Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS201217.roa
File:                     AS201217.roa (raw, json)
Hash identifier:          UHzPIlrNq9oioLl19xySZef9d2tWejD8UJsXfRaqomo=
Subject key identifier:   40:91:F4:00:27:84:26:84:A4:92:17:03:40:EA:3F:AD:3E:B6:FC:C3
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       467270351EC101C59329610B6905D4A46B089588
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS201217.roa
Signing time:             Thu 03 Jul 2025 15:51:19 +0000
ROA not before:           Thu 03 Jul 2025 15:46:19 +0000
ROA not after:            Thu 02 Jul 2026 15:51:19 +0000
asID:                     201217
IP address blocks:        2a06:a005:1c78::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:72:70:35:1e:c1:01:c5:93:29:61:0b:69:05:d4:a4:6b:08:95:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:19 2025 GMT
            Not After : Jul  2 15:51:19 2026 GMT
        Subject: CN=4091F40027842684A492170340EA3FAD3EB6FCC3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f0:7e:67:88:45:60:18:31:8e:a5:e1:26:36:
                    ec:1a:69:02:4f:a5:bc:e1:74:ad:17:bd:9d:0c:7a:
                    2b:40:0e:9b:25:e3:39:54:a1:ac:ac:e5:ea:7e:bc:
                    ad:e3:09:c5:c7:c1:aa:83:e4:86:ba:09:29:db:75:
                    a0:3b:1d:8e:44:2c:4f:97:fb:cc:eb:32:08:f6:f0:
                    ff:77:62:4f:19:13:77:2c:c6:46:36:ce:a1:05:fd:
                    51:5f:6f:24:5b:7f:7c:e4:73:7c:da:8b:44:5a:55:
                    6a:df:17:41:c3:22:4a:db:12:01:57:ef:ec:7b:93:
                    b1:69:58:b4:6f:ff:cb:68:c8:fe:c0:01:ae:d7:9d:
                    30:3b:77:11:a0:70:18:02:aa:54:d2:63:90:e1:bc:
                    3c:07:e6:09:4e:69:34:99:97:be:c2:64:36:ea:15:
                    ee:56:ff:04:67:ed:00:8c:56:81:2f:33:fb:13:88:
                    57:20:f5:77:ec:54:73:d0:0f:2b:85:0b:c0:56:a6:
                    c2:fe:24:78:f8:f5:d1:26:04:b8:f2:d4:0b:d3:09:
                    22:8d:38:9f:56:9c:09:76:c5:0b:85:1a:0f:57:ce:
                    94:67:8f:4b:b2:1f:b3:50:7c:8c:fb:cf:25:3e:f7:
                    63:54:2a:4d:9e:46:24:34:e4:fc:34:13:51:be:6e:
                    ce:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:91:F4:00:27:84:26:84:A4:92:17:03:40:EA:3F:AD:3E:B6:FC:C3
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS201217.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1c78::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:c0:3a:a1:4d:b3:5d:75:29:01:39:23:a0:1b:77:48:cd:d8:
         a7:b9:5b:91:e2:f7:18:33:33:93:04:4f:59:fd:9a:62:1e:2a:
         af:c8:00:45:c0:9d:95:fa:68:03:a2:d0:c3:02:35:60:cc:18:
         c3:d5:20:52:ad:e5:b5:23:dd:1e:b8:74:64:15:cb:60:19:9e:
         69:2f:45:84:f6:e8:a8:32:b3:ad:b6:8d:f1:c0:3f:a6:02:77:
         06:d2:1c:ee:19:9e:11:74:d0:54:5a:b1:28:04:34:5e:17:46:
         f9:c6:57:49:a4:de:90:7e:14:65:14:ba:ce:5f:6f:cb:fb:7a:
         d7:49:33:6f:ac:de:7e:ab:d3:6f:a0:eb:89:73:a8:7f:5d:ab:
         69:5d:ae:52:28:f8:37:9e:b1:8c:5c:f7:ba:2d:ef:d8:7b:df:
         a5:bf:4a:c3:8a:71:84:43:b1:1f:f8:84:db:18:e4:49:3f:98:
         52:00:cb:34:bd:f5:c5:dc:84:09:62:58:5d:ea:89:1b:ff:fd:
         43:dd:fe:7a:4f:29:9a:92:90:8f:f0:da:59:78:1e:54:41:32:
         6d:56:4f:61:ee:fe:9f:db:dc:db:5b:83:cb:f7:82:74:f6:0c:
         4b:7b:0f:31:ed:d3:75:c7:49:d9:37:63:c5:33:ea:e7:c3:28:
         fc:f7:f1:cf
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIURnJwNR7BAcWTKWELaQXUpGsIlYgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MTlaFw0yNjA3MDIxNTUxMTlaMDMxMTAvBgNV
BAMTKDQwOTFGNDAwMjc4NDI2ODRBNDkyMTcwMzQwRUEzRkFEM0VCNkZDQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw8H5niEVgGDGOpeEmNuwaaQJP
pbzhdK0XvZ0MeitADpsl4zlUoays5ep+vK3jCcXHwaqD5Ia6CSnbdaA7HY5ELE+X
+8zrMgj28P93Yk8ZE3csxkY2zqEF/VFfbyRbf3zkc3zai0RaVWrfF0HDIkrbEgFX
7+x7k7FpWLRv/8toyP7AAa7XnTA7dxGgcBgCqlTSY5DhvDwH5glOaTSZl77CZDbq
Fe5W/wRn7QCMVoEvM/sTiFcg9XfsVHPQDyuFC8BWpsL+JHj49dEmBLjy1AvTCSKN
OJ9WnAl2xQuFGg9XzpRnj0uyH7NQfIz7zyU+92NUKk2eRiQ05Pw0E1G+bs6lAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUQJH0ACeEJoSkkhcDQOo/rT62/MMwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAxMjE3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBRx4MA0GCSqGSIb3DQEBCwUAA4IBAQCiwDqh
TbNddSkBOSOgG3dIzdinuVuR4vcYMzOTBE9Z/ZpiHiqvyABFwJ2V+mgDotDDAjVg
zBjD1SBSreW1I90euHRkFctgGZ5pL0WE9uioMrOtto3xwD+mAncG0hzuGZ4RdNBU
WrEoBDReF0b5xldJpN6QfhRlFLrOX2/L+3rXSTNvrN5+q9NvoOuJc6h/XatpXa5S
KPg3nrGMXPe6Le/Ye9+lv0rDinGEQ7Ef+ITbGORJP5hSAMs0vfXF3IQJYlhd6okb
//1D3f56TymakpCP8NpZeB5UQTJtVk9h7v6f29zbW4PL94J09gxLew8x7dN1x0nZ
N2PFM+rnwyj89/HP
-----END CERTIFICATE-----