Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS0.roa
File:                     AS0.roa (raw, json)
Hash identifier:          y+5BBs7uxrJ4BYDq/MVM17s69AupI4nRtxfBkjXAFF8=
Subject key identifier:   1A:64:E9:51:55:EC:D3:BB:F3:71:3B:93:4E:37:51:A7:53:92:7D:AF
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       56C5CD0A491EFDF416E317E763329C74E6D600C0
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS0.roa
Signing time:             Tue 23 Jun 2026 18:54:00 +0000
ROA not before:           Tue 23 Jun 2026 18:49:00 +0000
ROA not after:            Tue 22 Jun 2027 18:54:00 +0000
asID:                     0
IP address blocks:        2a09:54c4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Jul 2026 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:c5:cd:0a:49:1e:fd:f4:16:e3:17:e7:63:32:9c:74:e6:d6:00:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun 23 18:49:00 2026 GMT
            Not After : Jun 22 18:54:00 2027 GMT
        Subject: CN=1A64E95155ECD3BBF3713B934E3751A753927DAF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:31:b8:36:32:39:6c:e8:9f:43:43:5b:04:fc:
                    7b:e2:a8:22:45:89:09:c2:f3:c4:91:61:2d:9d:06:
                    ba:18:d4:4e:ec:26:78:ec:43:af:6f:55:35:70:a7:
                    b8:50:68:99:69:99:fe:d5:c1:9e:4c:f5:1e:19:69:
                    c4:40:f0:bb:30:16:54:56:ae:19:64:b5:08:1e:b7:
                    c1:04:69:25:51:09:3f:10:b4:97:b3:73:12:6a:16:
                    32:85:18:65:14:8d:e7:1c:00:f7:e1:ab:42:24:b1:
                    54:86:18:66:40:43:e2:62:02:99:86:8f:41:fe:e1:
                    ad:a7:1c:66:45:ef:8e:cd:32:5d:d6:fa:c5:2e:ad:
                    f6:a5:8a:65:17:ef:1e:f5:8d:ac:8d:0e:df:34:80:
                    37:bf:a9:be:26:dd:38:bd:54:12:06:b5:f6:e0:60:
                    e0:e2:0b:0b:cb:c5:b7:8f:ba:54:c9:37:3f:30:e7:
                    7f:e5:a5:8e:3d:e6:d2:22:ce:6b:ab:80:19:b4:7a:
                    fb:25:1e:ab:4b:3b:70:99:19:79:74:88:63:4b:83:
                    ed:0a:f9:97:e4:b5:4d:2f:20:95:e7:09:e9:76:c3:
                    85:48:b0:31:da:af:9e:90:c4:15:1d:e0:22:4d:fa:
                    de:a9:22:11:41:a6:89:a5:c3:e7:34:99:e2:48:33:
                    66:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:64:E9:51:55:EC:D3:BB:F3:71:3B:93:4E:37:51:A7:53:92:7D:AF
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS0.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:54c4::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:af:f4:49:fb:ca:d9:1d:f0:d2:55:73:e9:37:6b:49:79:48:
         9c:49:83:15:15:27:4b:11:5b:83:6f:7e:db:a3:87:d1:cd:94:
         87:c9:41:f7:5f:a7:d2:35:c1:3a:f4:1c:55:b6:21:50:7b:28:
         2b:dc:9b:8f:e2:d7:3e:7b:2f:09:b4:e1:07:cb:88:95:a1:d9:
         07:bf:f1:46:52:8e:c4:56:0e:57:6a:85:d0:aa:0d:44:6c:71:
         55:40:ca:0f:43:d1:67:da:76:5b:35:ed:ef:37:fe:8d:91:d9:
         a7:ae:45:0e:06:a2:92:58:3a:de:72:18:4e:bd:51:b7:09:54:
         97:b1:89:36:e5:db:ce:8e:0a:8e:e7:cf:ab:c8:98:b1:98:7f:
         1a:ba:ab:6e:97:66:ed:f5:33:ac:fc:be:22:4e:19:46:5a:1f:
         86:d0:c1:91:90:74:8b:a0:5f:07:d4:b1:36:57:79:02:08:52:
         6f:f5:e7:df:2d:12:17:2f:f0:6b:e1:90:b7:52:ce:58:7d:4f:
         3a:c8:84:58:b5:02:e5:f9:92:d9:64:78:72:ae:41:92:cf:81:
         e6:e3:2c:96:4b:9c:b5:8e:dc:bc:f4:70:12:85:8a:5e:5b:d0:
         22:fb:54:d9:e0:47:25:54:28:8c:16:96:b7:01:6c:21:ac:05:
         70:98:d2:d5
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIUVsXNCkke/fQW4xfnYzKcdObWAMAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MjMxODQ5MDBaFw0yNzA2MjIxODU0MDBaMDMxMTAvBgNV
BAMTKDFBNjRFOTUxNTVFQ0QzQkJGMzcxM0I5MzRFMzc1MUE3NTM5MjdEQUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoMbg2Mjls6J9DQ1sE/HviqCJF
iQnC88SRYS2dBroY1E7sJnjsQ69vVTVwp7hQaJlpmf7VwZ5M9R4ZacRA8LswFlRW
rhlktQget8EEaSVRCT8QtJezcxJqFjKFGGUUjeccAPfhq0IksVSGGGZAQ+JiApmG
j0H+4a2nHGZF747NMl3W+sUurfalimUX7x71jayNDt80gDe/qb4m3Ti9VBIGtfbg
YODiCwvLxbePulTJNz8w53/lpY495tIizmurgBm0evslHqtLO3CZGXl0iGNLg+0K
+ZfktU0vIJXnCel2w4VIsDHar56QxBUd4CJN+t6pIhFBpomlw+c0meJIM2a9AgMB
AAGjggHrMIIB5zAdBgNVHQ4EFgQUGmTpUVXs07vzcTuTTjdRp1OSfa8wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBrBggrBgEF
BQcBCwRfMF0wWwYIKwYBBQUHMAuGT3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQR
MA8wDQQCAAIwBwMFACoJVMQwDQYJKoZIhvcNAQELBQADggEBABmv9En7ytkd8NJV
c+k3a0l5SJxJgxUVJ0sRW4Nvftujh9HNlIfJQfdfp9I1wTr0HFW2IVB7KCvcm4/i
1z57Lwm04QfLiJWh2Qe/8UZSjsRWDldqhdCqDURscVVAyg9D0Wfadls17e83/o2R
2aeuRQ4GopJYOt5yGE69UbcJVJexiTbl286OCo7nz6vImLGYfxq6q26XZu31M6z8
viJOGUZaH4bQwZGQdIugXwfUsTZXeQIIUm/1598tEhcv8GvhkLdSzlh9TzrIhFi1
AuX5ktlkeHKuQZLPgebjLJZLnLWO3Lz0cBKFil5b0CL7VNngRyVUKIwWlrcBbCGs
BXCY0tU=
-----END CERTIFICATE-----
Generated at Fri Jul 10 14:12:17 2026 by rpki-client