Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199676.roa
File:                     AS199676.roa (raw, json)
Hash identifier:          Lor97qOTc7vDFjoRyAbveX4mQJOGy13rI1gjOyL5ODE=
Subject key identifier:   57:EA:22:58:A1:25:5B:73:11:8A:52:D7:E8:7A:E4:E4:57:96:F5:6B
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       4FD7373DDC42C647890112A18742A2617FB10102
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199676.roa
Signing time:             Thu 03 Jul 2025 15:51:21 +0000
ROA not before:           Thu 03 Jul 2025 15:46:21 +0000
ROA not after:            Thu 02 Jul 2026 15:51:21 +0000
asID:                     199676
IP address blocks:        2a06:a005:1877::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:d7:37:3d:dc:42:c6:47:89:01:12:a1:87:42:a2:61:7f:b1:01:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:21 2025 GMT
            Not After : Jul  2 15:51:21 2026 GMT
        Subject: CN=57EA2258A1255B73118A52D7E87AE4E45796F56B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:9a:96:23:36:66:3e:a6:8c:13:ed:39:fa:ec:
                    e8:92:16:74:d8:ea:95:50:f4:85:c3:4a:fe:7b:29:
                    f5:59:ca:c8:80:4b:b8:fb:ef:9a:02:be:09:81:ac:
                    6f:4f:a2:9a:11:7d:89:41:67:81:69:a6:5e:e8:6d:
                    d5:0b:b9:ab:42:69:6f:68:0e:22:f3:d9:8a:a0:e8:
                    d7:4b:6d:e6:70:bd:2f:48:bc:3b:95:5f:32:91:1a:
                    b4:9b:8d:24:d1:67:b2:b0:9d:61:ec:34:b1:11:78:
                    00:7b:ee:0a:6e:4e:92:8d:c3:1e:eb:72:08:38:c1:
                    40:ab:a1:6c:9d:50:d1:db:05:91:e1:c3:17:5d:59:
                    2c:e0:e8:ce:bb:bd:74:61:ff:61:ab:1e:c0:22:70:
                    73:db:1d:25:3f:e4:2c:a8:05:e0:16:cd:66:21:16:
                    1d:bc:d3:99:01:0c:23:21:4a:0e:4a:40:30:5f:90:
                    a8:80:c5:f5:62:86:06:e8:53:13:c8:96:d2:60:1f:
                    81:35:f2:d8:dc:40:46:1e:48:23:ff:2e:04:32:31:
                    fd:ca:94:2e:b3:e8:3b:90:23:b5:d9:69:32:a0:d1:
                    eb:ac:8d:1f:58:49:87:43:7c:53:7e:a5:43:5e:d1:
                    c2:98:5e:c3:fb:6d:4e:8d:59:6e:51:0f:55:2e:6b:
                    b7:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:EA:22:58:A1:25:5B:73:11:8A:52:D7:E8:7A:E4:E4:57:96:F5:6B
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1877::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:e2:12:5c:77:55:c8:22:2e:e6:d2:d6:3d:3e:f0:70:55:80:
         64:9f:f9:88:d7:84:69:d7:4b:ef:23:1f:b0:c1:59:59:11:44:
         d1:6d:05:3c:19:63:b3:7f:8c:70:b0:90:42:df:8f:e7:be:67:
         93:4a:90:7b:43:ba:54:05:c2:c5:2f:9b:59:a8:a6:d5:a0:2f:
         a7:4b:04:c4:e3:fb:f7:18:e8:5e:bf:c6:58:99:64:d8:b3:ef:
         b3:cf:68:cd:48:7d:ca:ba:e4:41:2c:13:ea:b7:fd:68:a8:de:
         8a:73:59:66:b8:0f:f8:c7:d5:a4:56:a1:9b:59:58:9a:74:ff:
         23:6c:df:cc:d0:11:6f:c2:6a:c3:df:30:e6:26:31:75:d1:78:
         08:8d:2f:b9:f5:e4:19:36:b4:21:2d:61:57:f2:62:55:a0:42:
         59:19:6c:af:27:a2:c5:69:c6:72:f9:c0:69:43:0a:04:48:5e:
         59:cb:ab:f5:f4:a7:6e:07:a3:a8:31:01:e1:86:fa:cb:23:c7:
         76:ae:da:66:56:fb:aa:cd:31:b6:d0:a0:6c:bf:61:32:c6:ac:
         71:08:b7:80:33:7a:53:d6:ec:0a:af:c7:2e:7e:ef:a8:f0:a3:
         99:19:0e:9f:55:06:b3:2a:70:5d:3b:70:69:36:8c:ba:81:96:
         2d:28:63:d1
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUT9c3PdxCxkeJARKhh0KiYX+xAQIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MjFaFw0yNjA3MDIxNTUxMjFaMDMxMTAvBgNV
BAMTKDU3RUEyMjU4QTEyNTVCNzMxMThBNTJEN0U4N0FFNEU0NTc5NkY1NkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGmpYjNmY+powT7Tn67OiSFnTY
6pVQ9IXDSv57KfVZysiAS7j775oCvgmBrG9PopoRfYlBZ4Fppl7obdULuatCaW9o
DiLz2Yqg6NdLbeZwvS9IvDuVXzKRGrSbjSTRZ7KwnWHsNLEReAB77gpuTpKNwx7r
cgg4wUCroWydUNHbBZHhwxddWSzg6M67vXRh/2GrHsAicHPbHSU/5CyoBeAWzWYh
Fh2805kBDCMhSg5KQDBfkKiAxfVihgboUxPIltJgH4E18tjcQEYeSCP/LgQyMf3K
lC6z6DuQI7XZaTKg0eusjR9YSYdDfFN+pUNe0cKYXsP7bU6NWW5RD1Uua7d/AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUV+oiWKElW3MRilLX6Hrk5FeW9WswHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTk5Njc2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBRh3MA0GCSqGSIb3DQEBCwUAA4IBAQBw4hJc
d1XIIi7m0tY9PvBwVYBkn/mI14Rp10vvIx+wwVlZEUTRbQU8GWOzf4xwsJBC34/n
vmeTSpB7Q7pUBcLFL5tZqKbVoC+nSwTE4/v3GOhev8ZYmWTYs++zz2jNSH3KuuRB
LBPqt/1oqN6Kc1lmuA/4x9WkVqGbWViadP8jbN/M0BFvwmrD3zDmJjF10XgIjS+5
9eQZNrQhLWFX8mJVoEJZGWyvJ6LFacZy+cBpQwoESF5Zy6v19KduB6OoMQHhhvrL
I8d2rtpmVvuqzTG20KBsv2EyxqxxCLeAM3pT1uwKr8cufu+o8KOZGQ6fVQazKnBd
O3BpNoy6gZYtKGPR
-----END CERTIFICATE-----