Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209652.roa
File:                     AS209652.roa (raw, json)
Hash identifier:          QiECZeSzhIgLtarYV7lscFivsx1i7Tx5vY9oxVtHXys=
Subject key identifier:   DB:19:A5:92:22:13:C4:31:ED:B9:7B:5F:CC:FA:89:A8:AD:1B:B2:82
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       770C41924CBEC6638AC5093BEBA05D2D3FA74416
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209652.roa
Signing time:             Thu 04 Jun 2026 15:58:51 +0000
ROA not before:           Thu 04 Jun 2026 15:53:51 +0000
ROA not after:            Thu 03 Jun 2027 15:58:51 +0000
asID:                     209652
IP address blocks:        2a06:a005:b61::/48 maxlen: 48
                          2a06:a005:2ad0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:0c:41:92:4c:be:c6:63:8a:c5:09:3b:eb:a0:5d:2d:3f:a7:44:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:51 2026 GMT
            Not After : Jun  3 15:58:51 2027 GMT
        Subject: CN=DB19A5922213C431EDB97B5FCCFA89A8AD1BB282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:62:c3:d5:5d:78:aa:17:0b:af:9c:be:0c:ea:
                    45:98:da:d4:38:99:88:35:75:3f:44:db:4d:a9:f1:
                    eb:94:45:04:b2:d3:61:b5:51:21:f6:7d:85:99:d1:
                    f1:2c:ae:37:ee:99:a7:fa:72:89:fc:5b:9a:e7:b1:
                    49:61:84:c0:62:8b:5f:8d:cb:91:0b:aa:58:88:15:
                    eb:ec:1c:42:68:1b:a4:ce:23:08:85:34:35:67:9f:
                    89:c1:47:f9:96:83:68:c9:31:71:4d:4f:4c:bd:80:
                    8f:1a:82:d7:9d:6f:c7:75:0d:44:c7:bc:36:77:da:
                    a4:33:24:ed:2c:9e:2c:c0:f2:43:06:1e:50:91:7d:
                    88:e4:d9:9f:26:a8:1e:2b:95:9a:cc:23:1c:3c:e7:
                    7f:64:04:c9:f5:3e:3b:7f:3d:ba:96:73:dc:16:d3:
                    af:39:57:de:cc:9e:1a:96:53:33:a3:59:3a:90:81:
                    b1:9e:03:d6:1e:73:ba:45:47:5a:88:ba:ed:fa:a7:
                    77:cf:1a:f4:bd:be:44:a0:3c:ac:83:50:3f:a6:2d:
                    bc:d7:16:26:19:38:90:6f:09:ed:58:3f:fe:c6:74:
                    93:9d:30:08:61:cc:10:7e:7f:9f:98:32:a1:27:a1:
                    62:08:ea:3a:30:62:45:b7:55:c0:ce:ba:10:6d:e7:
                    2b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:19:A5:92:22:13:C4:31:ED:B9:7B:5F:CC:FA:89:A8:AD:1B:B2:82
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209652.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:b61::/48
                  2a06:a005:2ad0::/44

    Signature Algorithm: sha256WithRSAEncryption
         64:ef:8b:f7:f2:89:f4:c0:6c:98:db:be:53:b0:49:39:66:ce:
         03:de:c0:65:3f:be:04:d1:a9:7f:71:69:6a:18:69:49:ac:42:
         fe:a9:07:26:7c:01:b9:21:6e:96:93:20:c8:5b:80:41:15:58:
         f1:9e:8b:be:02:89:95:14:8f:02:d8:ac:0d:33:99:98:62:ca:
         90:28:84:a3:c0:3e:6d:04:3c:ad:d5:a5:53:11:63:3e:4b:38:
         0b:c2:39:9b:55:c9:75:89:0e:50:e1:8a:42:c1:ff:32:a5:e9:
         55:6e:f8:69:88:86:7a:20:36:e5:39:eb:2c:2e:ec:5d:f8:c3:
         da:05:db:ed:39:84:6c:76:f6:f5:9b:db:ff:ea:f8:c3:ef:b2:
         e5:8c:1a:10:36:60:4b:18:b6:3b:84:1a:66:3d:75:19:86:35:
         ee:73:2b:5c:1c:55:8e:01:ac:f2:7c:89:cb:24:4c:f9:cd:13:
         b6:91:5f:3f:75:55:33:24:d9:4d:e5:aa:e8:2f:a3:7b:33:dd:
         c4:23:a1:51:1b:41:2c:3f:ad:54:d6:f4:e1:1e:e9:14:e5:e7:
         c5:3f:42:5a:04:de:ca:6f:49:02:34:9f:c4:b5:13:44:49:d4:
         03:69:d0:4d:09:9b:5d:56:f2:67:ac:39:b3:3e:91:31:fe:21:
         03:ff:cd:9b
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUdwxBkky+xmOKxQk766BdLT+nRBYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTFaFw0yNzA2MDMxNTU4NTFaMDMxMTAvBgNV
BAMTKERCMTlBNTkyMjIxM0M0MzFFREI5N0I1RkNDRkE4OUE4QUQxQkIyODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2YsPVXXiqFwuvnL4M6kWY2tQ4
mYg1dT9E202p8euURQSy02G1USH2fYWZ0fEsrjfumaf6con8W5rnsUlhhMBii1+N
y5ELqliIFevsHEJoG6TOIwiFNDVnn4nBR/mWg2jJMXFNT0y9gI8agtedb8d1DUTH
vDZ32qQzJO0snizA8kMGHlCRfYjk2Z8mqB4rlZrMIxw8539kBMn1Pjt/PbqWc9wW
0685V97MnhqWUzOjWTqQgbGeA9Yec7pFR1qIuu36p3fPGvS9vkSgPKyDUD+mLbzX
FiYZOJBvCe1YP/7GdJOdMAhhzBB+f5+YMqEnoWII6jowYkW3VcDOuhBt5ytLAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQU2xmlkiITxDHtuXtfzPqJqK0bsoIwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA5NjUyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQthAwcEKgagBSrQMA0GCSqGSIb3DQEBCwUA
A4IBAQBk74v38on0wGyY275TsEk5Zs4D3sBlP74E0al/cWlqGGlJrEL+qQcmfAG5
IW6WkyDIW4BBFVjxnou+AomVFI8C2KwNM5mYYsqQKISjwD5tBDyt1aVTEWM+SzgL
wjmbVcl1iQ5Q4YpCwf8ypelVbvhpiIZ6IDblOessLuxd+MPaBdvtOYRsdvb1m9v/
6vjD77LljBoQNmBLGLY7hBpmPXUZhjXucytcHFWOAazyfInLJEz5zRO2kV8/dVUz
JNlN5aroL6N7M93EI6FRG0EsP61U1vThHukU5efFP0JaBN7Kb0kCNJ/EtRNESdQD
adBNCZtdVvJnrDmzPpEx/iED/82b
-----END CERTIFICATE-----