Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS0.roa
File:                     AS0.roa (raw, json)
Hash identifier:          WBpD2wBBt5P5rUYYejJeVKWrJKVJ8nzKjg+4NYW5NTs=
Subject key identifier:   96:D1:DE:13:A6:CA:6E:72:15:AB:93:BA:9A:66:5B:08:84:ED:50:FE
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       0900793E301E719164075562F677123493218980
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS0.roa
Signing time:             Tue 02 Sep 2025 13:36:55 +0000
ROA not before:           Tue 02 Sep 2025 13:31:55 +0000
ROA not after:            Tue 01 Sep 2026 13:36:55 +0000
asID:                     0
IP address blocks:        2a0d:d900::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Oct 2025 20:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:00:79:3e:30:1e:71:91:64:07:55:62:f6:77:12:34:93:21:89:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Sep  2 13:31:55 2025 GMT
            Not After : Sep  1 13:36:55 2026 GMT
        Subject: CN=96D1DE13A6CA6E7215AB93BA9A665B0884ED50FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:e3:25:c8:ea:8a:39:54:0f:07:7b:46:07:b5:
                    35:08:0f:e4:17:c8:46:23:fc:cd:6c:31:bc:ea:ec:
                    62:a0:6b:e2:03:0e:b2:1e:53:2e:f2:af:36:3a:c6:
                    2f:72:03:bf:bd:e1:7b:cb:62:ea:06:58:d4:72:48:
                    94:b6:29:54:b7:43:96:20:11:aa:72:df:ae:d9:2e:
                    22:c2:96:51:37:71:6d:58:9f:61:21:63:95:a9:a3:
                    c4:07:a0:da:ab:18:36:6d:13:ec:cc:86:75:15:8b:
                    2e:92:20:cb:55:cd:d4:20:0b:ca:92:5a:09:15:19:
                    f0:ae:2d:b2:3b:de:df:60:92:cd:71:f8:02:62:d1:
                    d4:40:50:2b:56:bf:0a:b4:d7:99:0d:64:34:6a:0b:
                    77:30:d9:47:6f:cb:0e:f6:51:be:9e:3f:16:8c:32:
                    ff:3f:bf:40:32:77:90:a9:7a:36:dd:fd:20:12:1a:
                    2d:02:fe:93:71:16:e1:15:9f:37:7c:60:13:a2:ae:
                    ec:18:a8:fb:04:e3:dd:00:a3:b4:57:41:75:44:4e:
                    e3:bb:04:26:ef:3e:86:cb:98:04:c3:00:82:af:66:
                    5b:ad:4f:d2:d8:7c:95:82:cd:22:5a:8c:a7:41:a9:
                    aa:d3:1e:3d:ff:b7:9d:9d:85:db:17:51:5a:b5:e2:
                    c3:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:D1:DE:13:A6:CA:6E:72:15:AB:93:BA:9A:66:5B:08:84:ED:50:FE
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS0.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d900::/32

    Signature Algorithm: sha256WithRSAEncryption
         26:0a:f0:3e:31:1f:dd:aa:1a:ca:67:52:fd:47:3f:d7:c5:1e:
         3a:f1:26:b1:80:5b:8b:89:49:b9:d0:f6:0b:55:13:32:38:95:
         4a:eb:70:3d:98:05:46:09:47:c1:07:67:6e:6e:24:44:5c:3a:
         e0:a9:3f:74:89:8c:e7:e0:f8:4f:d2:5e:34:04:1e:04:3b:ce:
         50:82:64:f0:22:13:ae:e1:1b:37:7e:94:aa:01:67:80:ea:32:
         7e:c2:c8:84:d8:81:37:60:db:2a:1f:f3:2f:c0:f0:23:77:ec:
         5c:88:36:48:bf:ed:f7:58:7f:32:96:a6:3f:2e:91:4d:52:f3:
         07:a5:c4:29:01:1f:6c:08:39:7e:bd:92:68:36:c3:fc:ff:50:
         95:2b:55:08:35:9c:da:6a:2c:a3:4b:a0:c5:15:07:d6:4b:43:
         8a:b7:eb:18:c7:6e:07:04:02:c6:d6:75:81:c7:80:0d:31:98:
         7c:e6:e2:36:df:ba:ad:9f:26:d0:b6:8d:3b:91:af:4b:f9:45:
         e9:67:a4:87:ee:a1:07:8f:2d:f5:83:9e:4a:31:7b:e2:40:dd:
         25:b0:68:f4:e8:e3:87:5c:72:37:f0:af:92:15:48:ff:65:39:
         27:df:67:e7:5f:66:e1:9b:95:8d:c6:6a:17:25:c8:a7:96:0b:
         6c:67:46:dc
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIUCQB5PjAecZFkB1Vi9ncSNJMhiYAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA5MDIxMzMxNTVaFw0yNjA5MDExMzM2NTVaMDMxMTAvBgNV
BAMTKDk2RDFERTEzQTZDQTZFNzIxNUFCOTNCQTlBNjY1QjA4ODRFRDUwRkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp4yXI6oo5VA8He0YHtTUID+QX
yEYj/M1sMbzq7GKga+IDDrIeUy7yrzY6xi9yA7+94XvLYuoGWNRySJS2KVS3Q5Yg
Eapy367ZLiLCllE3cW1Yn2EhY5Wpo8QHoNqrGDZtE+zMhnUViy6SIMtVzdQgC8qS
WgkVGfCuLbI73t9gks1x+AJi0dRAUCtWvwq015kNZDRqC3cw2Udvyw72Ub6ePxaM
Mv8/v0Ayd5Cpejbd/SASGi0C/pNxFuEVnzd8YBOiruwYqPsE490Ao7RXQXVETuO7
BCbvPobLmATDAIKvZlutT9LYfJWCzSJajKdBqarTHj3/t52dhdsXUVq14sM7AgMB
AAGjggHrMIIB5zAdBgNVHQ4EFgQUltHeE6bKbnIVq5O6mmZbCITtUP4wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBrBggrBgEF
BQcBCwRfMF0wWwYIKwYBBQUHMAuGT3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQR
MA8wDQQCAAIwBwMFACoN2QAwDQYJKoZIhvcNAQELBQADggEBACYK8D4xH92qGspn
Uv1HP9fFHjrxJrGAW4uJSbnQ9gtVEzI4lUrrcD2YBUYJR8EHZ25uJERcOuCpP3SJ
jOfg+E/SXjQEHgQ7zlCCZPAiE67hGzd+lKoBZ4DqMn7CyITYgTdg2yof8y/A8CN3
7FyINki/7fdYfzKWpj8ukU1S8welxCkBH2wIOX69kmg2w/z/UJUrVQg1nNpqLKNL
oMUVB9ZLQ4q36xjHbgcEAsbWdYHHgA0xmHzm4jbfuq2fJtC2jTuRr0v5RelnpIfu
oQePLfWDnkoxe+JA3SWwaPTo44dccjfwr5IVSP9lOSffZ+dfZuGblY3GahclyKeW
C2xnRtw=
-----END CERTIFICATE-----