Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212252.roa
File:                     AS212252.roa (raw, json)
Hash identifier:          elbXNVIt93lKFoMsbt9/w2OS7OnEshpO2DCbqHGnZ1A=
Subject key identifier:   84:C7:00:87:FB:5B:71:73:4E:5B:58:6B:31:CA:AC:24:40:38:AE:A2
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       642DA3A6FAE1FED18086F09085C07D2638544541
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212252.roa
Signing time:             Thu 04 Jun 2026 15:58:47 +0000
ROA not before:           Thu 04 Jun 2026 15:53:47 +0000
ROA not after:            Thu 03 Jun 2027 15:58:47 +0000
asID:                     212252
IP address blocks:        2a06:a005:2430::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:2d:a3:a6:fa:e1:fe:d1:80:86:f0:90:85:c0:7d:26:38:54:45:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:47 2026 GMT
            Not After : Jun  3 15:58:47 2027 GMT
        Subject: CN=84C70087FB5B71734E5B586B31CAAC244038AEA2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:63:bb:16:b5:c2:32:4a:7a:66:c9:f7:75:5a:
                    24:19:b2:d1:cc:a8:70:de:87:5f:4b:3a:fc:1a:77:
                    79:c6:13:9f:3e:c9:9a:bb:5b:b7:1e:8a:19:19:90:
                    8e:16:f7:b2:14:c1:d8:57:6a:6d:1f:e1:92:3c:e9:
                    20:f1:75:b8:14:4c:11:78:69:32:79:c8:f7:5a:8e:
                    20:da:d4:6d:cb:21:5f:f3:fb:2f:f5:0a:70:9d:d7:
                    00:72:b6:93:1d:e5:f3:97:49:ae:44:43:91:68:ae:
                    a0:2b:79:df:6b:c3:73:f5:a7:cf:49:ae:07:17:96:
                    ba:02:22:09:40:52:b5:a6:0e:b6:3a:45:9f:90:2a:
                    09:db:51:ea:11:10:1a:7b:7d:fb:31:2c:3b:11:1c:
                    84:90:fd:46:17:2d:3a:8e:8f:54:10:ab:f7:07:49:
                    ba:8b:f9:54:9a:e1:ea:cb:88:66:0a:ab:9a:a8:09:
                    3d:7a:70:a2:87:25:c1:dc:60:47:66:c9:d7:53:7b:
                    08:9c:8c:5a:82:93:e8:71:1c:ef:5e:8e:2a:6a:ee:
                    98:30:04:40:cb:7d:35:2e:8c:46:36:9a:65:63:00:
                    9c:7b:7d:37:b8:94:72:af:94:1b:16:1b:aa:8d:42:
                    c9:c1:65:b8:67:bc:70:36:ba:a7:ee:ef:91:5b:ec:
                    2c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:C7:00:87:FB:5B:71:73:4E:5B:58:6B:31:CA:AC:24:40:38:AE:A2
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212252.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2430::/44

    Signature Algorithm: sha256WithRSAEncryption
         8d:e7:13:d8:12:a1:cd:38:e9:df:2f:9c:d8:52:9d:96:c3:dd:
         7a:ce:b0:11:ad:eb:46:5b:49:d6:0c:07:42:9c:67:6a:c8:25:
         78:7a:a2:cf:b7:e9:e2:b8:c3:7b:9c:64:11:e0:ea:2d:a9:f4:
         7e:41:ca:4e:7c:5f:b7:7b:fd:58:de:78:5a:30:83:09:55:5b:
         76:93:cb:d4:09:50:ca:e3:5c:35:0b:c1:5b:01:f6:71:78:b6:
         9a:3f:2d:0a:8d:4b:8f:46:a6:34:b0:bd:1c:66:23:dd:3c:16:
         5e:66:ff:65:5f:0c:86:d0:19:d6:17:af:31:97:44:8e:69:96:
         50:d6:fc:05:fe:15:59:60:bd:b6:2c:cc:e9:49:b0:45:e2:9d:
         54:cd:94:c9:6f:dc:62:4b:3d:7a:67:80:24:13:43:f9:c2:83:
         28:c7:2e:dd:8e:5d:58:91:f4:97:b4:e0:16:89:ed:ca:f5:66:
         75:9f:ba:1d:9e:84:76:f2:aa:fa:06:b5:d9:12:6f:b4:5d:c4:
         fe:4b:95:c5:cb:ed:71:6e:7a:31:15:52:84:90:2f:9d:17:f9:
         57:f9:67:38:5b:dc:fc:29:dd:23:50:9b:aa:f7:1a:dd:78:8e:
         4e:d5:35:23:cb:52:b0:90:45:22:5c:68:29:ae:50:92:2f:d5:
         50:08:42:94
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUZC2jpvrh/tGAhvCQhcB9JjhURUEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDdaFw0yNzA2MDMxNTU4NDdaMDMxMTAvBgNV
BAMTKDg0QzcwMDg3RkI1QjcxNzM0RTVCNTg2QjMxQ0FBQzI0NDAzOEFFQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcY7sWtcIySnpmyfd1WiQZstHM
qHDeh19LOvwad3nGE58+yZq7W7ceihkZkI4W97IUwdhXam0f4ZI86SDxdbgUTBF4
aTJ5yPdajiDa1G3LIV/z+y/1CnCd1wBytpMd5fOXSa5EQ5ForqAred9rw3P1p89J
rgcXlroCIglAUrWmDrY6RZ+QKgnbUeoREBp7ffsxLDsRHISQ/UYXLTqOj1QQq/cH
SbqL+VSa4erLiGYKq5qoCT16cKKHJcHcYEdmyddTewicjFqCk+hxHO9ejipq7pgw
BEDLfTUujEY2mmVjAJx7fTe4lHKvlBsWG6qNQsnBZbhnvHA2uqfu75Fb7CwrAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUhMcAh/tbcXNOW1hrMcqsJEA4rqIwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjEyMjUyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSQwMA0GCSqGSIb3DQEBCwUAA4IBAQCN5xPY
EqHNOOnfL5zYUp2Ww916zrARretGW0nWDAdCnGdqyCV4eqLPt+niuMN7nGQR4Oot
qfR+QcpOfF+3e/1Y3nhaMIMJVVt2k8vUCVDK41w1C8FbAfZxeLaaPy0KjUuPRqY0
sL0cZiPdPBZeZv9lXwyG0BnWF68xl0SOaZZQ1vwF/hVZYL22LMzpSbBF4p1UzZTJ
b9xiSz16Z4AkE0P5woMoxy7djl1YkfSXtOAWie3K9WZ1n7odnoR28qr6BrXZEm+0
XcT+S5XFy+1xbnoxFVKEkC+dF/lX+Wc4W9z8Kd0jUJuq9xrdeI5O1TUjy1KwkEUi
XGgprlCSL9VQCEKU
-----END CERTIFICATE-----