:
                    2e:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:66:11:C6:FD:97:89:4D:8A:4F:EC:43:03:BD:5D:1B:3B:F1:08:57
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:28e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         2e:69:6b:0c:d6:2d:0c:a9:2b:a1:7f:73:cf:5a:d3:f4:e0:90:
         5b:4f:46:f7:1f:ac:1d:74:ab:83:6f:52:fc:53:64:4e:bc:7c:
         1b:cd:e8:80:a2:fb:e5:6c:21:b9:52:40:2e:75:77:fd:1e:ad:
         ce:fe:d1:73:3d:93:b4:8f:04:ff:59:3e:be:90:e6:e1:7e:71:
         73:57:58:2f:cb:71:96:38:18:75:12:d9:b4:6b:4b:ad:b9:18:
         0f:60:8a:9a:ef:8d:62:45:da:1b:b5:fa:0e:63:a4:0a:95:b6:
         a4:01:b8:ed:d3:ea:46:79:a8:a5:8b:aa:46:7e:bb:a8:2f:d9:
         d9:d4:77:e8:90:70:52:d4:f9:1b:75:58:3e:76:59:5a:14:6a:
         fb:63:60:aa:81:47:00:38:a6:d1:db:51:c7:c3:76:2a:34:10:
         cf:4a:e6:e5:46:bc:58:e6:44:69:19:6e:a8:b6:a4:03:a6:6b:
         63:99:88:ca:70:94:93:dc:97:1f:5c:3d:2e:04:eb:37:57:43:
         a1:d5:0a:7a:5a:4f:8d:e1:14:2f:fa:04:49:1a:8d:8b:e6:9c:
         d4:2c:88:7d:89:4b:dd:b0:a0:0a:2d:c7:4f:48:ad:4f:ae:28:
         81:f3:96:45:4b:03:bb:4c:df:48:80:27:1e:90:bd:db:c9:51:
         49:53:6c:ca
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUT6vwcHbzOJgOWmEz+Ra2KtNDceQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDhaFw0yNzA2MDMxNTU4NDhaMDMxMTAvBgNV
BAMTKDA5NjYxMUM2RkQ5Nzg5NEQ4QTRGRUM0MzAzQkQ1RDFCM0JGMTA4NTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ32e2Bex2DJQBcktBTVXOQsak
3GCLpoVp6UXb8kIfPwsBjVB3By2vNhigLwl2FKC57sNADCK44tO27KiTX45KgGjY
UrLfH4DwUnfwl8Nd5ug9ePDsDqeAt63sW3Eh0t6jfV4LmouQEgUyZGD5gnfuAkYX
7Q2LrlgUOJzdcfNSq4tlpgXuwGMmz0GKGKglNumhsiKxq9ExOm8jySKdpfSWVwBG
ZAkjrFo9y+ORZOduifHk/bAi+k3665iIIJvmiWsQgw2tNz04gXCmJdNU/49VbHOH
dw12hKzmnYE3F73w3SWjpbqzuVv/Phcne9uLWUWE3iyNvvgoj83U3q7PCS6DAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUCWYRxv2XiU2KT+xDA71dGzvxCFcwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAyNDI3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSjgMA0GCSqGSIb3DQEBCwUAA4IBAQAuaWsM
1i0MqSuhf3PPWtP04JBbT0b3H6wddKuDb1L8U2ROvHwbzeiAovvlbCG5UkAudXf9
Hq3O/tFzPZO0jwT/WT6+kObhfnFzV1gvy3GWOBh1Etm0a0utuRgPYIqa741iRdob
tfoOY6QKlbakAbjt0+pGeaili6pGfruoL9nZ1HfokHBS1PkbdVg+dllaFGr7Y2Cq
gUcAOKbR21HHw3YqNBDPSublRrxY5kRpGW6otqQDpmtjmYjKcJST3JcfXD0uBOs3
V0Oh1Qp6Wk+N4RQv+gRJGo2L5pzULIh9iUvdsKAKLcdPSK1PriiB85ZFSwO7TN9I
gCcekL3byVFJU2zK
-----END CERTIFICATE-----