Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS211509.roa
File:                     AS211509.roa (raw, json)
Hash identifier:          FLTgPaJKtuvdavJJUTDK+r1qq849nH+YV4q9jRM3Oz8=
Subject key identifier:   B3:36:19:71:D2:8B:A9:DC:AA:13:C2:A5:B3:AD:34:EA:1D:B5:62:5D
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       2F2C67C88F32671F6B457C9C48369A563DF6C235
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS211509.roa
Signing time:             Thu 04 Jun 2026 15:58:53 +0000
ROA not before:           Thu 04 Jun 2026 15:53:53 +0000
ROA not after:            Thu 03 Jun 2027 15:58:53 +0000
asID:                     211509
IP address blocks:        2a06:a005:8::/48 maxlen: 48
                          2a06:a005:f70::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:2c:67:c8:8f:32:67:1f:6b:45:7c:9c:48:36:9a:56:3d:f6:c2:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:53 2026 GMT
            Not After : Jun  3 15:58:53 2027 GMT
        Subject: CN=B3361971D28BA9DCAA13C2A5B3AD34EA1DB5625D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8a:42:13:5c:29:af:b0:8f:69:47:18:33:70:
                    c8:9f:2a:c2:a2:64:5c:9a:32:c5:b5:5d:e0:be:eb:
                    e0:55:a4:89:60:74:fe:17:d2:a4:6a:b4:cb:3f:a5:
                    33:2e:d4:26:a8:40:3b:5b:46:72:26:cc:2e:ae:3f:
                    a8:9e:38:59:bb:7f:5c:1b:3c:aa:09:06:ff:ee:ea:
                    97:0f:81:75:f0:bf:ef:55:0e:05:8b:58:ad:c4:ef:
                    a3:7c:8c:34:99:69:7a:6d:32:89:1f:ba:e6:25:fe:
                    48:b1:43:c0:28:26:77:c5:75:00:a4:05:91:cc:bf:
                    ba:6a:6c:af:0b:75:bb:24:e7:59:48:f4:37:d0:51:
                    a9:b3:c6:6b:65:67:24:81:e9:0b:a0:e5:b3:04:81:
                    e4:1f:2d:0b:b5:70:a4:9f:13:a6:24:41:7c:f8:78:
                    78:58:df:a9:93:d6:4c:78:dd:5d:73:f9:9a:4a:7e:
                    e3:17:46:9f:87:22:99:97:ec:93:ad:06:1c:ad:46:
                    c3:be:1b:eb:d0:f3:12:56:78:9b:47:54:58:86:11:
                    c4:2e:f7:b3:c7:26:ef:91:04:5d:f8:39:c5:c0:e8:
                    15:24:fb:bb:d2:11:51:3b:11:5f:25:4b:68:39:42:
                    b4:54:74:b6:2a:50:e7:4f:8d:a7:52:14:08:41:3f:
                    e1:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:36:19:71:D2:8B:A9:DC:AA:13:C2:A5:B3:AD:34:EA:1D:B5:62:5D
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS211509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:8::/48
                  2a06:a005:f70::/44

    Signature Algorithm: sha256WithRSAEncryption
         31:32:11:f0:57:6e:2b:9f:46:e6:fa:b0:ed:08:f4:f6:ae:23:
         ac:56:c6:0c:6e:8d:10:28:0b:f0:90:32:cd:45:c7:08:68:e2:
         c3:71:fb:66:08:25:ca:16:50:f3:14:83:89:33:15:c0:6c:1d:
         a4:05:36:3a:d2:e1:d3:76:f5:32:81:ab:3a:26:6f:65:a9:ba:
         e3:5f:ac:d7:02:44:8e:f6:91:d1:21:ff:a5:49:45:60:16:af:
         f1:4d:fd:39:d9:fb:b2:58:7b:59:28:8f:b3:b4:ab:e1:69:0f:
         71:fa:b8:e4:69:2b:40:69:27:f4:69:ee:64:03:39:b4:27:00:
         26:23:39:45:94:f3:09:52:7e:b3:f4:40:c5:be:ce:e1:4b:5d:
         f1:8b:3c:bd:e9:e5:97:4f:3c:24:e4:06:1d:2e:d5:cf:c0:c3:
         da:b7:2e:ab:98:21:34:ba:b8:23:f5:0d:2a:35:c9:30:ff:c2:
         2c:e5:cf:57:8f:a4:3e:33:6d:f9:15:eb:e8:d3:8a:82:b1:5a:
         b8:55:45:1d:61:80:42:a0:d3:d0:cd:b5:25:0b:62:51:c4:08:
         92:3d:46:18:14:0f:1b:c5:00:1a:5e:52:74:8a:ef:bf:13:4d:
         51:a2:40:85:fb:7a:11:db:eb:0a:dd:e8:fe:c3:fb:d3:57:27:
         f0:43:ed:46
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIULyxnyI8yZx9rRXycSDaaVj32wjUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTNaFw0yNzA2MDMxNTU4NTNaMDMxMTAvBgNV
BAMTKEIzMzYxOTcxRDI4QkE5RENBQTEzQzJBNUIzQUQzNEVBMURCNTYyNUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkikITXCmvsI9pRxgzcMifKsKi
ZFyaMsW1XeC+6+BVpIlgdP4X0qRqtMs/pTMu1CaoQDtbRnImzC6uP6ieOFm7f1wb
PKoJBv/u6pcPgXXwv+9VDgWLWK3E76N8jDSZaXptMokfuuYl/kixQ8AoJnfFdQCk
BZHMv7pqbK8Ldbsk51lI9DfQUamzxmtlZySB6Qug5bMEgeQfLQu1cKSfE6YkQXz4
eHhY36mT1kx43V1z+ZpKfuMXRp+HIpmX7JOtBhytRsO+G+vQ8xJWeJtHVFiGEcQu
97PHJu+RBF34OcXA6BUk+7vSEVE7EV8lS2g5QrRUdLYqUOdPjadSFAhBP+HDAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUszYZcdKLqdyqE8Kls6006h21Yl0wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjExNTA5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBQAIAwcEKgagBQ9wMA0GCSqGSIb3DQEBCwUA
A4IBAQAxMhHwV24rn0bm+rDtCPT2riOsVsYMbo0QKAvwkDLNRccIaOLDcftmCCXK
FlDzFIOJMxXAbB2kBTY60uHTdvUygas6Jm9lqbrjX6zXAkSO9pHRIf+lSUVgFq/x
Tf052fuyWHtZKI+ztKvhaQ9x+rjkaStAaSf0ae5kAzm0JwAmIzlFlPMJUn6z9EDF
vs7hS13xizy96eWXTzwk5AYdLtXPwMPaty6rmCE0urgj9Q0qNckw/8Is5c9Xj6Q+
M235Fevo04qCsVq4VUUdYYBCoNPQzbUlC2JRxAiSPUYYFA8bxQAaXlJ0iu+/E01R
okCF+3oR2+sK3ej+w/vTVyfwQ+1G
-----END CERTIFICATE-----