Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS0.roa
File:                     AS0.roa (raw, json)
Hash identifier:          1599thmnnnT4K3Of7PVaZDKcQWBoYYhMils6CBQ1KC8=
Subject key identifier:   A0:9A:92:67:B3:35:5E:F2:F9:9A:E7:D4:ED:A0:F6:47:0E:06:3E:92
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       7938C2793909D6A93F73D626F418A1CABCDDF52C
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS0.roa
Signing time:             Sat 31 Jan 2026 20:23:55 +0000
ROA not before:           Sat 31 Jan 2026 20:18:55 +0000
ROA not after:            Sat 30 Jan 2027 20:23:55 +0000
asID:                     0
IP address blocks:        2a06:a000:100::/40 maxlen: 48
                          2a09:54c4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 21:36:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:38:c2:79:39:09:d6:a9:3f:73:d6:26:f4:18:a1:ca:bc:dd:f5:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jan 31 20:18:55 2026 GMT
            Not After : Jan 30 20:23:55 2027 GMT
        Subject: CN=A09A9267B3355EF2F99AE7D4EDA0F6470E063E92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:73:54:e7:e1:bf:36:fd:58:e5:86:f3:41:ee:
                    ba:74:71:2b:93:03:09:d2:02:53:20:de:d2:cc:57:
                    70:28:37:23:e9:4a:82:75:1f:57:af:a6:aa:60:c6:
                    70:bd:27:3b:53:bc:90:08:0e:30:3b:68:a5:67:fa:
                    bd:79:fe:50:82:6a:8f:9d:0b:93:20:86:29:c0:67:
                    44:0b:16:53:0e:47:6f:c9:4a:4c:82:05:fa:b7:a0:
                    50:77:e7:e1:ee:43:29:99:9c:3b:b4:57:32:7e:76:
                    87:23:42:b6:81:30:15:f3:12:f5:3c:aa:1d:85:71:
                    fe:41:bb:00:d0:ba:46:3b:aa:93:20:03:bb:b4:d7:
                    ed:44:c5:0b:ef:97:16:98:04:23:88:17:6f:75:86:
                    42:ec:95:39:43:9a:bc:eb:71:18:9f:9b:65:94:c3:
                    48:ab:d7:7e:8f:2c:e3:f1:d0:43:83:87:05:c0:dd:
                    76:7c:62:ae:46:43:04:f9:99:d9:45:61:51:61:b9:
                    f3:d9:61:ca:5d:ba:75:79:e7:6e:6c:99:89:54:fa:
                    6f:d6:76:ec:9a:31:1b:0d:ab:32:13:d2:18:ed:a2:
                    0d:7c:39:56:01:95:40:0d:57:af:7d:83:f1:05:7e:
                    fb:32:84:f8:af:a7:d9:c2:6a:21:db:b7:08:62:d1:
                    75:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:9A:92:67:B3:35:5E:F2:F9:9A:E7:D4:ED:A0:F6:47:0E:06:3E:92
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS0.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a000:100::/40
                  2a09:54c4::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:c7:11:ac:78:8b:fa:8d:09:13:9f:e1:83:e5:3b:b7:fa:13:
         a5:b9:68:7d:47:77:15:df:1e:cb:ef:0a:90:c1:1c:7a:69:66:
         69:a8:bc:1e:41:31:0a:46:e9:87:ec:c9:25:a8:da:4e:2d:9f:
         9e:08:a8:a9:26:fd:8e:d5:0a:04:02:49:ab:c7:45:4a:c6:01:
         2d:64:5d:f4:2c:6a:08:99:80:ec:64:87:5f:44:65:37:f2:8d:
         55:ee:26:57:22:31:b6:1f:5d:d3:ee:4f:5f:dd:ad:d4:ba:35:
         9b:1e:88:17:a3:1d:99:36:11:1a:57:41:83:1f:cb:26:ca:0e:
         8a:c6:48:ab:fd:91:ba:ad:45:f0:5e:42:fe:4c:ea:80:6d:e2:
         7c:ee:e2:14:cf:45:da:51:46:9f:a2:ca:2d:a3:38:10:ef:42:
         1e:a2:16:d8:29:ce:0f:5a:81:d8:ba:50:28:a5:a9:6a:47:74:
         39:ce:2c:2f:ab:3d:78:65:ed:10:0f:b3:0f:e8:d1:7a:ec:d6:
         83:ed:2b:3e:1e:73:0a:2f:4f:6c:82:34:43:d5:3a:b3:9b:aa:
         62:9b:33:de:53:18:49:fb:65:af:08:d7:f0:93:16:33:3d:85:
         f7:60:ba:27:39:81:37:ab:ea:44:0a:a1:f3:07:2d:18:8a:53:
         db:da:20:11
-----BEGIN CERTIFICATE-----
MIIE6TCCA9GgAwIBAgIUeTjCeTkJ1qk/c9Ym9Bihyrzd9SwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjAxMzEyMDE4NTVaFw0yNzAxMzAyMDIzNTVaMDMxMTAvBgNV
BAMTKEEwOUE5MjY3QjMzNTVFRjJGOTlBRTdENEVEQTBGNjQ3MEUwNjNFOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxc1Tn4b82/VjlhvNB7rp0cSuT
AwnSAlMg3tLMV3AoNyPpSoJ1H1evpqpgxnC9JztTvJAIDjA7aKVn+r15/lCCao+d
C5MghinAZ0QLFlMOR2/JSkyCBfq3oFB35+HuQymZnDu0VzJ+docjQraBMBXzEvU8
qh2Fcf5BuwDQukY7qpMgA7u01+1ExQvvlxaYBCOIF291hkLslTlDmrzrcRifm2WU
w0ir136PLOPx0EODhwXA3XZ8Yq5GQwT5mdlFYVFhufPZYcpdunV5525smYlU+m/W
duyaMRsNqzIT0hjtog18OVYBlUANV699g/EFfvsyhPivp9nCaiHbtwhi0XWPAgMB
AAGjggHzMIIB7zAdBgNVHQ4EFgQUoJqSZ7M1XvL5mufU7aD2Rw4GPpIwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBrBggrBgEF
BQcBCwRfMF0wWwYIKwYBBQUHMAuGT3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAoBggrBgEFBQcBBwEB/wQZ
MBcwFQQCAAIwDwMGACoGoAABAwUAKglUxDANBgkqhkiG9w0BAQsFAAOCAQEAo8cR
rHiL+o0JE5/hg+U7t/oTpblofUd3Fd8ey+8KkMEcemlmaai8HkExCkbph+zJJaja
Ti2fngioqSb9jtUKBAJJq8dFSsYBLWRd9CxqCJmA7GSHX0RlN/KNVe4mVyIxth9d
0+5PX92t1Lo1mx6IF6MdmTYRGldBgx/LJsoOisZIq/2Ruq1F8F5C/kzqgG3ifO7i
FM9F2lFGn6LKLaM4EO9CHqIW2CnOD1qB2LpQKKWpakd0Oc4sL6s9eGXtEA+zD+jR
euzWg+0rPh5zCi9PbII0Q9U6s5uqYpsz3lMYSftlrwjX8JMWMz2F92C6JzmBN6vq
RAqh8wctGIpT29ogEQ==
-----END CERTIFICATE-----