Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199840.roa
File:                     AS199840.roa (raw, json)
Hash identifier:          9dxLCraWLtiB5UMqx101KYkRSOWsk96Vmzoebt/URWk=
Subject key identifier:   6F:93:7F:DA:36:B9:E5:70:A4:8C:F0:0E:72:63:77:AA:8F:63:7E:53
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       4CA25D3F1701666110C352574FF07BE8EF627854
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199840.roa
Signing time:             Thu 03 Jul 2025 15:52:42 +0000
ROA not before:           Thu 03 Jul 2025 15:47:42 +0000
ROA not after:            Thu 02 Jul 2026 15:52:42 +0000
asID:                     199840
IP address blocks:        2a06:a005:d20::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:a2:5d:3f:17:01:66:61:10:c3:52:57:4f:f0:7b:e8:ef:62:78:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:42 2025 GMT
            Not After : Jul  2 15:52:42 2026 GMT
        Subject: CN=6F937FDA36B9E570A48CF00E726377AA8F637E53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:23:90:e7:14:a1:66:62:19:fd:89:e3:1a:5b:
                    3e:99:f8:91:27:b6:3a:76:62:60:c3:8d:2b:89:13:
                    49:90:33:1b:0a:54:72:52:b6:a1:6d:0d:91:06:5a:
                    52:ad:58:2e:5f:b4:a2:e8:de:68:e6:ae:da:bc:e8:
                    d1:eb:dc:03:7e:97:1c:9b:a7:b4:7f:44:05:9f:11:
                    7a:3a:5b:22:d1:bb:95:2a:b9:b1:66:aa:e6:37:b3:
                    c7:d9:5e:89:36:9d:9c:50:a7:e8:ea:96:b9:fe:bb:
                    3b:bd:b0:17:b3:f5:6e:f6:3d:cf:89:55:02:ba:8d:
                    3f:b7:50:09:cf:01:2f:ae:97:7f:8a:5e:c5:28:2d:
                    e9:c6:11:40:40:2e:d7:93:a0:f0:df:4f:be:16:51:
                    6f:cf:ef:4e:6d:05:4a:4b:c4:e8:81:ce:87:a3:b2:
                    ea:88:c1:28:7e:35:c5:46:d2:ce:6e:67:e6:39:fa:
                    f2:a1:49:62:2e:58:27:d3:a5:9c:c6:27:d1:c3:4a:
                    bf:80:3c:fd:96:ee:b4:8a:ac:b8:dd:f1:64:93:fb:
                    4b:ee:68:0f:50:19:18:f2:d1:28:05:a9:dd:79:4e:
                    b2:ec:38:22:ca:cc:cc:3a:2c:10:2e:45:80:59:38:
                    c9:37:56:13:b1:4b:b5:18:3c:04:43:d8:65:d9:a8:
                    9e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:93:7F:DA:36:B9:E5:70:A4:8C:F0:0E:72:63:77:AA:8F:63:7E:53
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:d20::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:eb:55:e5:0b:81:a1:cf:08:cd:d3:c4:5f:7a:73:8f:a2:93:
         60:80:b7:63:e1:52:1f:70:2a:0c:03:c9:73:49:af:34:0d:ba:
         81:11:f6:a7:f4:9c:13:80:90:e6:70:d4:e8:76:b7:16:c5:13:
         e0:43:9a:96:06:bc:97:92:b3:c5:e8:dd:2f:b7:ca:c3:2d:ef:
         95:57:4a:ec:c6:68:bc:1a:ad:05:8d:da:7c:2e:85:50:ef:43:
         7a:13:f3:42:8e:76:e6:58:af:16:70:71:03:3d:2c:73:95:a8:
         73:bd:f6:14:14:47:e0:53:1d:b0:cd:39:98:85:62:3e:a3:c1:
         c4:70:95:a9:01:88:00:e9:51:c1:a9:b9:1a:f9:ad:1a:7e:ac:
         05:80:a2:45:de:91:fb:eb:da:ca:1f:8b:4f:40:fe:48:67:8f:
         39:02:d1:3b:2a:1b:ce:54:c8:7f:ff:7e:86:8d:16:77:b8:47:
         f0:87:24:31:7b:0e:54:bc:a1:1b:bd:12:ca:17:d6:ef:eb:85:
         c6:ef:cd:f4:da:6f:69:d0:5d:ba:ea:55:f5:cf:00:97:8e:6f:
         77:96:76:b0:b2:69:cc:2b:df:fd:b2:41:0f:2d:b1:cc:00:09:
         09:7b:d5:09:e3:97:2a:e1:e5:8c:6f:e7:ca:5f:2b:17:51:8a:
         ab:19:65:b2
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUTKJdPxcBZmEQw1JXT/B76O9ieFQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3NDJaFw0yNjA3MDIxNTUyNDJaMDMxMTAvBgNV
BAMTKDZGOTM3RkRBMzZCOUU1NzBBNDhDRjAwRTcyNjM3N0FBOEY2MzdFNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXI5DnFKFmYhn9ieMaWz6Z+JEn
tjp2YmDDjSuJE0mQMxsKVHJStqFtDZEGWlKtWC5ftKLo3mjmrtq86NHr3AN+lxyb
p7R/RAWfEXo6WyLRu5UqubFmquY3s8fZXok2nZxQp+jqlrn+uzu9sBez9W72Pc+J
VQK6jT+3UAnPAS+ul3+KXsUoLenGEUBALteToPDfT74WUW/P705tBUpLxOiBzoej
suqIwSh+NcVG0s5uZ+Y5+vKhSWIuWCfTpZzGJ9HDSr+APP2W7rSKrLjd8WST+0vu
aA9QGRjy0SgFqd15TrLsOCLKzMw6LBAuRYBZOMk3VhOxS7UYPARD2GXZqJ6xAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUb5N/2ja55XCkjPAOcmN3qo9jflMwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTk5ODQwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQ0gMA0GCSqGSIb3DQEBCwUAA4IBAQB/61Xl
C4GhzwjN08RfenOPopNggLdj4VIfcCoMA8lzSa80DbqBEfan9JwTgJDmcNTodrcW
xRPgQ5qWBryXkrPF6N0vt8rDLe+VV0rsxmi8Gq0Fjdp8LoVQ70N6E/NCjnbmWK8W
cHEDPSxzlahzvfYUFEfgUx2wzTmYhWI+o8HEcJWpAYgA6VHBqbka+a0afqwFgKJF
3pH769rKH4tPQP5IZ485AtE7KhvOVMh//36GjRZ3uEfwhyQxew5UvKEbvRLKF9bv
64XG78302m9p0F266lX1zwCXjm93lnawsmnMK9/9skEPLbHMAAkJe9UJ45cq4eWM
b+fKXysXUYqrGWWy
-----END CERTIFICATE-----