Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS207705.roa
File:                     AS207705.roa (raw, json)
Hash identifier:          TgFar7H+YzAo+UoD4mxlr0i9OC+Zmg8Jpr6ywDXGMDQ=
Subject key identifier:   BB:55:4F:50:CA:F8:20:11:CC:6A:B3:D5:0C:E9:2F:6D:BA:5C:81:E4
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       191084387F6BE5D0D5FF36112FB5020AB82AE0AF
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS207705.roa
Signing time:             Thu 04 Jun 2026 15:58:47 +0000
ROA not before:           Thu 04 Jun 2026 15:53:47 +0000
ROA not after:            Thu 03 Jun 2027 15:58:47 +0000
asID:                     207705
IP address blocks:        2a06:a005:210::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:10:84:38:7f:6b:e5:d0:d5:ff:36:11:2f:b5:02:0a:b8:2a:e0:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:47 2026 GMT
            Not After : Jun  3 15:58:47 2027 GMT
        Subject: CN=BB554F50CAF82011CC6AB3D50CE92F6DBA5C81E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b5:1c:5a:06:15:e8:0f:73:0e:e9:69:fc:c8:
                    01:94:e6:01:e9:9d:b7:5d:3f:d2:27:88:17:e7:15:
                    c1:60:06:45:5f:ec:f3:8f:34:59:8e:20:49:c1:28:
                    f1:2c:93:17:77:e7:0a:1b:ed:90:ca:33:68:ef:4d:
                    45:c4:5b:11:12:41:ad:db:ec:40:0e:cd:6b:4a:e7:
                    67:51:49:95:e7:34:0a:ec:cb:da:5e:b7:67:9e:f7:
                    a8:18:66:ae:c2:37:9c:43:a2:66:d8:67:6a:59:a5:
                    35:5c:45:85:cb:1b:2d:17:8a:3a:00:c5:24:45:ba:
                    cc:b7:a2:0a:23:a2:f1:b2:43:86:3c:ea:8c:0e:b7:
                    ea:cc:b8:e9:5d:6f:d0:56:18:e7:52:24:34:46:9f:
                    cd:a7:71:a7:dc:dd:be:ad:a3:d9:a9:f7:d8:d2:7c:
                    30:a7:4e:15:06:d7:a8:19:c9:b6:29:b9:06:2a:93:
                    93:91:7d:ac:91:17:ff:c6:9f:5f:bf:e0:cb:08:5d:
                    45:c3:c9:fb:79:6f:d3:ef:88:0f:d9:1e:3c:32:07:
                    96:39:ce:9b:d6:9c:33:34:25:27:af:b8:d1:34:68:
                    e5:96:47:04:b5:ac:87:ef:98:f0:ff:ea:57:44:0a:
                    c1:af:ee:61:0d:60:c4:2c:d3:2f:37:de:92:48:9e:
                    73:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:55:4F:50:CA:F8:20:11:CC:6A:B3:D5:0C:E9:2F:6D:BA:5C:81:E4
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS207705.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:210::/44

    Signature Algorithm: sha256WithRSAEncryption
         64:1f:bc:43:59:d5:f4:ea:fb:97:dd:12:e4:57:55:65:a0:5d:
         06:de:46:42:f4:68:13:40:58:b2:94:8e:09:99:7b:1d:f3:03:
         67:1c:6b:c0:eb:de:23:d7:e7:8b:cb:43:ee:f4:73:64:f4:e4:
         93:57:8f:e4:05:67:3e:3a:54:6d:09:02:e0:71:bb:8a:23:1a:
         a7:25:f2:c5:d7:c0:8e:e7:ce:21:a6:c4:ee:57:6d:5c:2f:26:
         52:c6:a1:3f:2e:bf:1c:2e:6c:c2:52:d2:33:78:69:75:9e:05:
         df:cc:98:f8:18:e4:71:72:01:84:79:d7:4d:5d:eb:19:95:35:
         c2:f7:c8:59:e5:84:46:df:b1:7a:c9:6e:1b:6e:e7:c0:19:e6:
         ac:1f:7f:67:a8:5f:94:6b:b8:1d:6e:27:f9:d9:e7:f7:1a:8d:
         e1:db:06:a1:63:8f:c4:28:e2:9f:e8:51:55:21:d9:4b:fc:41:
         5c:ea:f5:70:4b:da:16:22:1d:c3:f2:6b:ef:41:e6:ac:4f:21:
         c2:e6:a0:57:37:17:d4:6d:6f:f2:88:66:bc:f1:7f:48:b7:35:
         3b:46:c1:de:0a:39:c7:82:b2:6d:ec:c6:cd:22:93:9f:ad:80:
         64:c5:4b:d4:f2:ed:b8:e1:4e:d6:43:85:1e:c7:71:dc:f4:6b:
         4d:62:1c:e2
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUGRCEOH9r5dDV/zYRL7UCCrgq4K8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDdaFw0yNzA2MDMxNTU4NDdaMDMxMTAvBgNV
BAMTKEJCNTU0RjUwQ0FGODIwMTFDQzZBQjNENTBDRTkyRjZEQkE1QzgxRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8tRxaBhXoD3MO6Wn8yAGU5gHp
nbddP9IniBfnFcFgBkVf7POPNFmOIEnBKPEskxd35wob7ZDKM2jvTUXEWxESQa3b
7EAOzWtK52dRSZXnNArsy9pet2ee96gYZq7CN5xDombYZ2pZpTVcRYXLGy0XijoA
xSRFusy3ogojovGyQ4Y86owOt+rMuOldb9BWGOdSJDRGn82ncafc3b6to9mp99jS
fDCnThUG16gZybYpuQYqk5ORfayRF//Gn1+/4MsIXUXDyft5b9PviA/ZHjwyB5Y5
zpvWnDM0JSevuNE0aOWWRwS1rIfvmPD/6ldECsGv7mENYMQs0y833pJInnMjAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUu1VPUMr4IBHMarPVDOkvbbpcgeQwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA3NzA1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQIQMA0GCSqGSIb3DQEBCwUAA4IBAQBkH7xD
WdX06vuX3RLkV1VloF0G3kZC9GgTQFiylI4JmXsd8wNnHGvA694j1+eLy0Pu9HNk
9OSTV4/kBWc+OlRtCQLgcbuKIxqnJfLF18CO584hpsTuV21cLyZSxqE/Lr8cLmzC
UtIzeGl1ngXfzJj4GORxcgGEeddNXesZlTXC98hZ5YRG37F6yW4bbufAGeasH39n
qF+Ua7gdbif52ef3Go3h2wahY4/EKOKf6FFVIdlL/EFc6vVwS9oWIh3D8mvvQeas
TyHC5qBXNxfUbW/yiGa88X9ItzU7RsHeCjnHgrJt7MbNIpOfrYBkxUvU8u244U7W
Q4Uex3Hc9GtNYhzi
-----END CERTIFICATE-----