Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS208679.roa
File:                     AS208679.roa (raw, json)
Hash identifier:          q8hNUp9ZBMIW/9/sNPdrFraqP/90K4cVxEuT3zMusRM=
Subject key identifier:   73:74:6A:F0:19:BF:90:96:6E:63:4C:8E:E6:2F:97:8A:09:0F:FF:C2
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       330B7C804C5D346BC78E5BA709AD298025586CA9
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS208679.roa
Signing time:             Thu 04 Jun 2026 15:58:52 +0000
ROA not before:           Thu 04 Jun 2026 15:53:52 +0000
ROA not after:            Thu 03 Jun 2027 15:58:52 +0000
asID:                     208679
IP address blocks:        2a06:a005:8d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:0b:7c:80:4c:5d:34:6b:c7:8e:5b:a7:09:ad:29:80:25:58:6c:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:52 2026 GMT
            Not After : Jun  3 15:58:52 2027 GMT
        Subject: CN=73746AF019BF90966E634C8EE62F978A090FFFC2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:e3:09:14:f8:ef:ba:9e:fe:79:25:61:f1:54:
                    2b:28:7d:79:b5:35:9e:7b:80:1a:6d:c7:57:dc:9c:
                    4e:88:2c:8f:77:39:4b:a5:42:89:98:9f:21:a9:27:
                    4a:e3:fa:33:83:93:1d:ec:c1:41:16:26:a9:8d:6f:
                    94:fe:3d:e9:34:5f:03:5c:17:16:69:e3:da:47:ea:
                    29:46:da:4f:cd:96:ad:c7:ee:2d:56:4d:f6:4b:91:
                    19:81:60:fa:c2:44:c1:51:54:47:16:89:5d:c0:29:
                    9e:0d:cf:94:be:c4:3d:63:c7:fe:44:6f:3c:14:39:
                    24:c8:3d:03:2f:a3:5d:a6:ba:e0:29:cc:f2:f8:f5:
                    8c:8b:09:f0:69:c1:e0:2c:94:75:9b:3d:52:3a:c7:
                    5b:6a:11:d2:3b:ff:27:02:f5:72:c0:c8:39:ed:7b:
                    0a:a1:f6:1e:d3:67:46:c2:db:d9:98:e4:52:3c:3f:
                    53:a3:df:2f:0f:ca:7b:bc:fa:df:23:43:2d:07:f4:
                    a8:7d:cf:52:17:1a:e2:22:21:a1:98:15:8e:7e:5f:
                    b9:48:4c:91:fa:87:05:2b:87:af:ac:05:88:83:b8:
                    e2:71:8d:14:0c:d8:f8:73:23:aa:56:e6:b3:ae:27:
                    79:b6:7a:6a:1f:4a:4f:85:65:63:e1:4d:9d:e0:87:
                    b8:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:74:6A:F0:19:BF:90:96:6E:63:4C:8E:E6:2F:97:8A:09:0F:FF:C2
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS208679.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:8d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         16:2c:1e:80:10:1c:98:30:3c:d7:b3:68:d5:7e:7f:3f:01:98:
         ce:97:27:79:4b:57:a6:97:67:db:16:19:ac:ec:b3:4c:49:dc:
         84:6a:26:42:04:b9:20:31:5b:20:bb:3e:fb:f4:6e:8e:29:6c:
         df:21:41:2c:0f:96:a8:b2:aa:e3:b1:76:c3:16:20:10:64:19:
         20:04:60:82:18:00:a4:33:8b:d1:85:0f:12:85:02:96:b9:e6:
         e6:af:78:07:ff:25:22:61:db:af:b5:33:71:fd:e3:45:15:97:
         1a:61:ae:1a:d0:71:45:52:2d:1f:2f:35:ce:c2:47:07:35:e8:
         c1:2b:18:5c:79:fe:84:f1:8d:f7:c6:09:9c:37:3e:bc:16:fc:
         1c:6a:b4:23:1a:6a:c6:b4:bc:f7:35:2f:66:df:a3:27:dc:3e:
         12:0e:3a:3f:34:8f:e1:9d:ae:ea:b6:a5:b3:30:cf:38:65:76:
         54:c0:97:3c:35:6b:57:22:97:f7:10:87:4e:c9:34:b7:a8:f4:
         c7:5d:04:a8:fd:b8:d9:43:89:c3:52:d2:51:2b:66:d2:be:18:
         86:79:69:fa:98:39:49:a4:23:fb:8d:f5:43:3b:52:a1:65:5d:
         e1:4e:29:76:72:8d:13:39:e5:b6:a6:9f:da:6e:c6:5a:b5:74:
         0f:be:74:47
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUMwt8gExdNGvHjlunCa0pgCVYbKkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTJaFw0yNzA2MDMxNTU4NTJaMDMxMTAvBgNV
BAMTKDczNzQ2QUYwMTlCRjkwOTY2RTYzNEM4RUU2MkY5NzhBMDkwRkZGQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO4wkU+O+6nv55JWHxVCsofXm1
NZ57gBptx1fcnE6ILI93OUulQomYnyGpJ0rj+jODkx3swUEWJqmNb5T+Pek0XwNc
FxZp49pH6ilG2k/Nlq3H7i1WTfZLkRmBYPrCRMFRVEcWiV3AKZ4Nz5S+xD1jx/5E
bzwUOSTIPQMvo12muuApzPL49YyLCfBpweAslHWbPVI6x1tqEdI7/ycC9XLAyDnt
ewqh9h7TZ0bC29mY5FI8P1Oj3y8Pynu8+t8jQy0H9Kh9z1IXGuIiIaGYFY5+X7lI
TJH6hwUrh6+sBYiDuOJxjRQM2PhzI6pW5rOuJ3m2emofSk+FZWPhTZ3gh7jFAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUc3Rq8Bm/kJZuY0yO5i+XigkP/8IwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA4Njc5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQjQMA0GCSqGSIb3DQEBCwUAA4IBAQAWLB6A
EByYMDzXs2jVfn8/AZjOlyd5S1eml2fbFhms7LNMSdyEaiZCBLkgMVsguz779G6O
KWzfIUEsD5aosqrjsXbDFiAQZBkgBGCCGACkM4vRhQ8ShQKWuebmr3gH/yUiYduv
tTNx/eNFFZcaYa4a0HFFUi0fLzXOwkcHNejBKxhcef6E8Y33xgmcNz68FvwcarQj
GmrGtLz3NS9m36Mn3D4SDjo/NI/hna7qtqWzMM84ZXZUwJc8NWtXIpf3EIdOyTS3
qPTHXQSo/bjZQ4nDUtJRK2bSvhiGeWn6mDlJpCP7jfVDO1KhZV3hTil2co0TOeW2
pp/absZatXQPvnRH
-----END CERTIFICATE-----