Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199767.roa
File:                     AS199767.roa (raw, json)
Hash identifier:          nC1aab6Keih1vysejgA5DsrFvOSbqnQzJv9AfI1Jqpw=
Subject key identifier:   04:53:76:35:E6:6F:1A:2A:0B:53:51:35:4B:45:25:0A:51:66:D7:28
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       1539D288A516B478031E8FE2F0D6DF6B0A165755
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199767.roa
Signing time:             Thu 03 Jul 2025 15:51:23 +0000
ROA not before:           Thu 03 Jul 2025 15:46:23 +0000
ROA not after:            Thu 02 Jul 2026 15:51:23 +0000
asID:                     199767
IP address blocks:        2a06:a005:2390::/44 maxlen: 48
                          2a06:a005:2cb0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:39:d2:88:a5:16:b4:78:03:1e:8f:e2:f0:d6:df:6b:0a:16:57:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:23 2025 GMT
            Not After : Jul  2 15:51:23 2026 GMT
        Subject: CN=04537635E66F1A2A0B5351354B45250A5166D728
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b2:6f:93:50:09:02:33:3b:63:f7:6a:dd:c7:
                    d7:42:f2:08:21:67:50:e4:c7:b8:3d:0c:d3:b6:27:
                    2b:ec:c7:2a:4c:7d:ae:f3:5c:81:a1:7e:0a:8d:a3:
                    90:09:a9:c4:c7:94:1c:29:e2:a9:f7:ee:c3:97:63:
                    52:9d:ea:1b:ee:72:28:18:6d:d7:bf:57:b4:64:cc:
                    ad:bc:41:85:dd:ae:4e:93:f8:5c:4e:ef:f5:37:bc:
                    c7:a0:09:1c:96:90:f8:c3:61:e2:53:71:54:62:fd:
                    95:fa:b7:36:6a:c8:0d:d4:23:70:f2:cc:a6:6b:a1:
                    25:63:83:39:7c:ff:82:1f:66:4b:84:47:63:9f:b6:
                    92:03:3a:72:96:f3:09:41:0f:88:2e:10:4b:5e:94:
                    b8:aa:ba:0e:68:c7:22:70:40:2c:f7:cf:96:34:4d:
                    95:14:d5:75:d9:b0:4d:d1:59:53:cc:12:c7:fd:e4:
                    fa:28:33:b2:51:a6:33:f5:ef:3a:34:70:c2:f7:c7:
                    df:67:2a:17:60:37:cc:10:4a:53:7b:64:3d:16:d8:
                    b4:92:69:9a:cf:44:1d:6a:7f:21:ea:84:ca:72:14:
                    0e:4a:11:8f:e3:04:8b:59:c4:af:62:3c:73:52:98:
                    0e:4a:5e:02:d6:9f:7a:c4:30:2c:27:c8:af:16:79:
                    36:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:53:76:35:E6:6F:1A:2A:0B:53:51:35:4B:45:25:0A:51:66:D7:28
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199767.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2390::/44
                  2a06:a005:2cb0::/44

    Signature Algorithm: sha256WithRSAEncryption
         22:39:a3:df:9f:9a:86:df:30:5a:e1:63:22:0e:8e:97:78:bb:
         a0:c3:41:93:16:8b:30:e4:da:5b:c1:19:6c:9e:1d:70:e9:dd:
         ff:2c:20:df:ad:9d:4e:6f:6b:0f:8e:38:86:03:59:3a:93:95:
         76:f7:fc:50:3a:be:82:c0:19:3c:b4:6e:b3:9a:b3:47:bf:b6:
         61:60:22:7e:b0:60:bb:a1:40:d3:dd:1f:cb:56:e9:6e:22:74:
         65:a3:64:c1:60:8b:ee:56:97:a8:20:1c:cf:a5:ad:3e:ee:2f:
         0c:b6:91:9c:91:9f:81:c4:d9:49:e9:56:cb:94:dd:51:cf:08:
         fa:f8:90:02:6e:72:34:14:6f:05:56:ad:23:08:4a:0b:2a:0e:
         af:55:5e:bb:bb:24:99:aa:18:73:77:41:74:dc:39:38:0e:9f:
         56:2b:5c:9c:1d:f9:20:a8:df:26:64:bc:d2:bf:72:4c:a2:f1:
         08:80:cf:31:7f:09:5a:09:d9:34:7e:25:68:6d:e0:e9:8f:85:
         8d:c4:75:27:84:2a:10:66:d7:42:04:ed:e5:5b:56:b7:3d:d2:
         c5:1a:57:7a:35:82:89:61:f7:bf:c2:e4:02:c6:64:fc:61:de:
         27:7f:d2:6c:e5:01:9d:1a:ea:6e:f9:b4:41:1f:8e:12:2d:c9:
         a9:4e:95:1e
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUFTnSiKUWtHgDHo/i8NbfawoWV1UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MjNaFw0yNjA3MDIxNTUxMjNaMDMxMTAvBgNV
BAMTKDA0NTM3NjM1RTY2RjFBMkEwQjUzNTEzNTRCNDUyNTBBNTE2NkQ3MjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/sm+TUAkCMztj92rdx9dC8ggh
Z1Dkx7g9DNO2JyvsxypMfa7zXIGhfgqNo5AJqcTHlBwp4qn37sOXY1Kd6hvucigY
bde/V7RkzK28QYXdrk6T+FxO7/U3vMegCRyWkPjDYeJTcVRi/ZX6tzZqyA3UI3Dy
zKZroSVjgzl8/4IfZkuER2OftpIDOnKW8wlBD4guEEtelLiqug5oxyJwQCz3z5Y0
TZUU1XXZsE3RWVPMEsf95PooM7JRpjP17zo0cML3x99nKhdgN8wQSlN7ZD0W2LSS
aZrPRB1qfyHqhMpyFA5KEY/jBItZxK9iPHNSmA5KXgLWn3rEMCwnyK8WeTbtAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUBFN2NeZvGioLU1E1S0UlClFm1ygwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTk5NzY3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcEKgagBSOQAwcEKgagBSywMA0GCSqGSIb3DQEBCwUA
A4IBAQAiOaPfn5qG3zBa4WMiDo6XeLugw0GTFosw5NpbwRlsnh1w6d3/LCDfrZ1O
b2sPjjiGA1k6k5V29/xQOr6CwBk8tG6zmrNHv7ZhYCJ+sGC7oUDT3R/LVuluInRl
o2TBYIvuVpeoIBzPpa0+7i8MtpGckZ+BxNlJ6VbLlN1Rzwj6+JACbnI0FG8FVq0j
CEoLKg6vVV67uySZqhhzd0F03Dk4Dp9WK1ycHfkgqN8mZLzSv3JMovEIgM8xfwla
Cdk0fiVobeDpj4WNxHUnhCoQZtdCBO3lW1a3PdLFGld6NYKJYfe/wuQCxmT8Yd4n
f9Js5QGdGupu+bRBH44SLcmpTpUe
-----END CERTIFICATE-----