Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS58212.roa
File:                     AS58212.roa (raw, json)
Hash identifier:          gzyCyHMyN4VcRKzV+AqhCxxYY3l5pXkUWQgIm6e88L4=
Subject key identifier:   A4:C8:C0:88:AC:0F:9D:C8:62:8B:FA:D5:1B:D8:44:74:F3:50:E0:7A
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       3D6B164C4C8151AF6ABDC174D5523A0BF19A5D20
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS58212.roa
Signing time:             Sat 26 Jul 2025 06:02:58 +0000
ROA not before:           Sat 26 Jul 2025 05:57:58 +0000
ROA not after:            Sat 25 Jul 2026 06:02:58 +0000
asID:                     58212
IP address blocks:        2a05:dfc7::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 23:12:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:6b:16:4c:4c:81:51:af:6a:bd:c1:74:d5:52:3a:0b:f1:9a:5d:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul 26 05:57:58 2025 GMT
            Not After : Jul 25 06:02:58 2026 GMT
        Subject: CN=A4C8C088AC0F9DC8628BFAD51BD84474F350E07A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:54:0b:eb:98:c9:fc:32:99:a1:5d:a4:59:6d:
                    c8:c4:45:7a:62:c9:49:92:c8:50:24:b5:c2:09:5d:
                    5b:b3:34:c9:e9:2f:66:1c:fa:1d:33:89:32:61:5c:
                    f8:67:8f:95:bc:fb:f6:f1:e0:27:a7:21:87:4e:71:
                    86:ce:b1:1a:82:d3:17:ad:16:78:dc:29:4e:46:a1:
                    ff:5c:bd:86:58:80:81:ee:1a:cc:34:00:67:3b:a6:
                    bf:74:26:44:e1:e8:ce:4a:5a:87:fa:06:a4:ff:2e:
                    e6:e9:8b:22:00:b8:ad:48:8c:3b:c1:45:ff:f0:c5:
                    5a:1b:af:99:6b:af:ad:f7:7d:26:b8:7a:5e:f9:6d:
                    cd:f2:57:9b:f4:9c:b5:3e:a5:9e:1b:55:96:ab:a1:
                    3a:7d:90:ed:f8:ea:61:a1:2a:3a:7a:d3:82:06:a4:
                    54:6a:78:78:1a:85:95:89:16:49:bf:93:9f:1b:35:
                    3b:23:39:3e:0f:95:4c:84:a2:d6:a7:09:fd:78:b1:
                    b1:7e:89:b8:d9:19:43:3f:d4:bc:c1:b2:2b:5a:5c:
                    ca:28:00:c1:6c:60:0b:d0:88:4e:b7:cd:68:80:21:
                    e7:e1:16:86:04:9f:14:55:8c:42:f0:d5:12:16:f9:
                    53:06:cc:9d:f9:da:ee:df:8f:18:1e:ad:7c:14:2d:
                    c6:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:C8:C0:88:AC:0F:9D:C8:62:8B:FA:D5:1B:D8:44:74:F3:50:E0:7A
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS58212.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:0c:e2:24:49:92:e2:72:f7:56:5a:23:f0:12:28:1b:3f:06:
         7c:c4:dd:aa:75:10:21:96:13:17:0e:cd:3e:ea:81:2b:c8:77:
         01:c1:d0:d6:37:16:22:6f:59:6d:bc:c7:d8:d5:45:ee:e2:6f:
         06:0b:84:b9:cc:61:77:5f:c3:03:42:0b:c9:c2:dd:67:ae:d2:
         65:b8:fa:ae:f1:1e:9a:42:df:69:75:7b:1f:9f:2a:76:1d:8a:
         6e:92:7d:c6:27:b8:32:e8:c4:18:47:07:7e:9e:5e:e0:61:23:
         03:81:e2:b6:05:69:9f:08:37:ab:e0:57:d0:79:c4:4c:2d:d3:
         9c:5b:82:67:30:8a:ad:bb:9a:44:c9:0f:78:44:d0:5f:ab:b2:
         67:49:3e:ba:a5:11:ea:d2:fe:83:dc:72:bc:ee:5f:25:8a:6e:
         48:83:57:7d:04:de:64:7f:8e:07:7c:11:4e:82:1d:45:4d:e4:
         a8:9b:a9:7d:ff:c4:13:87:ca:63:34:ff:7f:38:dc:27:de:24:
         28:25:76:50:f1:38:af:f2:f6:e7:cc:29:01:7e:c3:1b:07:b9:
         1e:1d:da:81:81:73:51:e3:2a:0a:e6:02:9c:4a:06:0d:c1:11:
         a7:31:9b:53:05:e6:b8:e1:06:50:03:a5:89:66:ec:b8:73:ed:
         d1:d3:56:bb
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUPWsWTEyBUa9qvcF01VI6C/GaXSAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MjYwNTU3NThaFw0yNjA3MjUwNjAyNThaMDMxMTAvBgNV
BAMTKEE0QzhDMDg4QUMwRjlEQzg2MjhCRkFENTFCRDg0NDc0RjM1MEUwN0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0VAvrmMn8MpmhXaRZbcjERXpi
yUmSyFAktcIJXVuzNMnpL2Yc+h0ziTJhXPhnj5W8+/bx4CenIYdOcYbOsRqC0xet
FnjcKU5Gof9cvYZYgIHuGsw0AGc7pr90JkTh6M5KWof6BqT/LubpiyIAuK1IjDvB
Rf/wxVobr5lrr633fSa4el75bc3yV5v0nLU+pZ4bVZaroTp9kO346mGhKjp604IG
pFRqeHgahZWJFkm/k58bNTsjOT4PlUyEotanCf14sbF+ibjZGUM/1LzBsitaXMoo
AMFsYAvQiE63zWiAIefhFoYEnxRVjELw1RIW+VMGzJ352u7fjxgerXwULcanAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUpMjAiKwPnchii/rVG9hEdPNQ4HowHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NTgyMTIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcB
Af8EETAPMA0EAgACMAcDBQAqBd/HMA0GCSqGSIb3DQEBCwUAA4IBAQCXDOIkSZLi
cvdWWiPwEigbPwZ8xN2qdRAhlhMXDs0+6oEryHcBwdDWNxYib1ltvMfY1UXu4m8G
C4S5zGF3X8MDQgvJwt1nrtJluPqu8R6aQt9pdXsfnyp2HYpukn3GJ7gy6MQYRwd+
nl7gYSMDgeK2BWmfCDer4FfQecRMLdOcW4JnMIqtu5pEyQ94RNBfq7JnST66pRHq
0v6D3HK87l8lim5Ig1d9BN5kf44HfBFOgh1FTeSom6l9/8QTh8pjNP9/ONwn3iQo
JXZQ8Tiv8vbnzCkBfsMbB7keHdqBgXNR4yoK5gKcSgYNwRGnMZtTBea44QZQA6WJ
Zuy4c+3R01a7
-----END CERTIFICATE-----