Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS52025.roa
File:                     AS52025.roa (raw, json)
Hash identifier:          iXU70rVtOpe2vugbbpxRZBQT3d3gYKAyFX9WC4Cgg5Q=
Subject key identifier:   69:A1:4E:CC:8B:F5:B6:1B:B9:24:AC:3D:8D:91:8E:DC:05:99:5C:45
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       1A6F350AB500740A91F426336EF72E834DD38834
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS52025.roa
Signing time:             Tue 11 Mar 2025 02:40:18 +0000
ROA not before:           Tue 11 Mar 2025 02:35:18 +0000
ROA not after:            Tue 10 Mar 2026 02:40:18 +0000
asID:                     52025
IP address blocks:        2a06:a005:5b8::/48 maxlen: 48
                          2a06:a005:1da0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 21:50:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:6f:35:0a:b5:00:74:0a:91:f4:26:33:6e:f7:2e:83:4d:d3:88:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Mar 11 02:35:18 2025 GMT
            Not After : Mar 10 02:40:18 2026 GMT
        Subject: CN=69A14ECC8BF5B61BB924AC3D8D918EDC05995C45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:86:39:79:24:48:f0:65:1c:4f:0d:78:28:2d:
                    61:d6:4a:06:77:2d:45:61:67:a8:99:0c:5e:22:24:
                    c8:63:6f:81:f8:a0:66:2d:82:a3:67:89:f0:85:63:
                    55:f2:bb:5b:ec:ef:f8:8e:83:86:bf:1a:05:bf:48:
                    45:d0:eb:fd:c2:55:b6:d1:d0:75:68:a0:bb:15:2a:
                    8a:e6:b1:e2:47:4d:a9:a7:d1:ee:53:fe:1e:94:7b:
                    df:fc:00:fa:8a:d5:90:6b:e9:c9:a1:46:d4:1b:0a:
                    2a:24:6e:33:ce:99:8b:c2:cd:5f:07:10:df:ee:2a:
                    69:08:c0:fe:b0:61:93:a7:60:da:ae:73:28:66:ee:
                    06:00:62:7b:ea:6d:ba:1b:db:a7:6f:9f:cc:bd:aa:
                    e7:4f:7f:db:6e:81:c3:bb:db:b9:85:37:3d:04:29:
                    63:e8:38:ac:79:df:b0:0c:6f:3f:6b:7c:94:95:57:
                    2a:5d:97:8d:4f:c9:b9:79:87:42:eb:f9:e0:c2:83:
                    91:f2:0b:08:ee:75:36:bf:b8:46:71:74:87:44:f6:
                    90:a1:a8:c5:70:fc:1e:c7:fe:ba:25:97:82:cb:34:
                    19:4f:13:0a:f6:df:d0:7d:82:f0:94:aa:fc:1d:40:
                    13:30:67:32:60:87:56:fb:5f:68:00:8c:cb:4c:22:
                    b8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:A1:4E:CC:8B:F5:B6:1B:B9:24:AC:3D:8D:91:8E:DC:05:99:5C:45
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS52025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5b8::/48
                  2a06:a005:1da0::/44

    Signature Algorithm: sha256WithRSAEncryption
         c1:5b:c5:91:63:e8:0c:c5:52:2e:7b:26:65:0a:bb:96:54:c5:
         3d:82:da:44:bb:30:89:cb:b5:e6:a1:9e:56:fa:c8:85:d4:ac:
         1a:02:b7:e4:88:b8:02:6b:2e:af:2d:8a:a7:57:03:c8:67:c7:
         3a:1d:f9:b8:b7:aa:02:97:35:b2:32:61:09:59:b9:5a:c5:e2:
         c1:ce:18:1f:e2:47:88:c4:b1:91:72:41:72:9c:f4:6d:26:77:
         9c:1b:39:22:7d:14:7f:da:7c:76:e5:27:1b:30:08:7d:87:ca:
         6f:b3:0f:93:2e:e6:ed:80:e6:a8:bf:39:c4:db:74:14:f5:d1:
         09:4d:58:48:76:6b:7d:38:95:1c:77:94:3a:89:92:6e:ea:be:
         79:02:c6:0f:1d:5f:c3:54:30:0e:5d:22:4a:5c:aa:10:cc:e9:
         29:cc:82:66:a4:3c:80:52:98:93:76:1d:43:62:57:7b:2e:d0:
         cd:05:1e:74:e2:93:d9:f0:fe:1e:04:e7:03:eb:c2:7e:15:3b:
         0b:0f:10:40:d5:d7:54:d0:b9:e1:60:78:a9:8e:c0:ab:52:4d:
         a1:47:93:01:b9:b4:83:a1:cf:ed:ab:af:2a:bd:d1:ea:75:7c:
         0d:4d:8d:85:19:85:46:8b:09:9d:ba:22:72:de:db:0c:af:28:
         33:32:64:e0
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIUGm81CrUAdAqR9CYzbvcug03TiDQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNTAzMTEwMjM1MThaFw0yNjAzMTAwMjQwMThaMDMxMTAvBgNV
BAMTKDY5QTE0RUNDOEJGNUI2MUJCOTI0QUMzRDhEOTE4RURDMDU5OTVDNDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8hjl5JEjwZRxPDXgoLWHWSgZ3
LUVhZ6iZDF4iJMhjb4H4oGYtgqNnifCFY1Xyu1vs7/iOg4a/GgW/SEXQ6/3CVbbR
0HVooLsVKormseJHTamn0e5T/h6Ue9/8APqK1ZBr6cmhRtQbCiokbjPOmYvCzV8H
EN/uKmkIwP6wYZOnYNqucyhm7gYAYnvqbbob26dvn8y9qudPf9tugcO727mFNz0E
KWPoOKx537AMbz9rfJSVVypdl41Pybl5h0Lr+eDCg5HyCwjudTa/uEZxdIdE9pCh
qMVw/B7H/roll4LLNBlPEwr239B9gvCUqvwdQBMwZzJgh1b7X2gAjMtMIrjPAgMB
AAGjggH6MIIB9jAdBgNVHQ4EFgQUaaFOzIv1thu5JKw9jZGO3AWZXEUwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
NTIwMjUucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcB
Af8EHDAaMBgEAgACMBIDBwAqBqAFBbgDBwQqBqAFHaAwDQYJKoZIhvcNAQELBQAD
ggEBAMFbxZFj6AzFUi57JmUKu5ZUxT2C2kS7MInLteahnlb6yIXUrBoCt+SIuAJr
Lq8tiqdXA8hnxzod+bi3qgKXNbIyYQlZuVrF4sHOGB/iR4jEsZFyQXKc9G0md5wb
OSJ9FH/afHblJxswCH2Hym+zD5Mu5u2A5qi/OcTbdBT10QlNWEh2a304lRx3lDqJ
km7qvnkCxg8dX8NUMA5dIkpcqhDM6SnMgmakPIBSmJN2HUNiV3su0M0FHnTik9nw
/h4E5wPrwn4VOwsPEEDV11TQueFgeKmOwKtSTaFHkwG5tIOhz+2rryq90ep1fA1N
jYUZhUaLCZ26InLe2wyvKDMyZOA=
-----END CERTIFICATE-----