Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS47689.roa
File:                     AS47689.roa (raw, json)
Hash identifier:          nxds8rSkPG7DUumVk1cedt9iOgh64pD+oHqjEqlsUwI=
Subject key identifier:   9D:47:E4:4D:89:A1:08:6B:AA:34:02:E8:9C:F2:6E:F8:38:44:DF:0F
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       71FD4C4619D6A67891DB2C6DF63FED3E1ACF938E
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS47689.roa
Signing time:             Thu 04 Jun 2026 15:58:50 +0000
ROA not before:           Thu 04 Jun 2026 15:53:50 +0000
ROA not after:            Thu 03 Jun 2027 15:58:50 +0000
asID:                     47689
IP address blocks:        2a06:a005:a18::/45 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:fd:4c:46:19:d6:a6:78:91:db:2c:6d:f6:3f:ed:3e:1a:cf:93:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:50 2026 GMT
            Not After : Jun  3 15:58:50 2027 GMT
        Subject: CN=9D47E44D89A1086BAA3402E89CF26EF83844DF0F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:35:ab:be:25:b5:53:ff:c1:99:6f:04:a3:62:
                    92:a7:f0:f0:7c:40:35:8e:0a:18:22:2f:8a:39:d3:
                    d1:07:a4:5f:4a:4f:9d:1c:7d:72:6f:e1:5e:1d:ba:
                    c1:6d:33:2b:69:c5:75:72:5f:01:5b:82:81:95:94:
                    75:02:98:1f:45:08:dc:15:47:5b:dd:30:93:fb:d2:
                    3a:40:ee:14:33:48:98:41:c3:08:ad:a8:ac:42:e8:
                    7a:f8:e1:a5:b2:ce:6f:57:06:89:f7:f0:b3:e2:5f:
                    c3:07:0f:63:a0:7a:33:a0:b8:1e:d8:cb:6a:19:66:
                    2f:c3:fe:a6:83:11:0f:81:e8:9d:4b:e3:62:e6:af:
                    8d:ad:5a:d3:ee:ce:78:f2:56:85:60:1e:b9:bf:00:
                    9b:d0:6f:dc:11:71:f1:0f:82:fa:43:60:d7:46:ed:
                    13:28:d9:6d:90:98:4c:4d:eb:21:90:b1:46:49:b1:
                    76:26:4e:b6:e2:b4:12:95:c8:1e:0a:35:6e:cf:e8:
                    16:b7:96:17:f0:98:96:de:1c:94:e6:0e:94:0d:f6:
                    3d:b2:e3:74:83:e2:e7:fd:af:b4:92:d0:2f:2c:54:
                    e1:67:72:a9:4b:8e:a4:66:91:58:b9:4d:f2:38:00:
                    5c:67:45:38:e7:75:3b:43:c9:fe:c5:c2:2d:14:b5:
                    24:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:47:E4:4D:89:A1:08:6B:AA:34:02:E8:9C:F2:6E:F8:38:44:DF:0F
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS47689.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:a18::/45

    Signature Algorithm: sha256WithRSAEncryption
         38:3a:64:f3:a5:b2:66:dc:e1:d4:aa:d3:92:42:8e:39:ef:ea:
         c0:95:82:d9:8a:2c:03:6c:ef:8c:19:37:70:a0:22:4a:16:1f:
         19:d2:1a:2e:9b:be:0d:4a:a8:17:9d:97:59:3f:a8:36:49:91:
         33:5a:4e:e8:49:89:51:71:00:47:8f:87:71:3b:37:ab:4c:36:
         26:ea:ed:b2:a5:23:33:fe:8d:10:2a:79:73:31:f3:46:97:dd:
         01:08:97:6d:13:1e:0c:ef:4c:a1:77:b1:06:2f:da:75:eb:c2:
         42:7c:22:8b:45:33:61:c0:cb:de:79:23:b6:6c:63:a0:b6:a5:
         dd:5f:ab:a4:2f:2b:cc:cc:e6:13:8f:f1:d9:19:58:fe:ac:83:
         17:3a:6f:d5:49:62:76:27:af:e6:71:20:02:c3:fe:e9:8c:09:
         97:6a:c6:29:ba:93:d6:2e:01:d4:86:d5:3f:3b:e1:12:8e:08:
         00:27:72:e2:91:d5:51:45:00:93:6d:eb:ee:56:82:15:a7:33:
         17:87:00:77:ac:ea:b4:7b:be:11:05:24:70:5a:16:3b:19:e3:
         12:7e:88:91:58:85:02:33:6d:8c:8a:6f:90:ba:c1:0d:3c:48:
         df:7e:84:22:02:d2:8a:26:fa:38:87:e3:1a:3e:af:88:7a:ad:
         3f:7b:8a:2e
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUcf1MRhnWpniR2yxt9j/tPhrPk44wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTBaFw0yNzA2MDMxNTU4NTBaMDMxMTAvBgNV
BAMTKDlENDdFNDREODlBMTA4NkJBQTM0MDJFODlDRjI2RUY4Mzg0NERGMEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkNau+JbVT/8GZbwSjYpKn8PB8
QDWOChgiL4o509EHpF9KT50cfXJv4V4dusFtMytpxXVyXwFbgoGVlHUCmB9FCNwV
R1vdMJP70jpA7hQzSJhBwwitqKxC6Hr44aWyzm9XBon38LPiX8MHD2OgejOguB7Y
y2oZZi/D/qaDEQ+B6J1L42Lmr42tWtPuznjyVoVgHrm/AJvQb9wRcfEPgvpDYNdG
7RMo2W2QmExN6yGQsUZJsXYmTrbitBKVyB4KNW7P6Ba3lhfwmJbeHJTmDpQN9j2y
43SD4uf9r7SS0C8sVOFncqlLjqRmkVi5TfI4AFxnRTjndTtDyf7Fwi0UtSRxAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUnUfkTYmhCGuqNALonPJu+DhE3w8wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NDc2ODkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwMqBqAFChgwDQYJKoZIhvcNAQELBQADggEBADg6ZPOl
smbc4dSq05JCjjnv6sCVgtmKLANs74wZN3CgIkoWHxnSGi6bvg1KqBedl1k/qDZJ
kTNaTuhJiVFxAEePh3E7N6tMNibq7bKlIzP+jRAqeXMx80aX3QEIl20THgzvTKF3
sQYv2nXrwkJ8IotFM2HAy955I7ZsY6C2pd1fq6QvK8zM5hOP8dkZWP6sgxc6b9VJ
YnYnr+ZxIALD/umMCZdqxim6k9YuAdSG1T874RKOCAAncuKR1VFFAJNt6+5WghWn
MxeHAHes6rR7vhEFJHBaFjsZ4xJ+iJFYhQIzbYyKb5C6wQ08SN9+hCIC0oom+jiH
4xo+r4h6rT97ii4=
-----END CERTIFICATE-----