Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200536.roa
File:                     AS200536.roa (raw, json)
Hash identifier:          TrhiVIu26V9h9IDYgQZUW2NJ4PMIBdrBtFCyXTIgKSw=
Subject key identifier:   CD:FF:9B:67:F7:41:8D:DC:EF:6A:31:35:ED:40:A1:90:30:1A:73:83
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       10686BB73E3CE5A235663207A30FA969747E96BC
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200536.roa
Signing time:             Thu 03 Jul 2025 15:51:34 +0000
ROA not before:           Thu 03 Jul 2025 15:46:34 +0000
ROA not after:            Thu 02 Jul 2026 15:51:34 +0000
asID:                     200536
IP address blocks:        2a06:a005:28f0::/44 maxlen: 48
                          2a06:a005:2950::/44 maxlen: 48
                          2a06:a005:2980::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:68:6b:b7:3e:3c:e5:a2:35:66:32:07:a3:0f:a9:69:74:7e:96:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:34 2025 GMT
            Not After : Jul  2 15:51:34 2026 GMT
        Subject: CN=CDFF9B67F7418DDCEF6A3135ED40A190301A7383
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:96:8d:6f:ca:e6:8b:1e:2f:6e:f2:2a:dc:b3:
                    cb:1b:bc:bf:20:97:84:cc:34:e2:fc:85:01:fd:32:
                    d5:d3:c6:fd:b9:0e:bf:77:1e:23:a1:de:b2:ab:48:
                    98:f0:6c:b7:5a:63:ef:2f:9e:20:7e:65:a2:1d:d4:
                    0e:50:3d:9c:17:4e:45:93:a9:29:1b:4f:eb:cb:87:
                    2e:ce:3f:db:97:36:f6:c7:8d:f0:7f:99:59:4e:fb:
                    30:4a:5a:93:8b:4d:81:05:2e:bb:8b:54:9a:f7:46:
                    af:8b:99:a4:d4:30:94:f1:30:3a:92:3e:94:fc:31:
                    a0:3b:57:6c:70:a5:4b:0e:b2:62:3c:b9:be:a1:7b:
                    10:08:8a:fc:fc:aa:ca:5d:66:a7:b4:bb:2c:ca:cc:
                    4d:eb:e3:a8:02:dc:55:7d:ac:ac:69:d1:01:f2:46:
                    c7:bf:5f:1d:0b:0a:87:ff:4e:4c:52:32:77:5a:6c:
                    3e:30:19:a8:af:7b:97:29:fc:c9:e1:f0:2c:39:be:
                    83:17:64:75:ff:57:43:9f:f6:82:d0:9f:ea:e9:3b:
                    b9:3f:d0:4e:42:6b:80:52:a9:cb:09:e1:b8:36:b3:
                    d2:8e:eb:a6:44:d2:75:d0:89:22:a9:f2:e8:76:18:
                    dc:60:e1:c2:09:12:bf:c7:1c:63:0d:50:17:f9:35:
                    df:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:FF:9B:67:F7:41:8D:DC:EF:6A:31:35:ED:40:A1:90:30:1A:73:83
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:28f0::/44
                  2a06:a005:2950::/44
                  2a06:a005:2980::/44

    Signature Algorithm: sha256WithRSAEncryption
         9d:0d:1d:bc:d4:73:5f:6e:8b:79:ab:7e:68:93:f6:88:9f:88:
         bb:80:59:69:10:0d:0e:8c:a7:3b:bc:8e:50:71:95:cf:23:8a:
         7e:74:d0:0d:5d:5a:9d:9a:5b:90:99:e9:cb:24:cf:9c:04:ad:
         63:b4:1a:77:e4:83:5e:88:ba:79:3e:75:ba:30:15:8b:ab:73:
         13:1e:1f:76:30:e9:a2:6b:b6:31:c9:b9:15:29:36:6f:46:df:
         ff:38:ce:34:8a:77:e4:15:69:69:c9:c3:1b:0a:a4:44:09:48:
         66:d0:97:8d:47:b0:81:da:8c:d2:09:b7:6c:91:34:6d:e3:82:
         06:04:e2:42:78:c2:bd:cb:4a:91:a3:95:c1:26:6c:f1:d2:2f:
         13:59:26:95:4f:0f:5c:0f:69:87:4c:6a:1e:9f:98:2a:ce:5a:
         41:e3:59:a3:2f:a6:2c:bf:f5:8f:09:bc:af:1d:c6:9c:0c:b8:
         c4:ca:0b:96:74:d1:40:4e:f6:78:fe:27:ff:5c:e6:65:47:56:
         9d:40:af:32:e3:bd:5b:6b:8b:40:09:7d:b3:c7:d5:3f:eb:ff:
         08:13:6d:08:93:2f:99:f9:f5:dc:de:90:0f:39:b1:33:21:96:
         b6:af:44:f5:21:59:70:06:28:93:8d:8c:6d:bd:9b:30:a7:1e:
         38:27:d2:80
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUEGhrtz485aI1ZjIHow+paXR+lrwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MzRaFw0yNjA3MDIxNTUxMzRaMDMxMTAvBgNV
BAMTKENERkY5QjY3Rjc0MThERENFRjZBMzEzNUVENDBBMTkwMzAxQTczODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCylo1vyuaLHi9u8ircs8sbvL8g
l4TMNOL8hQH9MtXTxv25Dr93HiOh3rKrSJjwbLdaY+8vniB+ZaId1A5QPZwXTkWT
qSkbT+vLhy7OP9uXNvbHjfB/mVlO+zBKWpOLTYEFLruLVJr3Rq+LmaTUMJTxMDqS
PpT8MaA7V2xwpUsOsmI8ub6hexAIivz8qspdZqe0uyzKzE3r46gC3FV9rKxp0QHy
Rse/Xx0LCof/TkxSMndabD4wGaive5cp/Mnh8Cw5voMXZHX/V0Of9oLQn+rpO7k/
0E5Ca4BSqcsJ4bg2s9KO66ZE0nXQiSKp8uh2GNxg4cIJEr/HHGMNUBf5Nd9HAgMB
AAGjggIEMIICADAdBgNVHQ4EFgQUzf+bZ/dBjdzvajE17UChkDAac4MwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAwNTM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcEKgagBSjwAwcEKgagBSlQAwcEKgagBSmAMA0GCSqG
SIb3DQEBCwUAA4IBAQCdDR281HNfbot5q35ok/aIn4i7gFlpEA0OjKc7vI5QcZXP
I4p+dNANXVqdmluQmenLJM+cBK1jtBp35INeiLp5PnW6MBWLq3MTHh92MOmia7Yx
ybkVKTZvRt//OM40infkFWlpycMbCqRECUhm0JeNR7CB2ozSCbdskTRt44IGBOJC
eMK9y0qRo5XBJmzx0i8TWSaVTw9cD2mHTGoen5gqzlpB41mjL6Ysv/WPCbyvHcac
DLjEyguWdNFATvZ4/if/XOZlR1adQK8y471ba4tACX2zx9U/6/8IE20Iky+Z+fXc
3pAPObEzIZa2r0T1IVlwBiiTjYxtvZswpx44J9KA
-----END CERTIFICATE-----