Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203852.roa
File:                     AS203852.roa (raw, json)
Hash identifier:          ptbzkq0VZwAgOhjYbExYZ8VhK8MKBimRrsW7x6OZ4DA=
Subject key identifier:   6A:5A:F4:9D:96:58:D2:97:4F:BF:88:29:0E:B7:62:6D:84:BB:3D:1A
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       0F29F56F53C58DCF2F053D3AA5C5198323300564
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203852.roa
Signing time:             Thu 04 Jun 2026 15:58:53 +0000
ROA not before:           Thu 04 Jun 2026 15:53:53 +0000
ROA not after:            Thu 03 Jun 2027 15:58:53 +0000
asID:                     203852
IP address blocks:        2a06:a005:1910::/44 maxlen: 48
                          2a06:a005:21a0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:29:f5:6f:53:c5:8d:cf:2f:05:3d:3a:a5:c5:19:83:23:30:05:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:53 2026 GMT
            Not After : Jun  3 15:58:53 2027 GMT
        Subject: CN=6A5AF49D9658D2974FBF88290EB7626D84BB3D1A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:91:ec:78:5e:26:1a:f3:50:e1:3f:9a:2a:12:
                    a0:99:5b:fa:7c:b0:e8:21:40:ae:8c:a6:bd:dc:d8:
                    62:0d:49:70:8b:81:08:07:2e:e0:ad:e0:8b:1a:d2:
                    1f:d4:34:0f:4d:e1:25:5d:61:8c:1a:58:cc:72:70:
                    b4:c1:5c:75:d2:c2:61:7c:66:a3:fe:cc:b7:a8:3f:
                    6b:eb:62:c4:e4:22:23:fd:95:b8:2c:6b:4a:3b:ea:
                    d5:9d:56:a1:d6:f3:09:fe:40:c0:f6:fe:98:14:22:
                    bd:3d:c5:89:9a:e5:ee:7d:49:ca:1d:6b:a2:8c:e3:
                    21:91:ce:a6:22:03:e9:32:c7:7b:02:da:31:cd:f5:
                    d7:c1:6c:a2:69:b1:21:2f:21:0a:83:41:61:06:56:
                    44:cf:29:99:ed:dd:25:54:3b:98:a1:67:52:3e:98:
                    97:f7:99:08:b9:d4:85:82:01:56:63:00:b7:c5:67:
                    12:77:cc:1c:cf:8f:6a:81:d4:b2:8c:91:69:fd:70:
                    7a:ed:5c:f0:40:0e:00:f3:dd:88:a3:66:50:7d:eb:
                    7e:51:eb:49:fd:c6:a1:24:2d:dd:74:e4:c5:b3:b3:
                    79:ff:f0:b5:c9:a0:d0:12:b3:e1:de:63:c5:9c:a2:
                    e6:fc:5b:42:5d:d0:35:75:66:65:14:0f:17:37:90:
                    45:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:5A:F4:9D:96:58:D2:97:4F:BF:88:29:0E:B7:62:6D:84:BB:3D:1A
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203852.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1910::/44
                  2a06:a005:21a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         17:13:59:61:8d:fe:6c:d0:08:62:44:fe:4a:c8:5b:0b:6e:60:
         95:cc:56:db:c8:52:d7:fb:88:6f:ae:dc:83:ad:12:18:9a:33:
         dd:e0:cc:74:29:70:be:2c:2c:2c:3e:74:21:79:05:e4:b7:e2:
         89:0d:36:d0:f8:43:11:9f:ba:5d:c4:ec:00:10:48:60:e2:5d:
         63:55:3e:6a:2c:43:7e:8d:1f:31:26:3d:d1:1e:27:d3:cd:58:
         40:f6:9a:af:c2:3b:a1:3d:06:eb:0f:bd:59:e8:a2:8e:ef:5c:
         1d:42:5c:ce:d7:32:44:d6:fa:fd:62:8a:03:8a:ab:77:08:94:
         ca:08:8b:2f:8f:3f:4b:4e:b3:24:09:5b:4c:88:72:08:d5:17:
         16:f3:8a:6c:59:dc:91:81:c3:4f:38:05:37:ae:5c:18:ef:81:
         49:29:3f:e8:66:27:54:0d:2b:80:57:57:32:cb:97:25:76:97:
         28:5b:b4:34:90:68:88:2d:fd:f3:20:85:06:6e:62:7c:2a:72:
         71:0e:ec:f8:91:2e:d0:bd:3c:5d:6d:95:16:3b:96:d2:cc:5f:
         46:3a:cb:a0:b4:76:c6:85:30:e1:93:e8:de:4b:fc:c3:55:be:
         38:c7:43:64:8f:38:16:8e:2b:6e:4d:14:c7:34:63:f5:ca:ba:
         e9:3c:f4:fd
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUDyn1b1PFjc8vBT06pcUZgyMwBWQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTNaFw0yNzA2MDMxNTU4NTNaMDMxMTAvBgNV
BAMTKDZBNUFGNDlEOTY1OEQyOTc0RkJGODgyOTBFQjc2MjZEODRCQjNEMUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfkex4XiYa81DhP5oqEqCZW/p8
sOghQK6Mpr3c2GINSXCLgQgHLuCt4Isa0h/UNA9N4SVdYYwaWMxycLTBXHXSwmF8
ZqP+zLeoP2vrYsTkIiP9lbgsa0o76tWdVqHW8wn+QMD2/pgUIr09xYma5e59Scod
a6KM4yGRzqYiA+kyx3sC2jHN9dfBbKJpsSEvIQqDQWEGVkTPKZnt3SVUO5ihZ1I+
mJf3mQi51IWCAVZjALfFZxJ3zBzPj2qB1LKMkWn9cHrtXPBADgDz3YijZlB9635R
60n9xqEkLd105MWzs3n/8LXJoNASs+HeY8Wcoub8W0Jd0DV1ZmUUDxc3kEXfAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUalr0nZZY0pdPv4gpDrdibYS7PRowHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAzODUyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcEKgagBRkQAwcEKgagBSGgMA0GCSqGSIb3DQEBCwUA
A4IBAQAXE1lhjf5s0AhiRP5KyFsLbmCVzFbbyFLX+4hvrtyDrRIYmjPd4Mx0KXC+
LCwsPnQheQXkt+KJDTbQ+EMRn7pdxOwAEEhg4l1jVT5qLEN+jR8xJj3RHifTzVhA
9pqvwjuhPQbrD71Z6KKO71wdQlzO1zJE1vr9YooDiqt3CJTKCIsvjz9LTrMkCVtM
iHII1RcW84psWdyRgcNPOAU3rlwY74FJKT/oZidUDSuAV1cyy5cldpcoW7Q0kGiI
Lf3zIIUGbmJ8KnJxDuz4kS7QvTxdbZUWO5bSzF9GOsugtHbGhTDhk+jeS/zDVb44
x0NkjzgWjituTRTHNGP1yrrpPPT9
-----END CERTIFICATE-----