Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212888.roa
File:                     AS212888.roa (raw, json)
Hash identifier:          Iq9s8R9abKWBLOIzJ3KizmwZ4MTqB8phhlsvXQUt1AE=
Subject key identifier:   55:C0:64:3F:FF:11:64:36:A6:4F:19:20:C3:03:A7:97:CB:FB:4E:FD
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       7091AD43134ABB43DCD9FDFEEAC15086D5A49186
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212888.roa
Signing time:             Thu 04 Jun 2026 15:58:52 +0000
ROA not before:           Thu 04 Jun 2026 15:53:52 +0000
ROA not after:            Thu 03 Jun 2027 15:58:52 +0000
asID:                     212888
IP address blocks:        2a06:a005:1990::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:91:ad:43:13:4a:bb:43:dc:d9:fd:fe:ea:c1:50:86:d5:a4:91:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:52 2026 GMT
            Not After : Jun  3 15:58:52 2027 GMT
        Subject: CN=55C0643FFF116436A64F1920C303A797CBFB4EFD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4f:5e:5e:47:af:ca:02:a6:57:8e:c9:b8:56:
                    9b:71:a6:83:6d:52:37:4d:c7:bc:aa:dc:79:9c:c6:
                    61:69:d0:eb:e4:5c:50:59:2f:14:45:53:18:31:d6:
                    db:72:f0:64:71:34:c7:55:eb:43:b8:a7:bf:6e:df:
                    55:6d:06:77:2f:ae:2a:d8:e2:de:a1:41:59:07:4d:
                    37:32:0f:a5:9c:69:d3:39:df:d3:53:a5:d2:9b:49:
                    ad:c0:f4:93:86:9c:90:30:0b:2b:82:8a:0e:6c:04:
                    18:58:ee:ae:e2:7d:20:70:c6:d5:8c:e6:b9:5a:58:
                    44:01:0f:ac:2f:19:c3:91:84:b6:b2:53:a1:5b:9b:
                    9a:92:9f:96:38:49:fa:12:0c:48:7d:fd:a1:34:8a:
                    0e:a7:a1:90:6e:67:26:06:1c:47:f1:4f:01:a7:e5:
                    11:72:f8:3f:53:a3:82:cd:5c:e1:a7:34:4a:65:90:
                    f5:f2:3e:a8:fe:9d:40:77:eb:82:76:fd:4d:6e:09:
                    72:35:31:50:28:7b:d7:ce:db:4a:d9:1a:5e:e9:7f:
                    20:ef:7b:e9:0d:0b:4b:a8:85:0f:f0:5f:30:35:39:
                    bc:26:ab:56:1a:87:25:01:69:63:00:a7:4c:f1:4b:
                    4e:67:eb:81:0c:43:92:a9:70:0e:ed:ea:ec:21:52:
                    34:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:C0:64:3F:FF:11:64:36:A6:4F:19:20:C3:03:A7:97:CB:FB:4E:FD
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212888.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1990::/44

    Signature Algorithm: sha256WithRSAEncryption
         69:03:38:e9:28:39:70:4c:4e:36:78:81:b0:c8:81:80:4a:17:
         e6:dd:f8:b1:88:a3:a5:4c:d2:08:75:c7:40:c2:42:a9:3e:d2:
         71:6b:b0:66:b3:d8:80:6c:f2:73:7d:eb:63:e5:7a:91:5a:e5:
         9b:cb:5c:66:3f:f4:f4:1f:fb:9d:4b:11:89:5f:bf:4e:75:6c:
         f2:f5:dd:cb:15:45:dc:8a:c0:ad:0d:52:5f:3d:d5:b8:16:3b:
         09:42:49:97:d0:db:e6:4e:94:78:49:11:af:44:36:08:5d:bb:
         c9:3f:5f:d8:e1:32:71:53:65:ee:c9:a5:77:13:6a:bb:9e:78:
         3d:6f:ae:e2:27:bc:53:cb:aa:af:8a:f7:2a:18:30:aa:92:eb:
         58:92:71:28:f8:12:b0:9a:ab:1d:3a:eb:64:a6:c7:99:86:f3:
         93:56:8b:57:4e:bb:44:f5:d3:3d:c8:64:d8:76:0f:13:5b:ca:
         3a:82:70:f3:3c:b4:0a:2e:4a:56:fc:fc:97:37:f1:3a:16:de:
         7a:e9:2a:e1:73:62:e2:f3:62:81:3a:8c:9f:83:86:c6:d3:61:
         96:6c:da:08:dd:fe:8a:f6:1c:37:95:81:3c:83:a4:5d:0b:9a:
         00:c2:9d:eb:ed:d9:fb:71:f4:73:e4:d3:d8:07:b6:51:a3:12:
         1b:66:41:43
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUcJGtQxNKu0Pc2f3+6sFQhtWkkYYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTJaFw0yNzA2MDMxNTU4NTJaMDMxMTAvBgNV
BAMTKDU1QzA2NDNGRkYxMTY0MzZBNjRGMTkyMEMzMDNBNzk3Q0JGQjRFRkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxT15eR6/KAqZXjsm4VptxpoNt
UjdNx7yq3HmcxmFp0OvkXFBZLxRFUxgx1tty8GRxNMdV60O4p79u31VtBncvrirY
4t6hQVkHTTcyD6WcadM539NTpdKbSa3A9JOGnJAwCyuCig5sBBhY7q7ifSBwxtWM
5rlaWEQBD6wvGcORhLayU6Fbm5qSn5Y4SfoSDEh9/aE0ig6noZBuZyYGHEfxTwGn
5RFy+D9To4LNXOGnNEplkPXyPqj+nUB364J2/U1uCXI1MVAoe9fO20rZGl7pfyDv
e+kNC0uohQ/wXzA1Obwmq1YahyUBaWMAp0zxS05n64EMQ5KpcA7t6uwhUjRXAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUVcBkP/8RZDamTxkgwwOnl8v7Tv0wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjEyODg4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRmQMA0GCSqGSIb3DQEBCwUAA4IBAQBpAzjp
KDlwTE42eIGwyIGAShfm3fixiKOlTNIIdcdAwkKpPtJxa7Bms9iAbPJzfetj5XqR
WuWby1xmP/T0H/udSxGJX79OdWzy9d3LFUXcisCtDVJfPdW4FjsJQkmX0NvmTpR4
SRGvRDYIXbvJP1/Y4TJxU2XuyaV3E2q7nng9b67iJ7xTy6qvivcqGDCqkutYknEo
+BKwmqsdOutkpseZhvOTVotXTrtE9dM9yGTYdg8TW8o6gnDzPLQKLkpW/PyXN/E6
Ft566Srhc2Li82KBOoyfg4bG02GWbNoI3f6K9hw3lYE8g6RdC5oAwp3r7dn7cfRz
5NPYB7ZRoxIbZkFD
-----END CERTIFICATE-----