Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          ndmOAtnfukv3olt5R4HH3YgBJwayV9rdPuGc/6KFLJI=
Subject key identifier:   4C:86:39:B2:B9:0B:5E:A2:EF:55:10:F0:A8:4A:EB:05:86:5B:79:64
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       1E05D14E0B4401B84A9AAE39E074C809EF65F496
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS16509.roa
Signing time:             Thu 03 Jul 2025 15:51:52 +0000
ROA not before:           Thu 03 Jul 2025 15:46:52 +0000
ROA not after:            Thu 02 Jul 2026 15:51:52 +0000
asID:                     16509
IP address blocks:        2a0a:6043::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:05:d1:4e:0b:44:01:b8:4a:9a:ae:39:e0:74:c8:09:ef:65:f4:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:52 2025 GMT
            Not After : Jul  2 15:51:52 2026 GMT
        Subject: CN=4C8639B2B90B5EA2EF5510F0A84AEB05865B7964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:02:e0:0a:ad:47:4c:d9:cb:17:b6:f8:91:38:
                    89:fa:a1:92:5a:56:be:54:58:fd:de:a1:50:41:f9:
                    26:7e:b5:f8:23:67:f8:c4:3b:a6:a0:03:76:d4:18:
                    85:28:0c:44:5e:2c:7d:69:1b:89:b5:c7:eb:b6:b5:
                    75:b4:08:89:1f:36:87:5a:b9:88:f8:5c:c0:ae:9c:
                    e4:c0:d7:7c:c5:eb:71:11:ef:e0:1b:18:1a:7e:81:
                    d0:e1:c8:e5:9e:4e:8d:60:62:3e:79:ff:79:85:8b:
                    51:01:1b:fb:40:d8:f3:93:2d:8b:35:53:02:7c:7c:
                    8f:c1:03:8d:44:50:bb:ef:da:75:a7:79:63:ef:8a:
                    59:f1:24:7a:87:cb:33:76:d9:f6:35:77:f1:25:dd:
                    96:12:ce:d2:41:ab:8f:d0:4b:ed:ee:e1:eb:bc:7f:
                    92:ec:94:69:8a:30:e1:e2:76:5f:ea:66:82:23:55:
                    b9:af:15:a8:f5:a9:43:9e:6a:d6:cc:9f:ba:69:e3:
                    51:9c:75:09:93:a1:fb:c5:95:89:9a:73:4f:af:54:
                    7a:9f:32:43:61:49:a5:05:b2:ee:74:47:71:c9:eb:
                    3a:ff:4d:e3:e9:75:b5:2f:e2:2a:3c:4f:14:a5:e1:
                    57:9c:55:a5:51:84:44:de:6f:f4:90:bf:2a:1f:43:
                    d4:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:86:39:B2:B9:0B:5E:A2:EF:55:10:F0:A8:4A:EB:05:86:5B:79:64
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6043::/40

    Signature Algorithm: sha256WithRSAEncryption
         74:5e:79:e4:cb:2b:b2:62:d2:04:cd:20:ad:99:ce:b9:54:da:
         d2:72:e6:97:e5:b5:e4:6f:7b:48:b4:d8:c6:ff:20:67:24:a0:
         48:06:87:bc:f3:e8:8d:33:cd:c9:6b:35:74:24:bb:88:37:fa:
         a6:56:c4:3d:b5:c4:68:7a:26:67:c3:5e:58:e2:6a:44:ea:c7:
         66:36:3e:3a:64:cd:e1:ea:70:07:5a:07:d1:ec:e7:58:60:20:
         22:44:b1:85:08:47:23:b5:42:2e:92:60:9e:20:98:5e:8f:86:
         90:02:4a:be:03:e0:59:d1:ee:f5:d8:71:ad:65:e7:ee:31:5a:
         a3:0b:92:50:09:80:9d:9d:3c:cb:a8:32:2f:5b:ef:d8:2d:97:
         08:6e:a8:66:0a:c3:90:8d:1d:1b:64:e8:9c:db:c2:c8:82:85:
         72:db:1d:93:c6:94:a6:c5:8c:96:76:07:db:0f:5e:bb:13:20:
         ba:52:33:e3:7f:ff:6e:2b:56:37:66:c2:3e:36:c8:77:24:46:
         b1:14:4b:9c:1e:28:27:fd:f9:9f:8a:49:f6:d2:92:d6:f7:af:
         75:bb:64:31:6e:18:3f:fe:af:ea:35:fd:18:dd:ad:7e:dd:7d:
         39:ae:16:81:98:06:82:84:6b:9a:77:aa:31:e2:d9:2b:4c:37:
         d5:be:ff:6b
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIUHgXRTgtEAbhKmq454HTICe9l9JYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2NTJaFw0yNjA3MDIxNTUxNTJaMDMxMTAvBgNV
BAMTKDRDODYzOUIyQjkwQjVFQTJFRjU1MTBGMEE4NEFFQjA1ODY1Qjc5NjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7AuAKrUdM2csXtviROIn6oZJa
Vr5UWP3eoVBB+SZ+tfgjZ/jEO6agA3bUGIUoDEReLH1pG4m1x+u2tXW0CIkfNoda
uYj4XMCunOTA13zF63ER7+AbGBp+gdDhyOWeTo1gYj55/3mFi1EBG/tA2POTLYs1
UwJ8fI/BA41EULvv2nWneWPvilnxJHqHyzN22fY1d/El3ZYSztJBq4/QS+3u4eu8
f5LslGmKMOHidl/qZoIjVbmvFaj1qUOeatbMn7pp41GcdQmTofvFlYmac0+vVHqf
MkNhSaUFsu50R3HJ6zr/TePpdbUv4io8TxSl4VecVaVRhETeb/SQvyofQ9TrAgMB
AAGjggHwMIIB7DAdBgNVHQ4EFgQUTIY5srkLXqLvVRDwqErrBYZbeWQwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTY1MDkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcB
Af8EEjAQMA4EAgACMAgDBgAqCmBDADANBgkqhkiG9w0BAQsFAAOCAQEAdF555Msr
smLSBM0grZnOuVTa0nLml+W15G97SLTYxv8gZySgSAaHvPPojTPNyWs1dCS7iDf6
plbEPbXEaHomZ8NeWOJqROrHZjY+OmTN4epwB1oH0eznWGAgIkSxhQhHI7VCLpJg
niCYXo+GkAJKvgPgWdHu9dhxrWXn7jFaowuSUAmAnZ08y6gyL1vv2C2XCG6oZgrD
kI0dG2TonNvCyIKFctsdk8aUpsWMlnYH2w9euxMgulIz43//bitWN2bCPjbIdyRG
sRRLnB4oJ/35n4pJ9tKS1vevdbtkMW4YP/6v6jX9GN2tft19Oa4WgZgGgoRrmneq
MeLZK0w31b7/aw==
-----END CERTIFICATE-----