Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200965.roa
File:                     AS200965.roa (raw, json)
Hash identifier:          cXDRp8GXjrX79Jau7IIbin+oKwErIkG3TDgbznJT+YY=
Subject key identifier:   D7:63:81:39:8B:FC:37:8A:96:60:2F:64:8F:E1:16:B4:D2:B2:F8:6C
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       479BFD3E7E25A28586C755A25156B38AC9D84819
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200965.roa
Signing time:             Thu 04 Jun 2026 15:58:49 +0000
ROA not before:           Thu 04 Jun 2026 15:53:49 +0000
ROA not after:            Thu 03 Jun 2027 15:58:49 +0000
asID:                     200965
IP address blocks:        2a06:a005:24a0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:9b:fd:3e:7e:25:a2:85:86:c7:55:a2:51:56:b3:8a:c9:d8:48:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:49 2026 GMT
            Not After : Jun  3 15:58:49 2027 GMT
        Subject: CN=D76381398BFC378A96602F648FE116B4D2B2F86C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3a:89:2a:e9:25:d4:3b:03:49:9e:7c:8e:bb:
                    31:85:5c:db:18:d1:54:61:e1:58:5d:2f:9b:4e:e5:
                    74:91:13:33:2d:88:52:34:63:65:37:99:12:ab:0b:
                    87:31:19:e5:b8:4d:11:85:8a:f1:ef:e7:93:d0:9e:
                    44:05:d4:31:b1:41:3b:7e:12:78:c9:40:e5:5e:32:
                    40:54:67:ed:a6:d6:36:b7:98:8c:ec:e4:d0:fa:2f:
                    da:93:d2:45:40:db:d4:02:4b:70:61:c4:cd:f5:55:
                    59:bd:43:4c:38:30:89:ce:8c:96:3e:29:7a:a8:c3:
                    8c:d5:76:e2:37:b4:b5:86:f5:41:04:71:6a:85:1a:
                    71:9f:d9:5a:2a:b5:5a:52:1e:42:a5:ae:1f:42:3a:
                    1b:16:ce:47:a3:a7:6d:75:0b:cc:98:75:89:d1:99:
                    30:78:a4:18:a0:f8:18:c3:d3:09:37:a3:b2:23:21:
                    0f:46:a8:fa:40:70:28:98:ab:66:74:80:67:09:99:
                    3e:ad:ca:bb:7b:53:41:13:63:2d:87:d2:e6:c8:1b:
                    b7:82:05:82:93:4d:15:72:0c:07:87:4a:0f:ad:70:
                    25:05:6d:0a:d8:c3:75:dd:47:cb:bb:4e:7e:ab:7a:
                    1b:5f:70:ea:e9:24:fe:06:75:79:7f:a7:3e:c6:bf:
                    0a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:63:81:39:8B:FC:37:8A:96:60:2F:64:8F:E1:16:B4:D2:B2:F8:6C
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200965.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:24a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         10:31:c2:fc:cb:93:db:f5:56:3b:7a:3e:ef:26:80:fa:a0:ee:
         b9:2f:31:55:b8:9d:56:12:88:f9:c3:cf:c7:d0:77:8b:93:7e:
         92:89:c9:bd:1a:dd:61:ba:a8:80:aa:67:4a:84:7a:66:27:72:
         e5:a6:df:4e:08:0b:5f:e5:05:61:24:cf:1b:3b:03:c3:1b:fa:
         e0:58:5c:e1:f2:82:06:b8:a5:dd:80:87:61:b4:74:da:66:0a:
         69:a1:6a:51:bb:72:77:02:a7:bb:d8:7a:20:be:e4:9c:b8:2c:
         cf:16:fa:68:6b:89:7d:03:26:28:d5:29:ee:ce:e3:36:4f:9f:
         fc:45:a6:77:71:56:0e:00:c1:b3:15:37:3e:54:eb:e1:75:03:
         62:9d:57:4c:7f:53:38:44:55:1e:8f:cc:36:b8:e9:98:5d:cd:
         93:86:fd:65:f0:99:d9:d2:fa:83:40:16:d5:be:21:9a:aa:1c:
         97:e6:1d:b6:5e:db:4b:b9:ce:4f:96:27:3e:39:6a:ea:e1:e6:
         a4:c7:b4:72:3b:43:6d:d2:59:25:c1:05:83:f7:69:24:a9:09:
         37:6c:47:ec:30:8b:44:88:85:97:0d:10:8d:b6:fc:dc:c8:42:
         40:27:a2:d0:67:f8:90:18:8d:f0:78:e1:c4:54:f1:fb:f2:df:
         c3:64:ac:50
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUR5v9Pn4looWGx1WiUVazisnYSBkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDlaFw0yNzA2MDMxNTU4NDlaMDMxMTAvBgNV
BAMTKEQ3NjM4MTM5OEJGQzM3OEE5NjYwMkY2NDhGRTExNkI0RDJCMkY4NkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfOokq6SXUOwNJnnyOuzGFXNsY
0VRh4VhdL5tO5XSREzMtiFI0Y2U3mRKrC4cxGeW4TRGFivHv55PQnkQF1DGxQTt+
EnjJQOVeMkBUZ+2m1ja3mIzs5ND6L9qT0kVA29QCS3BhxM31VVm9Q0w4MInOjJY+
KXqow4zVduI3tLWG9UEEcWqFGnGf2VoqtVpSHkKlrh9COhsWzkejp211C8yYdYnR
mTB4pBig+BjD0wk3o7IjIQ9GqPpAcCiYq2Z0gGcJmT6tyrt7U0ETYy2H0ubIG7eC
BYKTTRVyDAeHSg+tcCUFbQrYw3XdR8u7Tn6rehtfcOrpJP4GdXl/pz7Gvwr3AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU12OBOYv8N4qWYC9kj+EWtNKy+GwwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAwOTY1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSSgMA0GCSqGSIb3DQEBCwUAA4IBAQAQMcL8
y5Pb9VY7ej7vJoD6oO65LzFVuJ1WEoj5w8/H0HeLk36Sicm9Gt1huqiAqmdKhHpm
J3Llpt9OCAtf5QVhJM8bOwPDG/rgWFzh8oIGuKXdgIdhtHTaZgppoWpRu3J3Aqe7
2HogvuScuCzPFvpoa4l9AyYo1SnuzuM2T5/8RaZ3cVYOAMGzFTc+VOvhdQNinVdM
f1M4RFUej8w2uOmYXc2Thv1l8JnZ0vqDQBbVviGaqhyX5h22XttLuc5Plic+OWrq
4eakx7RyO0Nt0lklwQWD92kkqQk3bEfsMItEiIWXDRCNtvzcyEJAJ6LQZ/iQGI3w
eOHEVPH78t/DZKxQ
-----END CERTIFICATE-----