Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS17138.roa
File:                     AS17138.roa (raw, json)
Hash identifier:          pNKXDAwO4KY6uTjx8uaF5rwiWyb7S44Z+XvjbAtPDsM=
Subject key identifier:   4B:00:79:5F:35:49:0D:BB:79:7A:20:80:BC:2B:93:3C:CD:3B:87:56
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       7866FD88D015C04E4CCF14928200074C97578060
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS17138.roa
Signing time:             Thu 04 Jun 2026 15:58:48 +0000
ROA not before:           Thu 04 Jun 2026 15:53:48 +0000
ROA not after:            Thu 03 Jun 2027 15:58:48 +0000
asID:                     17138
IP address blocks:        2a06:a005:b10::/44 maxlen: 48
                          2a06:a005:b20::/44 maxlen: 48
                          2a06:a005:b30::/44 maxlen: 48
                          2a06:a005:b40::/44 maxlen: 48
                          2a06:a005:b50::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:66:fd:88:d0:15:c0:4e:4c:cf:14:92:82:00:07:4c:97:57:80:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:48 2026 GMT
            Not After : Jun  3 15:58:48 2027 GMT
        Subject: CN=4B00795F35490DBB797A2080BC2B933CCD3B8756
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:71:c2:2b:d1:52:f9:80:55:c7:f9:ed:71:ed:
                    c7:56:73:6e:fd:a1:1c:50:cd:eb:cf:90:07:2e:28:
                    0c:08:30:53:9b:5a:6e:ec:14:22:86:e7:6a:4a:ee:
                    c5:46:d1:91:f5:b6:31:51:21:23:79:d0:52:56:84:
                    da:5d:6a:21:2d:4e:98:6f:a4:af:a2:c2:93:aa:60:
                    5b:61:f0:87:f3:de:9b:6f:15:1e:f2:db:2c:62:0c:
                    f4:34:81:31:86:ea:04:4c:51:49:8c:dd:b9:4e:bd:
                    04:d4:4d:b0:e6:8a:9e:cb:29:b0:fd:8d:68:81:5b:
                    a6:0e:4a:10:34:3e:c5:10:d1:73:36:55:05:4a:c5:
                    42:b9:81:fa:bb:00:2f:71:5f:4e:03:27:00:7e:90:
                    9f:24:9e:68:38:24:22:d3:61:c1:68:27:f5:83:3f:
                    b8:20:1f:a6:f7:b8:03:f4:d1:92:2d:e6:8c:98:f7:
                    ae:29:24:50:80:dc:d5:1b:35:b5:23:f5:02:57:1d:
                    5a:0b:a1:32:22:75:08:2b:8d:d6:d4:f5:75:bc:c9:
                    bf:61:c3:89:94:7c:c9:2f:ad:75:f6:95:72:b9:19:
                    ce:df:e3:b9:0d:5e:ba:1a:ba:4a:9d:4f:2e:17:0d:
                    7f:ee:16:fb:19:50:8c:d8:04:d0:40:b6:84:26:ab:
                    12:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:00:79:5F:35:49:0D:BB:79:7A:20:80:BC:2B:93:3C:CD:3B:87:56
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS17138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:b10::-2a06:a005:b5f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         54:3e:73:f8:94:a3:49:2d:6b:c0:31:23:e5:e8:ad:ac:fc:e9:
         3e:4e:48:d4:3c:4a:54:9c:93:2c:77:33:0c:27:a3:0f:4a:45:
         77:03:cf:38:72:a6:f7:fe:da:bb:14:28:1f:30:fe:9e:a3:6d:
         2e:9f:41:f9:9a:a4:db:c7:77:bf:54:b5:d5:63:13:e8:f3:54:
         b1:f6:4d:26:c4:1c:ac:59:fd:4f:d8:c9:9e:ca:23:a4:ed:28:
         b4:4b:a5:10:1d:01:fb:f9:6b:fc:09:c4:74:e6:31:82:9c:0f:
         0d:08:59:ec:62:30:6a:fa:42:75:64:1f:6d:99:7a:bc:15:97:
         0e:71:b6:1c:4b:08:d3:33:f5:68:3b:de:1e:34:6b:7e:65:09:
         e9:01:e6:a7:d5:ed:3d:d5:5b:94:c0:ec:38:13:c1:1d:dc:6b:
         df:55:f0:10:af:8f:3d:eb:1f:67:23:38:76:7a:f3:9d:b8:8a:
         79:62:ce:53:bd:04:40:09:ba:a7:b1:b0:5d:d9:1d:9e:2f:cc:
         bb:14:0a:2a:45:fb:5b:f0:6b:66:db:53:3c:8e:ad:30:f7:b4:
         97:ae:2e:2d:82:f3:76:f7:08:74:a5:0b:1c:f3:da:71:84:7c:
         9c:45:8f:b0:3e:63:38:1a:e7:11:c2:15:6e:20:c2:08:01:cd:
         d4:23:f6:8e
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIUeGb9iNAVwE5MzxSSggAHTJdXgGAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDhaFw0yNzA2MDMxNTU4NDhaMDMxMTAvBgNV
BAMTKDRCMDA3OTVGMzU0OTBEQkI3OTdBMjA4MEJDMkI5MzNDQ0QzQjg3NTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpccIr0VL5gFXH+e1x7cdWc279
oRxQzevPkAcuKAwIMFObWm7sFCKG52pK7sVG0ZH1tjFRISN50FJWhNpdaiEtTphv
pK+iwpOqYFth8Ifz3ptvFR7y2yxiDPQ0gTGG6gRMUUmM3blOvQTUTbDmip7LKbD9
jWiBW6YOShA0PsUQ0XM2VQVKxUK5gfq7AC9xX04DJwB+kJ8knmg4JCLTYcFoJ/WD
P7ggH6b3uAP00ZIt5oyY964pJFCA3NUbNbUj9QJXHVoLoTIidQgrjdbU9XW8yb9h
w4mUfMkvrXX2lXK5Gc7f47kNXroaukqdTy4XDX/uFvsZUIzYBNBAtoQmqxLBAgMB
AAGjggH8MIIB+DAdBgNVHQ4EFgQUSwB5XzVJDbt5eiCAvCuTPM07h1YwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTcxMzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwLQYIKwYBBQUHAQcB
Af8EHjAcMBoEAgACMBQwEgMHBCoGoAULEAMHBSoGoAULQDANBgkqhkiG9w0BAQsF
AAOCAQEAVD5z+JSjSS1rwDEj5eitrPzpPk5I1DxKVJyTLHczDCejD0pFdwPPOHKm
9/7auxQoHzD+nqNtLp9B+Zqk28d3v1S11WMT6PNUsfZNJsQcrFn9T9jJnsojpO0o
tEulEB0B+/lr/AnEdOYxgpwPDQhZ7GIwavpCdWQfbZl6vBWXDnG2HEsI0zP1aDve
HjRrfmUJ6QHmp9XtPdVblMDsOBPBHdxr31XwEK+PPesfZyM4dnrznbiKeWLOU70E
QAm6p7GwXdkdni/MuxQKKkX7W/BrZttTPI6tMPe0l64uLYLzdvcIdKULHPPacYR8
nEWPsD5jOBrnEcIVbiDCCAHN1CP2jg==
-----END CERTIFICATE-----