Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202467.roa
File:                     AS202467.roa (raw, json)
Hash identifier:          QMo3ixyZxEBTzAQh1nGIVHwQf4VraKUFzfnSaKv8v9o=
Subject key identifier:   AD:AA:97:08:BB:5F:63:7F:A0:2A:08:77:EC:90:C0:76:A2:F2:8B:E1
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       59B0BD7D97982A9F2F6FFD5411DEB960978CE44E
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202467.roa
Signing time:             Thu 04 Jun 2026 15:58:50 +0000
ROA not before:           Thu 04 Jun 2026 15:53:50 +0000
ROA not after:            Thu 03 Jun 2027 15:58:50 +0000
asID:                     202467
IP address blocks:        2a06:a005:1162::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:b0:bd:7d:97:98:2a:9f:2f:6f:fd:54:11:de:b9:60:97:8c:e4:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:50 2026 GMT
            Not After : Jun  3 15:58:50 2027 GMT
        Subject: CN=ADAA9708BB5F637FA02A0877EC90C076A2F28BE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7c:17:f2:66:76:e5:28:f2:6a:fa:8a:85:61:
                    4c:13:6e:38:1e:87:e5:c7:2e:0e:3f:6d:b6:83:78:
                    e1:d7:db:93:c3:f4:77:83:5b:f5:3f:27:7f:a1:c7:
                    7e:94:7f:91:d7:40:04:dd:a5:f3:f8:3b:05:e1:d2:
                    48:89:aa:ce:2d:c3:30:ca:f1:7c:30:11:9a:11:9f:
                    a0:cc:8c:6c:c3:0d:51:59:10:3f:4f:d7:a7:ba:70:
                    d2:e2:a3:e9:a3:be:30:05:d0:51:bb:82:ba:77:c3:
                    0f:df:20:35:83:53:6b:67:58:ca:c4:17:18:8b:d7:
                    be:29:89:87:cf:0a:4f:c6:1c:3a:95:4f:2c:65:05:
                    70:54:16:86:0a:f0:bf:ed:35:a3:31:0b:c1:a3:87:
                    df:a8:0d:04:6a:90:33:de:02:3f:87:a6:e0:2a:8e:
                    39:75:ec:11:3f:11:76:02:2f:21:d3:a5:d1:6c:9d:
                    9f:38:aa:4b:07:e1:05:f9:b8:e8:c1:10:d8:1f:56:
                    3d:f7:83:65:d6:8d:5c:73:41:86:f7:b3:ad:93:c1:
                    70:34:17:6a:80:3a:73:07:f0:fa:a6:24:9e:b9:43:
                    32:fe:47:aa:6e:6a:72:a3:95:24:22:1a:af:ac:8b:
                    e4:8c:c8:92:21:0e:3b:83:bf:94:d2:09:4c:f1:29:
                    52:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:AA:97:08:BB:5F:63:7F:A0:2A:08:77:EC:90:C0:76:A2:F2:8B:E1
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202467.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1162::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:89:41:3f:3d:bd:b9:6a:f8:9b:51:ea:3d:dd:f7:6d:9c:a7:
         ca:6e:e3:d9:03:a7:c1:94:c0:4d:f4:be:e5:73:24:f4:27:6d:
         e1:9b:23:9e:de:f7:82:cb:e2:2a:ba:5f:c3:46:44:92:1d:8c:
         fe:cf:a8:50:2b:03:d1:3b:54:a0:cd:2f:ed:a7:ce:89:15:aa:
         c1:02:f4:fd:83:64:ae:ce:57:82:f1:e0:be:96:53:12:66:d9:
         c9:5b:45:50:33:e9:80:23:75:40:c5:aa:38:ce:a1:3b:75:51:
         87:98:ec:e7:f1:7e:ac:ce:ba:e9:8a:9e:0a:b3:68:a5:78:6c:
         21:47:f2:dd:a4:a0:b4:0d:55:fc:d5:76:f4:d2:d5:2d:46:69:
         7f:d4:d1:b3:b9:47:09:ff:62:b5:47:b5:f4:cb:e4:8a:fe:7c:
         00:2e:11:f0:b5:86:82:33:5b:52:c0:aa:37:40:74:33:3a:13:
         67:55:31:51:6a:c3:c6:bb:ec:3f:bd:bf:a7:39:74:2b:eb:7d:
         c0:06:d9:53:45:50:27:2a:4a:4c:0a:27:67:e7:b9:c5:a4:3d:
         7f:95:57:e3:3d:e9:d2:c0:4c:e0:1d:f8:3c:a3:c7:c2:fc:43:
         1d:56:e8:f5:6b:58:f3:79:46:17:42:e6:1f:e4:c1:b9:c5:c6:
         e4:a5:81:02
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUWbC9fZeYKp8vb/1UEd65YJeM5E4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTBaFw0yNzA2MDMxNTU4NTBaMDMxMTAvBgNV
BAMTKEFEQUE5NzA4QkI1RjYzN0ZBMDJBMDg3N0VDOTBDMDc2QTJGMjhCRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+fBfyZnblKPJq+oqFYUwTbjge
h+XHLg4/bbaDeOHX25PD9HeDW/U/J3+hx36Uf5HXQATdpfP4OwXh0kiJqs4twzDK
8XwwEZoRn6DMjGzDDVFZED9P16e6cNLio+mjvjAF0FG7grp3ww/fIDWDU2tnWMrE
FxiL174piYfPCk/GHDqVTyxlBXBUFoYK8L/tNaMxC8Gjh9+oDQRqkDPeAj+HpuAq
jjl17BE/EXYCLyHTpdFsnZ84qksH4QX5uOjBENgfVj33g2XWjVxzQYb3s62TwXA0
F2qAOnMH8PqmJJ65QzL+R6puanKjlSQiGq+si+SMyJIhDjuDv5TSCUzxKVLPAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUraqXCLtfY3+gKgh37JDAdqLyi+EwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAyNDY3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBRFiMA0GCSqGSIb3DQEBCwUAA4IBAQA8iUE/
Pb25avibUeo93fdtnKfKbuPZA6fBlMBN9L7lcyT0J23hmyOe3veCy+Iqul/DRkSS
HYz+z6hQKwPRO1SgzS/tp86JFarBAvT9g2SuzleC8eC+llMSZtnJW0VQM+mAI3VA
xao4zqE7dVGHmOzn8X6szrrpip4Ks2ileGwhR/LdpKC0DVX81Xb00tUtRml/1NGz
uUcJ/2K1R7X0y+SK/nwALhHwtYaCM1tSwKo3QHQzOhNnVTFRasPGu+w/vb+nOXQr
633ABtlTRVAnKkpMCidn57nFpD1/lVfjPenSwEzgHfg8o8fC/EMdVuj1a1jzeUYX
QuYf5MG5xcbkpYEC
-----END CERTIFICATE-----