Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS204374.roa
File:                     AS204374.roa (raw, json)
Hash identifier:          yH9GOK/Z6YgQK/kUXbEA/RnGZ1jqlhYmXhqLd5EFias=
Subject key identifier:   0A:CF:32:78:77:FD:65:A8:56:0D:C6:E7:05:71:3E:6F:EF:01:28:50
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       25230048EC4E630CE7F3ECB2AB9FA13BCC7B4267
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS204374.roa
Signing time:             Thu 04 Jun 2026 15:58:49 +0000
ROA not before:           Thu 04 Jun 2026 15:53:49 +0000
ROA not after:            Thu 03 Jun 2027 15:58:49 +0000
asID:                     204374
IP address blocks:        2a06:a005:85f::/48 maxlen: 48
                          2a06:a005:1090::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:23:00:48:ec:4e:63:0c:e7:f3:ec:b2:ab:9f:a1:3b:cc:7b:42:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:49 2026 GMT
            Not After : Jun  3 15:58:49 2027 GMT
        Subject: CN=0ACF327877FD65A8560DC6E705713E6FEF012850
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:63:db:fc:16:1b:07:b1:c9:02:11:b9:f0:2c:
                    98:cf:45:69:2e:8f:35:08:55:e8:e0:09:1a:e9:6b:
                    32:f6:f2:0a:fa:69:ca:77:3e:d3:41:13:18:d6:1a:
                    df:6d:b6:53:ca:70:f7:f9:c9:2d:81:8a:b3:9e:58:
                    09:5a:0b:1b:29:ae:b5:b2:86:48:67:94:72:23:69:
                    d3:85:56:f7:34:bd:28:47:dc:6d:ba:52:e1:72:35:
                    60:0f:fc:8a:bd:19:8c:76:58:ef:2e:b1:98:da:8a:
                    d1:be:1a:ea:d0:e4:96:1c:ea:b8:d4:a0:e3:45:22:
                    c9:f8:84:13:9d:cb:a0:a9:2d:db:fd:5b:87:8d:91:
                    db:3b:f7:8f:7e:b8:ea:66:a9:88:35:78:0b:43:3e:
                    9b:7e:86:8c:25:51:fc:20:7f:f8:38:dd:30:70:53:
                    1b:b5:4f:ea:f7:90:9d:c3:23:bd:ea:6c:8b:46:db:
                    a9:9a:0e:10:f8:8a:03:17:c0:20:c7:7b:a8:e7:68:
                    21:f9:f8:48:78:70:07:db:db:d4:f6:56:38:4d:d9:
                    ec:dd:d6:a2:06:bc:84:cd:ea:a2:c0:1a:18:20:f6:
                    41:d9:44:5e:1b:d2:57:d2:28:a5:8b:e9:1d:57:14:
                    f9:e1:b8:1c:a4:39:79:91:dd:1b:29:4b:3b:89:10:
                    08:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:CF:32:78:77:FD:65:A8:56:0D:C6:E7:05:71:3E:6F:EF:01:28:50
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS204374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:85f::/48
                  2a06:a005:1090::/44

    Signature Algorithm: sha256WithRSAEncryption
         65:a2:0c:2a:bb:9f:bd:dc:73:ee:b0:03:aa:33:2d:41:f5:d5:
         8c:e6:0d:2a:b2:74:82:45:74:61:8f:96:65:f3:03:ad:4e:29:
         d6:c6:6b:ee:91:21:71:8a:a6:2d:95:6c:6d:65:ed:2a:f9:4a:
         d9:6e:23:a0:d9:e9:97:8e:0b:f0:1d:34:e6:46:d9:39:11:d1:
         c6:48:b7:4c:bf:6c:21:11:25:07:24:c3:fe:c0:5d:f6:c6:95:
         db:a0:19:36:69:42:6e:9b:08:90:86:ef:ac:c2:6b:df:5f:99:
         63:b0:f5:13:38:02:41:38:c3:19:df:7c:fa:8f:65:87:01:4d:
         ba:bd:ad:dc:17:f9:66:ac:78:e4:9e:11:13:36:3b:97:5c:71:
         31:3a:64:98:c2:1e:9a:e0:ef:eb:ae:cf:9b:cf:54:c3:9a:a2:
         71:a1:ed:31:41:b6:a8:f1:78:99:1e:99:61:a6:1b:bd:67:b7:
         1b:42:34:dc:60:37:5d:c3:75:8b:a5:81:d3:c2:3c:59:16:f7:
         39:6a:39:b3:25:a5:a9:0c:c2:04:43:38:60:26:4e:5a:9e:b0:
         3b:2d:c2:f2:32:cb:92:1c:0c:72:7f:75:0a:9c:a3:7d:80:88:
         b8:ce:54:8d:3e:a7:55:fe:17:00:a8:79:a2:20:a6:2e:a4:8a:
         d1:1c:1f:94
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUJSMASOxOYwzn8+yyq5+hO8x7QmcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDlaFw0yNzA2MDMxNTU4NDlaMDMxMTAvBgNV
BAMTKDBBQ0YzMjc4NzdGRDY1QTg1NjBEQzZFNzA1NzEzRTZGRUYwMTI4NTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwY9v8FhsHsckCEbnwLJjPRWku
jzUIVejgCRrpazL28gr6acp3PtNBExjWGt9ttlPKcPf5yS2BirOeWAlaCxsprrWy
hkhnlHIjadOFVvc0vShH3G26UuFyNWAP/Iq9GYx2WO8usZjaitG+GurQ5JYc6rjU
oONFIsn4hBOdy6CpLdv9W4eNkds7949+uOpmqYg1eAtDPpt+howlUfwgf/g43TBw
Uxu1T+r3kJ3DI73qbItG26maDhD4igMXwCDHe6jnaCH5+Eh4cAfb29T2VjhN2ezd
1qIGvITN6qLAGhgg9kHZRF4b0lfSKKWL6R1XFPnhuBykOXmR3RspSzuJEAghAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUCs8yeHf9ZahWDcbnBXE+b+8BKFAwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA0Mzc0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQhfAwcEKgagBRCQMA0GCSqGSIb3DQEBCwUA
A4IBAQBlogwqu5+93HPusAOqMy1B9dWM5g0qsnSCRXRhj5Zl8wOtTinWxmvukSFx
iqYtlWxtZe0q+UrZbiOg2emXjgvwHTTmRtk5EdHGSLdMv2whESUHJMP+wF32xpXb
oBk2aUJumwiQhu+swmvfX5ljsPUTOAJBOMMZ33z6j2WHAU26va3cF/lmrHjknhET
NjuXXHExOmSYwh6a4O/rrs+bz1TDmqJxoe0xQbao8XiZHplhphu9Z7cbQjTcYDdd
w3WLpYHTwjxZFvc5ajmzJaWpDMIEQzhgJk5anrA7LcLyMsuSHAxyf3UKnKN9gIi4
zlSNPqdV/hcAqHmiIKYupIrRHB+U
-----END CERTIFICATE-----