Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200169.roa
File:                     AS200169.roa (raw, json)
Hash identifier:          hEHHR8z8DZjSGjKj8T1R1TAxkEOS+eZUyLNLBzTMXaM=
Subject key identifier:   59:EE:92:43:BD:2A:44:4D:80:61:16:66:93:28:44:28:1E:78:72:3F
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       0DCD3C0114E4A4EF1ABFB730E64ABDD8E9EC9D98
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200169.roa
Signing time:             Thu 03 Jul 2025 15:51:45 +0000
ROA not before:           Thu 03 Jul 2025 15:46:45 +0000
ROA not after:            Thu 02 Jul 2026 15:51:45 +0000
asID:                     200169
IP address blocks:        2a06:a005:2c90::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:cd:3c:01:14:e4:a4:ef:1a:bf:b7:30:e6:4a:bd:d8:e9:ec:9d:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:45 2025 GMT
            Not After : Jul  2 15:51:45 2026 GMT
        Subject: CN=59EE9243BD2A444D80611666932844281E78723F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:9c:1f:e7:35:b3:85:76:ac:f4:0b:88:e8:88:
                    8e:f5:34:db:a1:f8:99:c7:be:9d:0c:82:6e:98:68:
                    55:ac:7a:9b:df:66:69:ea:a9:20:b7:91:0d:c8:18:
                    75:64:7d:5e:22:81:1d:c0:16:de:4b:cc:56:6e:ef:
                    8d:9b:37:da:5b:a1:91:21:51:24:28:ab:c3:83:71:
                    d2:c8:11:2b:05:db:37:36:a3:5c:93:1d:74:7a:43:
                    a9:6e:a6:e2:d4:5a:1a:0b:ca:bc:bd:d9:00:86:e7:
                    1b:a5:6c:47:64:d6:01:c8:eb:a3:66:7b:00:86:95:
                    b8:0f:40:a1:7a:4c:3a:09:6d:d6:d5:a2:94:d2:4b:
                    ac:fd:f8:71:16:68:d6:5c:1b:8f:bc:f6:c7:ef:4e:
                    a7:ba:a7:2b:9c:ef:03:4e:f5:78:66:d7:34:48:f4:
                    64:b6:af:f9:17:89:80:3b:f0:35:f5:d7:2d:cc:bb:
                    40:f2:7d:ee:da:dc:34:59:10:3a:c6:f3:8f:bf:3d:
                    77:1f:ea:20:d3:ab:64:bc:a9:61:eb:ab:a6:c7:18:
                    d2:59:7c:d5:4e:06:ad:77:12:7b:e8:f7:33:5a:62:
                    65:97:ec:7a:e1:ae:ce:e5:c3:1a:60:41:17:41:08:
                    7f:4f:90:15:33:06:34:ba:42:83:29:8b:ff:3a:b3:
                    e5:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:EE:92:43:BD:2A:44:4D:80:61:16:66:93:28:44:28:1E:78:72:3F
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200169.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2c90::/44

    Signature Algorithm: sha256WithRSAEncryption
         46:2f:71:cc:7f:00:7f:57:c3:36:6d:83:08:44:f8:4f:52:26:
         9a:5d:cb:9a:c1:e4:69:40:0a:05:71:76:10:9d:6d:06:1a:8b:
         6c:e1:aa:2d:23:66:49:8d:9a:e0:be:15:e1:36:b9:2c:c6:1b:
         9e:05:d4:86:e8:ae:b3:1f:a2:17:ec:d2:b1:05:9a:cd:d4:10:
         1a:26:d2:48:7e:af:7a:45:00:f9:f7:4b:cd:0d:c8:dc:2d:c9:
         bd:3d:90:85:82:2e:b4:5d:86:fd:d2:dc:c9:a2:8b:db:81:96:
         af:8c:5e:a5:ce:7a:c4:d4:cd:a0:bb:54:29:e2:26:30:b0:5a:
         24:33:1c:8e:bd:ba:37:21:9a:6b:b2:e4:4f:7b:f8:6d:9b:f3:
         6a:02:8c:42:96:6a:5d:7e:e6:85:9f:27:c9:05:0d:7c:ef:6e:
         48:44:29:6a:89:2a:f5:7c:52:58:df:83:cc:cb:53:9e:39:6d:
         30:d6:ea:27:b9:c3:45:5e:68:fb:4d:7b:41:7c:8a:6a:68:dc:
         0c:1e:49:2f:08:3f:d2:50:d6:30:05:0c:ef:55:e3:7d:20:a7:
         20:85:31:95:f0:e1:17:6c:5b:10:f3:11:f9:05:f9:88:19:3d:
         83:f8:da:e2:81:dd:97:7e:59:ca:ba:a7:f0:84:51:4c:d1:ac:
         b8:d3:09:09
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUDc08ARTkpO8av7cw5kq92OnsnZgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2NDVaFw0yNjA3MDIxNTUxNDVaMDMxMTAvBgNV
BAMTKDU5RUU5MjQzQkQyQTQ0NEQ4MDYxMTY2NjkzMjg0NDI4MUU3ODcyM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCknB/nNbOFdqz0C4joiI71NNuh
+JnHvp0Mgm6YaFWsepvfZmnqqSC3kQ3IGHVkfV4igR3AFt5LzFZu742bN9pboZEh
USQoq8ODcdLIESsF2zc2o1yTHXR6Q6lupuLUWhoLyry92QCG5xulbEdk1gHI66Nm
ewCGlbgPQKF6TDoJbdbVopTSS6z9+HEWaNZcG4+89sfvTqe6pyuc7wNO9Xhm1zRI
9GS2r/kXiYA78DX11y3Mu0Dyfe7a3DRZEDrG84+/PXcf6iDTq2S8qWHrq6bHGNJZ
fNVOBq13Envo9zNaYmWX7Hrhrs7lwxpgQRdBCH9PkBUzBjS6QoMpi/86s+WxAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUWe6SQ70qRE2AYRZmkyhEKB54cj8wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAwMTY5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSyQMA0GCSqGSIb3DQEBCwUAA4IBAQBGL3HM
fwB/V8M2bYMIRPhPUiaaXcuaweRpQAoFcXYQnW0GGots4aotI2ZJjZrgvhXhNrks
xhueBdSG6K6zH6IX7NKxBZrN1BAaJtJIfq96RQD590vNDcjcLcm9PZCFgi60XYb9
0tzJoovbgZavjF6lznrE1M2gu1Qp4iYwsFokMxyOvbo3IZprsuRPe/htm/NqAoxC
lmpdfuaFnyfJBQ18725IRClqiSr1fFJY34PMy1OeOW0w1uonucNFXmj7TXtBfIpq
aNwMHkkvCD/SUNYwBQzvVeN9IKcghTGV8OEXbFsQ8xH5BfmIGT2D+Nrigd2XflnK
uqfwhFFM0ay40wkJ
-----END CERTIFICATE-----