Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS59678.roa
File:                     AS59678.roa (raw, json)
Hash identifier:          k/kWbXeTfAcTGl2jKV4WapbJD9jMsgTUHpbFaLr7US4=
Subject key identifier:   72:90:8E:7D:49:B1:69:98:2C:E3:07:A0:AE:91:6E:21:EF:71:80:6B
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       7198BA439B36FB6B739DC34A2B2A5B52F8C9AB2A
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS59678.roa
Signing time:             Thu 04 Jun 2026 15:58:48 +0000
ROA not before:           Thu 04 Jun 2026 15:53:48 +0000
ROA not after:            Thu 03 Jun 2027 15:58:48 +0000
asID:                     59678
IP address blocks:        2a06:a005:2c60::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:98:ba:43:9b:36:fb:6b:73:9d:c3:4a:2b:2a:5b:52:f8:c9:ab:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:48 2026 GMT
            Not After : Jun  3 15:58:48 2027 GMT
        Subject: CN=72908E7D49B169982CE307A0AE916E21EF71806B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c7:0a:2b:36:e0:07:f4:32:94:71:16:54:d1:
                    46:96:dd:06:a0:d8:50:47:7a:a0:f9:80:ed:d1:96:
                    c8:a8:f5:2c:99:26:e5:cb:c9:f8:0d:cd:31:33:ed:
                    74:ef:db:5a:b6:92:cf:5c:fd:40:3d:11:b3:a1:6e:
                    c6:98:b2:94:0f:ab:89:a3:69:1d:96:b7:e3:2b:cb:
                    73:61:dd:d2:f8:08:6c:97:95:89:ab:85:ee:41:2b:
                    f7:1e:19:27:fc:6d:d4:5a:5e:75:32:06:56:39:89:
                    67:16:b7:f7:1d:f0:aa:8f:a7:0a:d0:56:b9:19:6a:
                    0e:2e:39:ef:76:e4:39:a4:9e:6e:d6:3a:e9:6f:c0:
                    91:5e:b5:03:04:ed:9b:f3:7b:29:2a:00:8c:65:4f:
                    13:cb:c9:a2:1f:73:a5:10:6f:1e:20:9d:a7:46:f2:
                    2a:44:39:a7:06:12:1e:1c:e7:a5:06:35:4a:3d:e2:
                    f3:a2:79:e8:ca:f4:8f:ec:36:62:9d:c0:80:36:72:
                    54:d8:1c:9c:6f:33:b7:76:54:5a:75:5c:57:6d:a8:
                    fe:3a:5a:b3:18:b0:9b:7b:cc:8c:ef:57:82:87:6f:
                    73:18:c7:7d:14:99:c0:70:14:41:6e:dc:46:97:35:
                    2b:65:61:04:5e:5e:f5:c2:9d:d1:31:bd:d1:32:d9:
                    0a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:90:8E:7D:49:B1:69:98:2C:E3:07:A0:AE:91:6E:21:EF:71:80:6B
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS59678.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2c60::/44

    Signature Algorithm: sha256WithRSAEncryption
         43:f9:68:54:c0:79:49:e0:26:1c:db:5a:71:d0:02:a0:d5:0b:
         0a:ad:2c:69:f5:9a:22:c6:4e:d1:5e:7c:40:bd:e1:28:7a:54:
         64:af:6e:14:d8:2a:8f:bf:2f:44:c9:3d:c5:ea:e7:fc:2b:3b:
         84:26:32:8d:99:84:b1:d0:11:4e:c7:9a:2e:b1:19:22:53:0c:
         8f:1d:8b:4b:e0:05:95:15:8e:68:0c:6b:83:78:b9:3a:5c:4e:
         9f:61:db:2c:6b:98:db:4e:0a:7c:8b:fc:a2:49:00:c4:e2:97:
         d9:fa:0c:2f:d1:50:ad:f9:0f:40:07:5b:60:06:14:a6:1c:72:
         68:65:9c:9c:99:56:1f:b7:71:ca:fe:dc:1c:00:e7:5b:92:bc:
         e7:61:38:30:14:19:1d:d6:62:16:27:42:2a:98:87:81:3a:66:
         03:c0:fc:9a:07:f7:74:6c:48:06:64:4b:9d:d0:35:0b:6a:88:
         0f:39:28:f2:8a:5c:50:4a:88:6c:00:b2:5f:e4:8d:1d:3e:5e:
         a5:74:95:d4:d0:27:92:8b:e0:87:4b:b7:96:9d:92:00:d4:50:
         38:65:f4:ca:bd:7e:34:7f:3f:c0:d7:19:8f:26:71:38:2b:e2:
         0a:e2:94:94:5f:7a:a2:3a:64:5e:1e:ed:8a:7f:3a:1c:a1:8a:
         1c:f5:c5:c9
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUcZi6Q5s2+2tzncNKKypbUvjJqyowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDhaFw0yNzA2MDMxNTU4NDhaMDMxMTAvBgNV
BAMTKDcyOTA4RTdENDlCMTY5OTgyQ0UzMDdBMEFFOTE2RTIxRUY3MTgwNkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyxworNuAH9DKUcRZU0UaW3Qag
2FBHeqD5gO3Rlsio9SyZJuXLyfgNzTEz7XTv21q2ks9c/UA9EbOhbsaYspQPq4mj
aR2Wt+Mry3Nh3dL4CGyXlYmrhe5BK/ceGSf8bdRaXnUyBlY5iWcWt/cd8KqPpwrQ
VrkZag4uOe925Dmknm7WOulvwJFetQME7ZvzeykqAIxlTxPLyaIfc6UQbx4gnadG
8ipEOacGEh4c56UGNUo94vOieejK9I/sNmKdwIA2clTYHJxvM7d2VFp1XFdtqP46
WrMYsJt7zIzvV4KHb3MYx30UmcBwFEFu3EaXNStlYQReXvXCndExvdEy2QobAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUcpCOfUmxaZgs4wegrpFuIe9xgGswHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NTk2Nzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwQqBqAFLGAwDQYJKoZIhvcNAQELBQADggEBAEP5aFTA
eUngJhzbWnHQAqDVCwqtLGn1miLGTtFefEC94Sh6VGSvbhTYKo+/L0TJPcXq5/wr
O4QmMo2ZhLHQEU7Hmi6xGSJTDI8di0vgBZUVjmgMa4N4uTpcTp9h2yxrmNtOCnyL
/KJJAMTil9n6DC/RUK35D0AHW2AGFKYccmhlnJyZVh+3ccr+3BwA51uSvOdhODAU
GR3WYhYnQiqYh4E6ZgPA/JoH93RsSAZkS53QNQtqiA85KPKKXFBKiGwAsl/kjR0+
XqV0ldTQJ5KL4IdLt5adkgDUUDhl9Mq9fjR/P8DXGY8mcTgr4grilJRfeqI6ZF4e
7Yp/Ohyhihz1xck=
-----END CERTIFICATE-----