Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS213386.roa
File:                     AS213386.roa (raw, json)
Hash identifier:          eq53TVa0DnxL359EkGYtta16V4NFGGm4Wfkf6kGTSC4=
Subject key identifier:   B0:A3:8E:FE:62:64:A6:A8:DE:4D:54:44:99:9B:FB:3F:84:F4:53:22
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       308815C3DD06ECD5606180DA93C20D2A55ED1FB6
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS213386.roa
Signing time:             Thu 04 Jun 2026 15:58:48 +0000
ROA not before:           Thu 04 Jun 2026 15:53:48 +0000
ROA not after:            Thu 03 Jun 2027 15:58:48 +0000
asID:                     213386
IP address blocks:        2a06:a005:2d7::/48 maxlen: 48
                          2a06:a005:2da::/48 maxlen: 48
                          2a06:a005:fb0::/44 maxlen: 48
                          2a06:a005:1710::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 07:08:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:88:15:c3:dd:06:ec:d5:60:61:80:da:93:c2:0d:2a:55:ed:1f:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:48 2026 GMT
            Not After : Jun  3 15:58:48 2027 GMT
        Subject: CN=B0A38EFE6264A6A8DE4D5444999BFB3F84F45322
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:c2:e9:04:e2:ca:8a:de:38:8d:04:92:3b:a8:
                    17:be:d6:55:3e:de:cb:e4:fd:a0:de:d3:da:9b:b4:
                    8b:d3:94:02:57:39:73:5c:91:7f:09:d3:1f:bb:c4:
                    38:c0:ff:fe:00:45:9a:23:40:1a:2c:3c:88:7a:6e:
                    1d:9b:d0:69:f3:e3:da:ca:5d:c3:a4:0c:99:c6:3b:
                    36:d7:39:d2:7b:aa:30:ca:c6:2b:69:70:e4:53:63:
                    5a:8d:50:eb:0c:66:3d:5d:d1:8a:5c:ca:9e:b5:23:
                    9d:10:93:88:a2:17:cc:af:ca:df:48:93:ee:86:f1:
                    0d:10:fd:89:a7:7f:64:a9:e8:fc:57:60:77:71:be:
                    06:96:f4:1c:2d:55:d1:3e:c4:00:1b:e0:f3:c0:33:
                    d3:b8:1c:de:1a:08:10:73:db:08:03:c4:e6:29:6a:
                    8f:31:35:9c:85:f2:dc:83:01:d4:d8:2e:c7:8a:a9:
                    2f:d2:cf:12:6e:2f:5a:0d:c2:48:8e:1d:2e:5f:63:
                    c5:65:bf:a8:49:bf:fc:77:90:34:67:b7:04:ca:1d:
                    82:9f:97:08:b9:e5:d5:45:03:88:49:78:2e:cf:8d:
                    db:1d:17:60:a8:c0:fe:6c:fd:1b:d2:11:ba:7a:be:
                    fc:94:d0:3f:aa:9e:0b:1a:be:22:fa:8c:42:6b:25:
                    00:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:A3:8E:FE:62:64:A6:A8:DE:4D:54:44:99:9B:FB:3F:84:F4:53:22
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS213386.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2d7::/48
                  2a06:a005:2da::/48
                  2a06:a005:fb0::/44
                  2a06:a005:1710::/44

    Signature Algorithm: sha256WithRSAEncryption
         34:2e:4d:be:88:2f:78:c5:e8:23:a8:90:b5:47:b0:75:31:46:
         2e:78:34:59:c5:a8:c6:80:bd:af:fc:dc:88:2a:f0:92:bb:bb:
         dd:cd:e7:33:c7:c0:45:d1:79:fc:e2:f7:f3:73:b3:21:d5:39:
         13:ed:33:d4:f3:71:11:a5:dd:fc:bc:22:7a:8b:e2:20:09:2b:
         06:4b:38:3a:ba:04:8b:69:dd:32:3c:66:a0:50:92:a1:5c:c6:
         1a:40:67:09:10:82:e9:a2:3d:56:8f:71:ca:76:1f:17:76:0f:
         49:d3:0c:78:b2:6b:bd:be:97:ea:34:92:ba:e3:e3:bf:d9:48:
         3f:9f:e8:5d:2c:33:fc:dd:b9:27:eb:0e:e2:89:c9:30:0b:fe:
         5b:77:24:a7:e7:6b:6f:e7:4d:0b:97:36:de:b8:1a:9b:cc:b2:
         09:40:ca:f9:de:3c:87:8a:26:1e:de:00:b6:36:7c:76:80:0a:
         94:3a:ef:06:9f:0f:0e:39:1c:b1:0c:17:81:f9:68:ce:69:d7:
         59:66:2e:3e:24:f8:d1:fd:14:86:61:e4:ef:38:65:ff:58:0e:
         d5:af:cf:c0:1d:10:90:d4:ea:be:06:a0:f9:26:67:b6:74:a3:
         9a:92:d2:f2:9d:8c:82:cb:87:40:5d:d9:1e:93:2d:7c:3e:d2:
         54:ec:36:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUMIgVw90G7NVgYYDak8INKlXtH7YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDhaFw0yNzA2MDMxNTU4NDhaMDMxMTAvBgNV
BAMTKEIwQTM4RUZFNjI2NEE2QThERTRENTQ0NDk5OUJGQjNGODRGNDUzMjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdwukE4sqK3jiNBJI7qBe+1lU+
3svk/aDe09qbtIvTlAJXOXNckX8J0x+7xDjA//4ARZojQBosPIh6bh2b0Gnz49rK
XcOkDJnGOzbXOdJ7qjDKxitpcORTY1qNUOsMZj1d0Ypcyp61I50Qk4iiF8yvyt9I
k+6G8Q0Q/Ymnf2Sp6PxXYHdxvgaW9BwtVdE+xAAb4PPAM9O4HN4aCBBz2wgDxOYp
ao8xNZyF8tyDAdTYLseKqS/SzxJuL1oNwkiOHS5fY8Vlv6hJv/x3kDRntwTKHYKf
lwi55dVFA4hJeC7PjdsdF2CowP5s/RvSEbp6vvyU0D+qngsaviL6jEJrJQCHAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUsKOO/mJkpqjeTVREmZv7P4T0UyIwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjEzMzg2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEH
AQH/BC4wLDAqBAIAAjAkAwcAKgagBQLXAwcAKgagBQLaAwcEKgagBQ+wAwcEKgag
BRcQMA0GCSqGSIb3DQEBCwUAA4IBAQA0Lk2+iC94xegjqJC1R7B1MUYueDRZxajG
gL2v/NyIKvCSu7vdzeczx8BF0Xn84vfzc7Mh1TkT7TPU83ERpd38vCJ6i+IgCSsG
Szg6ugSLad0yPGagUJKhXMYaQGcJEILpoj1Wj3HKdh8Xdg9J0wx4smu9vpfqNJK6
4+O/2Ug/n+hdLDP83bkn6w7iickwC/5bdySn52tv500LlzbeuBqbzLIJQMr53jyH
iiYe3gC2Nnx2gAqUOu8Gnw8OORyxDBeB+WjOaddZZi4+JPjR/RSGYeTvOGX/WA7V
r8/AHRCQ1Oq+BqD5Jme2dKOaktLynYyCy4dAXdkeky18PtJU7Dag
-----END CERTIFICATE-----