Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200952.roa
File:                     AS200952.roa (raw, json)
Hash identifier:          rS/QocyC6HJS72SZnKKTA18W97h7uSu/2Yn3h+bJo9A=
Subject key identifier:   B8:AA:46:DC:14:D1:F2:6B:FA:F5:9E:47:7A:43:A0:09:6A:F3:88:05
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       333775A4BFE5F42862684B8425867C271C0FEB64
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200952.roa
Signing time:             Thu 03 Jul 2025 15:51:30 +0000
ROA not before:           Thu 03 Jul 2025 15:46:30 +0000
ROA not after:            Thu 02 Jul 2026 15:51:30 +0000
asID:                     200952
IP address blocks:        2a06:a005:2570::/44 maxlen: 48
                          2a06:a005:2630::/44 maxlen: 48
                          2a06:a005:2640::/44 maxlen: 48
                          2a06:a005:2650::/44 maxlen: 48
                          2a06:a005:2660::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:37:75:a4:bf:e5:f4:28:62:68:4b:84:25:86:7c:27:1c:0f:eb:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:30 2025 GMT
            Not After : Jul  2 15:51:30 2026 GMT
        Subject: CN=B8AA46DC14D1F26BFAF59E477A43A0096AF38805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4e:93:5b:eb:4a:89:d4:46:bc:40:13:1e:67:
                    09:c9:49:9e:9a:ce:10:78:41:59:94:00:05:13:29:
                    1f:e2:67:a4:97:ba:e2:2a:d7:02:bb:2c:0b:8f:3f:
                    09:bd:c8:c6:02:0a:63:27:98:70:00:ec:8b:2f:ea:
                    f7:25:1b:02:e7:37:25:6b:e1:f8:8e:e0:0b:36:e3:
                    be:88:f9:4d:de:70:c8:af:ad:3f:85:df:57:e7:6f:
                    73:f1:da:f9:ff:8d:5c:72:aa:35:ae:9d:c2:32:55:
                    1f:b3:bf:54:8f:d9:e6:30:d8:21:55:f9:8f:54:f9:
                    24:d5:d1:b1:ab:b7:9f:d3:f6:3b:33:d9:d4:a8:7c:
                    7f:5c:bd:62:31:07:2e:47:74:db:c7:1a:f9:c9:29:
                    8e:b8:ca:af:c7:3f:df:6e:f1:f3:4e:7b:0f:bc:2b:
                    04:f8:f0:5b:f5:a0:51:26:28:22:8f:f5:b7:b0:99:
                    a2:f1:93:e4:e8:0d:8a:75:d1:75:4c:ff:76:7d:c1:
                    06:e7:28:15:78:9b:72:d5:a5:63:1e:e3:34:ce:d8:
                    ca:1a:24:0f:c1:f4:79:82:cb:e0:c9:a7:da:7f:d5:
                    42:27:dd:ac:2f:e0:9f:2f:d4:c1:96:b7:29:10:39:
                    86:5c:35:5b:cb:7a:49:de:63:65:46:e7:6b:67:77:
                    ef:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:AA:46:DC:14:D1:F2:6B:FA:F5:9E:47:7A:43:A0:09:6A:F3:88:05
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200952.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2570::/44
                  2a06:a005:2630::-2a06:a005:266f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         34:71:74:94:a0:88:ba:b3:e0:ba:f0:fa:5e:c2:39:cd:cf:fb:
         5e:60:53:19:c8:65:2d:69:92:7b:e6:7a:61:3f:f9:d9:f2:cb:
         bb:ce:89:28:c2:f2:d7:51:dc:59:6c:be:b7:ae:4e:ee:5d:42:
         28:56:25:84:1b:20:5b:ac:88:c6:c1:a8:b6:37:92:0f:9c:29:
         f7:d9:ca:96:34:2a:8a:36:ea:55:c6:8f:0f:b0:25:9d:a2:1b:
         fe:ee:4a:d2:17:9f:7a:e5:e5:20:ed:30:eb:09:d0:c5:39:2f:
         df:9f:11:ba:46:84:e3:c0:0e:7e:c6:2a:f0:0b:ab:9a:62:46:
         e9:f4:38:d8:5d:50:fa:5c:97:1b:9b:6a:42:ec:83:eb:02:70:
         fe:54:f2:a3:dd:0b:0b:62:f5:b7:d1:3f:37:81:3b:8c:11:e3:
         ef:ad:8b:4f:bb:d8:93:5f:b7:5b:bb:66:8b:a3:4d:12:83:c6:
         b1:da:8f:b2:60:22:7c:22:1e:98:68:67:0b:3c:b4:9c:3f:6a:
         16:83:08:af:72:89:f6:26:0b:29:15:f2:a5:18:89:fe:66:0a:
         cd:11:c3:45:c7:45:59:43:71:6d:ca:b1:fa:12:0e:22:20:bd:
         4b:af:3a:6a:57:f9:bd:c0:c0:fe:35:8e:6c:4b:71:bc:f6:3d:
         2f:06:5f:ed
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgIUMzd1pL/l9ChiaEuEJYZ8JxwP62QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MzBaFw0yNjA3MDIxNTUxMzBaMDMxMTAvBgNV
BAMTKEI4QUE0NkRDMTREMUYyNkJGQUY1OUU0NzdBNDNBMDA5NkFGMzg4MDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5TpNb60qJ1Ea8QBMeZwnJSZ6a
zhB4QVmUAAUTKR/iZ6SXuuIq1wK7LAuPPwm9yMYCCmMnmHAA7Isv6vclGwLnNyVr
4fiO4As2476I+U3ecMivrT+F31fnb3Px2vn/jVxyqjWuncIyVR+zv1SP2eYw2CFV
+Y9U+STV0bGrt5/T9jsz2dSofH9cvWIxBy5HdNvHGvnJKY64yq/HP99u8fNOew+8
KwT48Fv1oFEmKCKP9bewmaLxk+ToDYp10XVM/3Z9wQbnKBV4m3LVpWMe4zTO2Moa
JA/B9HmCy+DJp9p/1UIn3awv4J8v1MGWtykQOYZcNVvLekneY2VG52tnd+8/AgMB
AAGjggIGMIICAjAdBgNVHQ4EFgQUuKpG3BTR8mv69Z5HekOgCWrziAUwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAwOTUyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEH
AQH/BCcwJTAjBAIAAjAdAwcEKgagBSVwMBIDBwQqBqAFJjADBwQqBqAFJmAwDQYJ
KoZIhvcNAQELBQADggEBADRxdJSgiLqz4Lrw+l7COc3P+15gUxnIZS1pknvmemE/
+dnyy7vOiSjC8tdR3FlsvreuTu5dQihWJYQbIFusiMbBqLY3kg+cKffZypY0Koo2
6lXGjw+wJZ2iG/7uStIXn3rl5SDtMOsJ0MU5L9+fEbpGhOPADn7GKvALq5piRun0
ONhdUPpclxubakLsg+sCcP5U8qPdCwti9bfRPzeBO4wR4++ti0+72JNft1u7Zouj
TRKDxrHaj7JgInwiHphoZws8tJw/ahaDCK9yifYmCykV8qUYif5mCs0Rw0XHRVlD
cW3KsfoSDiIgvUuvOmpX+b3AwP41jmxLcbz2PS8GX+0=
-----END CERTIFICATE-----