Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200959.roa
File:                     AS200959.roa (raw, json)
Hash identifier:          UOui3yCm5nNTFnZLgnHD00svgtCWI/8yP52i+NfKunE=
Subject key identifier:   6A:A6:83:19:AA:85:29:D2:C5:E7:F2:33:F3:81:0C:63:5D:F7:59:4C
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       22386505516FB9F24E305783E1851FB085ACA7F5
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200959.roa
Signing time:             Thu 03 Jul 2025 15:51:56 +0000
ROA not before:           Thu 03 Jul 2025 15:46:56 +0000
ROA not after:            Thu 02 Jul 2026 15:51:56 +0000
asID:                     200959
IP address blocks:        2a06:a005:e50::/44 maxlen: 48
                          2a06:a005:e70::/44 maxlen: 48
                          2a06:a005:2040::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:38:65:05:51:6f:b9:f2:4e:30:57:83:e1:85:1f:b0:85:ac:a7:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:56 2025 GMT
            Not After : Jul  2 15:51:56 2026 GMT
        Subject: CN=6AA68319AA8529D2C5E7F233F3810C635DF7594C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:4e:83:c3:5e:02:f5:8f:e4:c6:8f:a6:68:46:
                    3d:8b:0b:57:9b:e8:f9:dd:bf:f3:3b:66:64:98:87:
                    8b:c9:c2:3c:1f:5d:15:2d:81:42:57:d4:93:90:4c:
                    52:c0:b9:65:c2:04:03:a7:23:c9:78:a7:e2:bb:75:
                    07:73:a6:e1:46:3a:b3:a7:e6:76:69:70:05:6d:e3:
                    1b:67:96:61:44:f8:35:00:91:dd:bf:66:37:d2:66:
                    aa:54:c7:57:87:be:82:c3:43:c0:18:dd:60:77:75:
                    4a:d0:1e:68:0b:ba:80:27:3b:19:c4:77:0e:17:27:
                    92:5a:0d:6e:f9:07:9e:71:94:4d:aa:27:01:99:fc:
                    7f:3d:23:31:bb:cb:ad:44:fd:11:51:60:66:f7:c2:
                    06:ea:af:0f:fc:92:f9:0b:55:e9:45:31:f9:0b:a0:
                    1d:25:89:d1:e1:04:0c:ac:e3:67:c6:eb:e2:7d:ff:
                    52:36:73:ab:e5:e2:4e:a3:d4:aa:14:88:a5:77:f8:
                    68:81:09:49:eb:8e:df:7a:f5:c8:0e:0e:0f:cf:6f:
                    6d:20:55:0b:96:2a:3d:88:95:ca:1e:8e:57:67:4e:
                    81:fd:4b:08:2e:6a:2f:0e:ad:7c:b2:19:4a:50:d0:
                    d0:e2:59:de:82:a4:53:7d:73:ed:11:04:97:18:c6:
                    d7:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A6:83:19:AA:85:29:D2:C5:E7:F2:33:F3:81:0C:63:5D:F7:59:4C
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200959.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:e50::/44
                  2a06:a005:e70::/44
                  2a06:a005:2040::/44

    Signature Algorithm: sha256WithRSAEncryption
         98:39:f5:42:10:76:94:0d:50:ad:c9:34:32:e3:39:f5:0f:a3:
         e7:86:0a:17:8b:2d:ca:bc:91:2b:32:82:d9:01:6e:f5:c5:6b:
         11:70:4c:c3:9d:a1:0c:0e:59:92:3e:7f:fa:1c:9b:f4:d9:d2:
         b6:a5:c1:ef:e7:1d:20:b0:91:f4:2e:2d:c4:52:47:61:c4:69:
         6a:1c:4c:f1:38:4a:ca:16:a7:8a:3a:6c:4d:a6:c0:ba:a7:5e:
         de:4f:8f:86:f3:79:ce:b6:11:e0:ed:fb:ce:06:04:49:1e:93:
         5b:22:c5:88:aa:ad:2f:66:23:49:58:9b:38:44:43:91:01:06:
         0a:1d:ac:dd:e5:97:6d:8b:60:83:12:f4:67:ff:99:0e:32:59:
         1a:36:19:4f:61:39:7a:64:a1:09:98:82:10:86:28:d7:f1:db:
         2d:09:44:6b:ed:32:75:f4:46:e5:6b:5c:45:2c:06:97:69:bd:
         de:c0:70:80:c9:74:69:c0:c6:a3:0a:78:b0:3d:11:b8:18:e5:
         27:4c:93:97:f5:cd:8a:90:43:11:24:0c:ef:39:8e:ed:33:3b:
         c1:cc:56:fe:41:ad:55:2f:68:3c:58:04:5d:72:f8:c4:00:18:
         30:ca:c8:6d:da:53:f9:ef:6f:f5:f9:dc:c9:e5:eb:fc:83:71:
         84:5e:28:40
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUIjhlBVFvufJOMFeD4YUfsIWsp/UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2NTZaFw0yNjA3MDIxNTUxNTZaMDMxMTAvBgNV
BAMTKDZBQTY4MzE5QUE4NTI5RDJDNUU3RjIzM0YzODEwQzYzNURGNzU5NEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCToPDXgL1j+TGj6ZoRj2LC1eb
6Pndv/M7ZmSYh4vJwjwfXRUtgUJX1JOQTFLAuWXCBAOnI8l4p+K7dQdzpuFGOrOn
5nZpcAVt4xtnlmFE+DUAkd2/ZjfSZqpUx1eHvoLDQ8AY3WB3dUrQHmgLuoAnOxnE
dw4XJ5JaDW75B55xlE2qJwGZ/H89IzG7y61E/RFRYGb3wgbqrw/8kvkLVelFMfkL
oB0lidHhBAys42fG6+J9/1I2c6vl4k6j1KoUiKV3+GiBCUnrjt969cgODg/Pb20g
VQuWKj2IlcoejldnToH9Swguai8OrXyyGUpQ0NDiWd6CpFN9c+0RBJcYxteFAgMB
AAGjggIEMIICADAdBgNVHQ4EFgQUaqaDGaqFKdLF5/Iz84EMY133WUwwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAwOTU5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcEKgagBQ5QAwcEKgagBQ5wAwcEKgagBSBAMA0GCSqG
SIb3DQEBCwUAA4IBAQCYOfVCEHaUDVCtyTQy4zn1D6PnhgoXiy3KvJErMoLZAW71
xWsRcEzDnaEMDlmSPn/6HJv02dK2pcHv5x0gsJH0Li3EUkdhxGlqHEzxOErKFqeK
OmxNpsC6p17eT4+G83nOthHg7fvOBgRJHpNbIsWIqq0vZiNJWJs4REORAQYKHazd
5Zdti2CDEvRn/5kOMlkaNhlPYTl6ZKEJmIIQhijX8dstCURr7TJ19Ebla1xFLAaX
ab3ewHCAyXRpwMajCniwPRG4GOUnTJOX9c2KkEMRJAzvOY7tMzvBzFb+Qa1VL2g8
WARdcvjEABgwysht2lP572/1+dzJ5ev8g3GEXihA
-----END CERTIFICATE-----