Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203655.roa
File:                     AS203655.roa (raw, json)
Hash identifier:          8KMgXUzrhW1kpgjUCYBKI2MeUbeGZEvrq2sWY/7gN6Q=
Subject key identifier:   72:17:C3:B6:A1:51:64:8D:6E:6D:34:76:B1:56:3C:50:FD:14:21:D7
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       73BD566732B99529DF6E53A2008AA0A5EC1E7932
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203655.roa
Signing time:             Thu 04 Jun 2026 15:58:52 +0000
ROA not before:           Thu 04 Jun 2026 15:53:52 +0000
ROA not after:            Thu 03 Jun 2027 15:58:52 +0000
asID:                     203655
IP address blocks:        2a06:a005:13e0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:bd:56:67:32:b9:95:29:df:6e:53:a2:00:8a:a0:a5:ec:1e:79:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:52 2026 GMT
            Not After : Jun  3 15:58:52 2027 GMT
        Subject: CN=7217C3B6A151648D6E6D3476B1563C50FD1421D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f7:d9:7a:70:bc:94:af:91:f6:09:2e:af:10:
                    30:7d:7e:79:dd:55:06:71:69:9b:a9:e6:c5:5c:fd:
                    69:51:56:1d:53:24:a0:30:98:3f:71:1e:a5:e2:09:
                    fb:58:34:fb:df:7d:17:c4:56:81:ec:36:7a:a2:71:
                    5f:e1:44:9c:11:4a:59:f5:af:0e:66:15:1b:22:24:
                    0c:96:bd:d8:88:a4:2c:a3:f9:55:ac:81:2c:82:df:
                    d4:3f:7e:b7:68:e0:96:e9:16:f3:cd:06:7d:a3:b7:
                    0b:91:cb:21:01:bd:76:db:d8:58:f7:07:86:a2:ab:
                    38:2a:e3:58:43:38:a0:e3:19:c8:f6:a2:8a:52:75:
                    5f:6a:75:ac:70:12:38:ee:80:87:bf:4c:a4:50:ee:
                    2f:87:2d:66:0a:6f:aa:f2:f9:ed:c2:47:60:a4:6f:
                    9a:3b:8c:57:23:cd:98:e2:d0:a5:0e:e0:c3:a5:38:
                    9b:f3:4f:ce:0f:9e:26:1d:02:66:4f:93:49:c1:b7:
                    52:10:b7:ef:88:ab:23:52:95:81:7f:21:84:37:af:
                    ac:de:2d:a8:5e:94:6b:53:d3:9b:00:af:c7:f2:6f:
                    e5:4b:2e:e3:1c:91:02:39:25:31:35:a4:6b:bd:d5:
                    3b:c9:81:22:a5:9d:1a:7a:6a:ea:59:96:bf:51:8c:
                    1a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:17:C3:B6:A1:51:64:8D:6E:6D:34:76:B1:56:3C:50:FD:14:21:D7
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203655.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:13e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         36:af:8c:98:35:4f:8d:6e:76:91:f8:ab:66:15:84:bf:3a:27:
         c0:8d:89:3d:d8:ea:40:03:32:f5:99:35:fc:c1:a4:46:97:70:
         e9:83:10:00:36:53:8a:0a:6d:8d:3b:1f:a1:91:7c:e8:92:48:
         01:98:bc:42:86:84:7b:ca:57:9f:8e:05:88:e3:13:bf:68:71:
         8d:9e:ea:48:71:29:82:e4:f9:55:45:5b:16:27:08:4e:d1:2d:
         13:b5:b3:b0:75:5a:19:b8:7d:f2:a9:6a:af:00:c2:79:3e:c4:
         fe:16:e8:1d:79:e5:ce:50:10:65:96:99:b6:29:8b:ae:19:c8:
         48:25:37:0b:ed:8b:a1:b5:0f:30:fc:d9:d2:79:27:36:39:de:
         d4:11:d3:0d:c8:af:eb:ec:d7:ea:12:66:06:51:a9:1e:73:98:
         42:af:e9:30:63:a8:f5:a8:48:14:f4:b6:6d:57:12:29:54:e5:
         d6:6b:3e:0b:ff:b9:a0:54:47:db:da:e9:02:e4:8b:af:06:23:
         01:23:15:b8:78:1c:f2:64:a0:2f:95:de:aa:7f:71:6f:6a:2f:
         61:71:82:d2:db:d0:b7:67:4e:5f:1a:a2:39:f0:33:4d:2b:49:
         bb:3e:33:18:9b:47:00:27:eb:0d:17:f7:3c:85:e1:77:cd:1b:
         c8:9a:30:fc
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUc71WZzK5lSnfblOiAIqgpeweeTIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTJaFw0yNzA2MDMxNTU4NTJaMDMxMTAvBgNV
BAMTKDcyMTdDM0I2QTE1MTY0OEQ2RTZEMzQ3NkIxNTYzQzUwRkQxNDIxRDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb99l6cLyUr5H2CS6vEDB9fnnd
VQZxaZup5sVc/WlRVh1TJKAwmD9xHqXiCftYNPvffRfEVoHsNnqicV/hRJwRSln1
rw5mFRsiJAyWvdiIpCyj+VWsgSyC39Q/frdo4JbpFvPNBn2jtwuRyyEBvXbb2Fj3
B4aiqzgq41hDOKDjGcj2oopSdV9qdaxwEjjugIe/TKRQ7i+HLWYKb6ry+e3CR2Ck
b5o7jFcjzZji0KUO4MOlOJvzT84PniYdAmZPk0nBt1IQt++IqyNSlYF/IYQ3r6ze
LahelGtT05sAr8fyb+VLLuMckQI5JTE1pGu91TvJgSKlnRp6aupZlr9RjBq1AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUchfDtqFRZI1ubTR2sVY8UP0UIdcwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAzNjU1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRPgMA0GCSqGSIb3DQEBCwUAA4IBAQA2r4yY
NU+NbnaR+KtmFYS/OifAjYk92OpAAzL1mTX8waRGl3DpgxAANlOKCm2NOx+hkXzo
kkgBmLxChoR7ylefjgWI4xO/aHGNnupIcSmC5PlVRVsWJwhO0S0TtbOwdVoZuH3y
qWqvAMJ5PsT+FugdeeXOUBBllpm2KYuuGchIJTcL7YuhtQ8w/NnSeSc2Od7UEdMN
yK/r7NfqEmYGUakec5hCr+kwY6j1qEgU9LZtVxIpVOXWaz4L/7mgVEfb2ukC5Iuv
BiMBIxW4eBzyZKAvld6qf3Fvai9hcYLS29C3Z05fGqI58DNNK0m7PjMYm0cAJ+sN
F/c8heF3zRvImjD8
-----END CERTIFICATE-----