Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203577.roa
File:                     AS203577.roa (raw, json)
Hash identifier:          Z+40hRZondgPmU5c0yI9WJ/jbrEi0tfORaNiro1XLlQ=
Subject key identifier:   04:5B:F2:A2:C2:A2:6F:82:DD:C0:5A:6B:EE:1A:D3:C8:90:D6:80:6B
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       12B01FEA3CE4A88F5F92331479EDC00A76D92BB9
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203577.roa
Signing time:             Thu 04 Jun 2026 15:58:47 +0000
ROA not before:           Thu 04 Jun 2026 15:53:47 +0000
ROA not after:            Thu 03 Jun 2027 15:58:47 +0000
asID:                     203577
IP address blocks:        2a06:a005:1f50::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:b0:1f:ea:3c:e4:a8:8f:5f:92:33:14:79:ed:c0:0a:76:d9:2b:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:47 2026 GMT
            Not After : Jun  3 15:58:47 2027 GMT
        Subject: CN=045BF2A2C2A26F82DDC05A6BEE1AD3C890D6806B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:bc:a5:9b:a7:3c:93:96:08:7c:3b:15:e0:d3:
                    d4:88:e0:9c:95:d7:31:11:35:b4:34:35:4a:2d:f3:
                    80:c1:43:b1:0a:fb:ab:3f:b8:88:8e:55:76:39:09:
                    80:dd:3c:e3:f4:82:94:50:32:b8:c4:69:1f:1b:32:
                    4f:fe:62:b2:c5:e7:e6:4d:bd:be:a9:8e:70:6b:a4:
                    dd:db:06:20:99:56:03:f6:5b:a3:b8:4d:c0:65:d1:
                    a2:a4:3c:3e:73:87:29:4c:c8:7c:10:98:a7:d7:a5:
                    4a:b0:7d:31:2a:f4:03:7f:be:27:1a:69:55:24:da:
                    e7:c8:ad:1d:b3:80:a7:f1:ed:61:68:11:2d:eb:01:
                    e0:1a:0d:db:ad:0a:5d:85:57:6c:88:0b:8f:29:db:
                    ed:cc:a5:11:ff:f2:1f:8e:cf:aa:b9:18:1e:d9:f5:
                    0b:2b:e4:37:69:7c:13:05:6e:1d:c6:41:26:af:80:
                    92:8a:11:16:e7:22:e6:35:d7:8c:53:f3:1c:86:73:
                    90:af:df:2a:fd:a3:48:c3:83:ec:2f:05:c1:22:ab:
                    d5:fd:64:14:48:3d:a4:07:df:8a:66:a8:fc:fe:e8:
                    b4:08:2b:89:e3:73:39:29:c7:cc:37:61:7e:6e:bc:
                    3c:64:be:68:1b:3d:a1:95:be:f2:ba:24:07:8c:81:
                    4d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:5B:F2:A2:C2:A2:6F:82:DD:C0:5A:6B:EE:1A:D3:C8:90:D6:80:6B
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203577.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1f50::/44

    Signature Algorithm: sha256WithRSAEncryption
         04:21:7a:53:05:5d:72:bb:4e:d5:92:f9:4b:65:5c:a6:1d:f0:
         e5:db:f9:67:70:f9:fc:e7:e5:f6:e9:9d:43:25:52:1d:04:c8:
         fb:67:99:91:9d:d7:60:b3:67:b6:19:a7:ba:18:86:e5:b6:ee:
         3d:0b:e2:81:f5:10:ab:7c:16:00:7c:96:93:b8:2b:95:19:61:
         b8:e0:23:e7:ab:2c:cc:28:d9:5a:8b:3d:0f:41:00:8b:e3:e9:
         ec:70:28:b8:de:0b:0a:9a:6a:d5:a3:70:8c:9a:de:b4:37:50:
         83:eb:9e:cf:a7:a1:9a:7f:b5:d8:c3:c6:fb:62:26:6b:18:aa:
         12:12:bc:bc:6e:c2:1a:c9:3e:82:7b:9a:5b:b1:76:b2:5e:ad:
         74:5a:ae:4d:aa:b4:59:e1:5d:30:b6:e9:ba:56:f8:bd:cc:32:
         d8:f0:66:3e:d9:48:94:5e:5b:31:c8:e6:6d:2a:38:8d:2d:d2:
         b7:b4:83:10:dc:af:7d:e3:87:6b:ac:4d:50:bb:7d:5e:13:f2:
         05:b8:d7:60:f4:c1:18:07:8e:dc:fd:c9:4b:1a:b7:08:27:17:
         c6:fc:0a:a7:2d:8a:3a:b8:4b:48:c2:94:2a:a5:9f:69:5e:bf:
         25:a6:f7:5e:c7:43:1c:a6:fc:c2:40:39:27:17:6a:c7:a3:e8:
         58:a5:63:1a
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUErAf6jzkqI9fkjMUee3ACnbZK7kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDdaFw0yNzA2MDMxNTU4NDdaMDMxMTAvBgNV
BAMTKDA0NUJGMkEyQzJBMjZGODJEREMwNUE2QkVFMUFEM0M4OTBENjgwNkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnvKWbpzyTlgh8OxXg09SI4JyV
1zERNbQ0NUot84DBQ7EK+6s/uIiOVXY5CYDdPOP0gpRQMrjEaR8bMk/+YrLF5+ZN
vb6pjnBrpN3bBiCZVgP2W6O4TcBl0aKkPD5zhylMyHwQmKfXpUqwfTEq9AN/vica
aVUk2ufIrR2zgKfx7WFoES3rAeAaDdutCl2FV2yIC48p2+3MpRH/8h+Oz6q5GB7Z
9Qsr5DdpfBMFbh3GQSavgJKKERbnIuY114xT8xyGc5Cv3yr9o0jDg+wvBcEiq9X9
ZBRIPaQH34pmqPz+6LQIK4njczkpx8w3YX5uvDxkvmgbPaGVvvK6JAeMgU3zAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUBFvyosKib4LdwFpr7hrTyJDWgGswHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAzNTc3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBR9QMA0GCSqGSIb3DQEBCwUAA4IBAQAEIXpT
BV1yu07VkvlLZVymHfDl2/lncPn85+X26Z1DJVIdBMj7Z5mRnddgs2e2Gae6GIbl
tu49C+KB9RCrfBYAfJaTuCuVGWG44CPnqyzMKNlaiz0PQQCL4+nscCi43gsKmmrV
o3CMmt60N1CD657Pp6Gaf7XYw8b7YiZrGKoSEry8bsIayT6Ce5pbsXayXq10Wq5N
qrRZ4V0wtum6Vvi9zDLY8GY+2UiUXlsxyOZtKjiNLdK3tIMQ3K9944drrE1Qu31e
E/IFuNdg9MEYB47c/clLGrcIJxfG/AqnLYo6uEtIwpQqpZ9pXr8lpvdex0McpvzC
QDknF2rHo+hYpWMa
-----END CERTIFICATE-----