Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203415.roa
File:                     AS203415.roa (raw, json)
Hash identifier:          ct1qiN81gS9b45WDcke6WVhhwcDLhtUFW6lkJo5vzqA=
Subject key identifier:   64:8B:7F:FE:A0:05:C4:7E:C8:18:70:AB:F5:34:FD:79:60:CB:5C:3A
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       0992467F869392C9A985E681F54EF17568EF1AA5
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203415.roa
Signing time:             Thu 04 Jun 2026 15:58:53 +0000
ROA not before:           Thu 04 Jun 2026 15:53:53 +0000
ROA not after:            Thu 03 Jun 2027 15:58:53 +0000
asID:                     203415
IP address blocks:        2a06:a005:5ac::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:92:46:7f:86:93:92:c9:a9:85:e6:81:f5:4e:f1:75:68:ef:1a:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:53 2026 GMT
            Not After : Jun  3 15:58:53 2027 GMT
        Subject: CN=648B7FFEA005C47EC81870ABF534FD7960CB5C3A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:3c:9a:91:16:79:c9:08:21:4a:20:9d:65:f4:
                    c9:88:ad:9c:bb:04:fa:71:0f:a6:51:57:3f:61:87:
                    44:5e:74:ac:39:79:7c:c8:db:15:0f:be:0b:75:79:
                    89:01:a2:cd:2e:b1:9e:e5:7a:04:8c:ce:4a:ab:09:
                    db:00:4c:50:71:9f:35:6f:b3:bf:11:f1:02:24:8f:
                    55:e6:56:c3:1a:9c:15:c1:35:25:e6:bf:26:e5:21:
                    c8:f1:54:ee:41:82:0d:7e:0d:92:b8:f9:8c:14:34:
                    68:c0:6f:5a:e4:88:f7:38:c5:2e:fc:3b:ab:e7:df:
                    4e:ef:b0:ea:30:0a:90:53:25:3d:c3:f9:d2:b4:31:
                    c4:0f:bd:8f:f1:e7:51:4f:89:56:b0:d7:c7:92:50:
                    1d:78:ca:e0:01:5f:00:74:b8:a9:0c:c0:4c:02:b5:
                    2e:90:16:08:c1:2a:22:6c:8d:eb:d8:2d:c5:0b:76:
                    c8:5e:9f:c9:ff:6d:67:a4:91:5b:b6:15:4a:eb:a9:
                    3f:e5:6b:d9:51:8d:ac:05:a5:df:fc:81:87:79:9b:
                    0b:32:3a:15:7c:8f:33:73:74:33:4c:ad:28:cf:1b:
                    2e:95:28:1f:20:31:89:ed:6c:4d:b6:52:5a:9a:81:
                    73:7f:b0:39:55:92:00:9d:27:e2:f5:2c:6e:01:99:
                    cf:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:8B:7F:FE:A0:05:C4:7E:C8:18:70:AB:F5:34:FD:79:60:CB:5C:3A
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203415.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:7e:41:c9:fd:56:0d:b3:84:f5:60:d0:40:92:98:01:b7:c1:
         2e:8c:43:6e:36:b1:f8:86:64:c1:df:90:34:8c:e8:d8:bf:6b:
         cc:ab:21:6b:5c:e4:a4:65:96:f6:6d:19:da:b0:81:84:7d:99:
         bd:3d:98:bb:cb:3c:6c:22:3b:ee:27:08:85:13:15:ab:40:57:
         8f:ec:2c:8a:8b:98:ca:cb:cd:3c:49:69:d9:a1:ff:99:6a:fe:
         8d:ec:01:88:8d:72:5e:e3:9d:75:83:d4:67:e3:4c:bc:df:03:
         b7:92:3f:35:5e:41:c2:61:54:d0:48:7c:86:57:32:88:38:b6:
         13:e6:62:e4:52:d9:c6:10:d6:39:57:af:5f:81:87:0e:81:86:
         a6:09:ec:9d:9d:ff:3a:c1:80:b5:1b:5b:98:b0:f7:c7:7d:a4:
         72:8d:20:e5:18:50:a8:cf:13:07:ff:3b:52:64:f3:a3:e4:d8:
         05:91:76:a2:aa:f4:d8:ae:f8:88:03:56:1f:0c:04:04:d5:e1:
         76:9f:60:3a:05:08:94:8f:2d:ce:22:25:37:78:fc:2e:aa:f5:
         ec:4c:04:31:98:85:17:0f:74:cf:ae:f7:b9:7c:bc:3c:08:78:
         92:6c:0a:2c:97:3e:26:64:80:f2:7d:a8:fa:3f:da:4c:20:7c:
         48:ba:9f:7c
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUCZJGf4aTksmpheaB9U7xdWjvGqUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTNaFw0yNzA2MDMxNTU4NTNaMDMxMTAvBgNV
BAMTKDY0OEI3RkZFQTAwNUM0N0VDODE4NzBBQkY1MzRGRDc5NjBDQjVDM0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuPJqRFnnJCCFKIJ1l9MmIrZy7
BPpxD6ZRVz9hh0RedKw5eXzI2xUPvgt1eYkBos0usZ7legSMzkqrCdsATFBxnzVv
s78R8QIkj1XmVsManBXBNSXmvyblIcjxVO5Bgg1+DZK4+YwUNGjAb1rkiPc4xS78
O6vn307vsOowCpBTJT3D+dK0McQPvY/x51FPiVaw18eSUB14yuABXwB0uKkMwEwC
tS6QFgjBKiJsjevYLcULdshen8n/bWekkVu2FUrrqT/la9lRjawFpd/8gYd5mwsy
OhV8jzNzdDNMrSjPGy6VKB8gMYntbE22UlqagXN/sDlVkgCdJ+L1LG4Bmc8HAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUZIt//qAFxH7IGHCr9TT9eWDLXDowHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAzNDE1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQWsMA0GCSqGSIb3DQEBCwUAA4IBAQBAfkHJ
/VYNs4T1YNBAkpgBt8EujENuNrH4hmTB35A0jOjYv2vMqyFrXOSkZZb2bRnasIGE
fZm9PZi7yzxsIjvuJwiFExWrQFeP7CyKi5jKy808SWnZof+Zav6N7AGIjXJe4511
g9Rn40y83wO3kj81XkHCYVTQSHyGVzKIOLYT5mLkUtnGENY5V69fgYcOgYamCeyd
nf86wYC1G1uYsPfHfaRyjSDlGFCozxMH/ztSZPOj5NgFkXaiqvTYrviIA1YfDAQE
1eF2n2A6BQiUjy3OIiU3ePwuqvXsTAQxmIUXD3TPrve5fLw8CHiSbAoslz4mZIDy
faj6P9pMIHxIup98
-----END CERTIFICATE-----