Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS211869.roa
File:                     AS211869.roa (raw, json)
Hash identifier:          p7Wu8jAQBGaLFZo4yZu/boCFDmYTmhs3DKkDGWtj8yQ=
Subject key identifier:   41:04:47:C3:93:34:3B:1C:4D:4E:01:18:5E:29:ED:12:45:71:87:6F
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       40B5F9288DEDCF267803AE901E94E5F65B0A2CCC
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS211869.roa
Signing time:             Thu 04 Jun 2026 15:58:53 +0000
ROA not before:           Thu 04 Jun 2026 15:53:53 +0000
ROA not after:            Thu 03 Jun 2027 15:58:53 +0000
asID:                     211869
IP address blocks:        2a06:a005:1300::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:b5:f9:28:8d:ed:cf:26:78:03:ae:90:1e:94:e5:f6:5b:0a:2c:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:53 2026 GMT
            Not After : Jun  3 15:58:53 2027 GMT
        Subject: CN=410447C393343B1C4D4E01185E29ED124571876F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:63:85:30:d8:ec:13:ac:cb:e8:f6:f5:95:ff:
                    f5:22:13:ef:d7:b3:ad:16:0b:89:55:73:80:e4:16:
                    5e:13:f2:7b:13:79:dc:0d:93:67:16:3a:c8:7a:ab:
                    e1:3f:6f:1f:17:87:a9:a3:2d:04:7f:b9:c0:a6:50:
                    73:07:80:67:a6:1e:ab:92:a7:29:37:b0:32:63:92:
                    e5:81:be:00:e0:37:31:6c:57:45:24:95:2b:24:fa:
                    4f:ee:0c:65:62:98:10:b1:62:d9:04:6b:aa:94:a8:
                    5a:c9:1d:a3:42:af:41:67:79:23:a7:1a:82:69:85:
                    6f:b6:33:59:2a:27:83:04:ee:1b:63:fb:5d:4f:31:
                    8a:c7:57:03:cd:c6:61:d9:4d:7c:a0:8c:7c:93:92:
                    71:76:9f:a0:52:4c:9a:69:22:5d:8c:65:15:e7:e1:
                    24:ff:17:b7:61:9b:35:3e:34:b3:d7:43:7e:2f:6d:
                    02:0a:45:20:c8:af:7b:3d:89:b1:86:1c:b2:21:1b:
                    9c:85:10:63:8e:9f:77:8c:e1:c0:96:76:07:77:1a:
                    de:9e:90:26:64:2d:81:cc:cf:7e:d6:55:8b:63:0e:
                    65:aa:19:57:cf:17:cd:02:b9:43:21:56:65:11:31:
                    8e:41:44:83:b5:d7:85:2d:e2:ac:e2:16:f1:55:fa:
                    e9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:04:47:C3:93:34:3B:1C:4D:4E:01:18:5E:29:ED:12:45:71:87:6F
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS211869.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1300::/44

    Signature Algorithm: sha256WithRSAEncryption
         9f:75:df:47:c1:ee:20:b2:1d:ea:43:51:5f:5f:33:47:14:eb:
         cf:36:eb:39:4a:8d:a1:80:b0:47:74:2c:e3:ba:30:2c:42:80:
         e1:8a:83:a0:0e:56:f7:f8:22:cb:30:79:57:29:93:67:43:aa:
         45:d4:1f:ac:20:dc:11:7e:cc:72:d9:a3:7d:88:3f:a8:74:b2:
         8a:ba:2a:f1:25:96:99:ea:b4:fc:da:00:e9:0f:2b:e1:ca:e5:
         8b:b9:29:7c:c0:07:2b:af:fc:a4:b9:16:31:03:25:34:4d:d0:
         e2:0e:61:48:88:9d:14:0c:77:1d:77:6d:9b:96:3f:74:ee:0b:
         b8:e5:01:67:00:a8:b4:7a:4a:c9:28:c8:7c:6f:b6:a0:8f:86:
         0e:be:0b:1b:14:ee:f3:2f:66:19:a6:92:c3:eb:2f:8a:be:65:
         44:21:51:6d:0b:4f:33:ab:93:bb:35:f4:1d:7b:1d:13:75:02:
         57:1e:65:9b:cb:55:98:21:d7:2f:5d:16:a9:30:b9:64:6b:c8:
         59:ef:c0:67:e3:7d:af:de:5b:99:ac:ad:e8:a2:2c:3f:26:c5:
         a0:5e:4e:26:04:8b:87:82:18:8a:62:6b:10:55:1b:7c:df:77:
         4d:92:2b:2c:1e:3f:08:e6:6d:c4:5a:7a:ef:13:e9:e5:34:f9:
         c0:4c:2f:93
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUQLX5KI3tzyZ4A66QHpTl9lsKLMwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTNaFw0yNzA2MDMxNTU4NTNaMDMxMTAvBgNV
BAMTKDQxMDQ0N0MzOTMzNDNCMUM0RDRFMDExODVFMjlFRDEyNDU3MTg3NkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDY4Uw2OwTrMvo9vWV//UiE+/X
s60WC4lVc4DkFl4T8nsTedwNk2cWOsh6q+E/bx8Xh6mjLQR/ucCmUHMHgGemHquS
pyk3sDJjkuWBvgDgNzFsV0UklSsk+k/uDGVimBCxYtkEa6qUqFrJHaNCr0FneSOn
GoJphW+2M1kqJ4ME7htj+11PMYrHVwPNxmHZTXygjHyTknF2n6BSTJppIl2MZRXn
4ST/F7dhmzU+NLPXQ34vbQIKRSDIr3s9ibGGHLIhG5yFEGOOn3eM4cCWdgd3Gt6e
kCZkLYHMz37WVYtjDmWqGVfPF80CuUMhVmURMY5BRIO114Ut4qziFvFV+un7AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUQQRHw5M0OxxNTgEYXintEkVxh28wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjExODY5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRMAMA0GCSqGSIb3DQEBCwUAA4IBAQCfdd9H
we4gsh3qQ1FfXzNHFOvPNus5So2hgLBHdCzjujAsQoDhioOgDlb3+CLLMHlXKZNn
Q6pF1B+sINwRfsxy2aN9iD+odLKKuirxJZaZ6rT82gDpDyvhyuWLuSl8wAcrr/yk
uRYxAyU0TdDiDmFIiJ0UDHcdd22blj907gu45QFnAKi0ekrJKMh8b7agj4YOvgsb
FO7zL2YZppLD6y+KvmVEIVFtC08zq5O7NfQdex0TdQJXHmWby1WYIdcvXRapMLlk
a8hZ78Bn432v3luZrK3ooiw/JsWgXk4mBIuHghiKYmsQVRt833dNkissHj8I5m3E
WnrvE+nlNPnATC+T
-----END CERTIFICATE-----