Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202002.roa
File:                     AS202002.roa (raw, json)
Hash identifier:          +IqN6f+cQ663LAC6S8Bu2thdOmcELG4fhQJ5PBhi6cE=
Subject key identifier:   8D:51:52:77:19:91:F1:70:EC:0E:6A:D1:FA:47:BE:7F:75:CF:C9:44
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       7F56A0AF123D897130160DB4163E3A73FC936BBF
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202002.roa
Signing time:             Thu 03 Jul 2025 15:51:20 +0000
ROA not before:           Thu 03 Jul 2025 15:46:20 +0000
ROA not after:            Thu 02 Jul 2026 15:51:20 +0000
asID:                     202002
IP address blocks:        2a06:a005:cf0::/44 maxlen: 48
                          2a06:a005:2d20::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:56:a0:af:12:3d:89:71:30:16:0d:b4:16:3e:3a:73:fc:93:6b:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:20 2025 GMT
            Not After : Jul  2 15:51:20 2026 GMT
        Subject: CN=8D5152771991F170EC0E6AD1FA47BE7F75CFC944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:98:9e:99:23:42:bb:d1:ea:89:79:f5:49:4c:
                    a9:f2:b2:78:01:8f:ed:05:b6:b4:5b:67:33:f3:34:
                    9d:b9:f6:db:6d:a8:a2:bf:74:f0:03:74:34:5e:2f:
                    4b:8c:76:da:bd:b4:43:53:4a:99:fd:c6:96:13:a6:
                    6c:71:dc:a5:e0:6c:4e:bd:1f:9c:92:66:50:92:8a:
                    8c:c5:83:64:50:f0:da:d0:34:73:dd:a7:60:59:e5:
                    b8:1e:fa:62:e3:f6:20:4a:79:84:1d:c4:0e:99:90:
                    ae:5d:aa:c1:24:b0:71:a5:bb:bc:39:b8:9f:2f:30:
                    65:c9:07:31:a0:79:f6:72:4c:07:32:70:20:58:c7:
                    40:71:67:b5:87:3e:13:67:f5:a3:2d:a2:09:90:2f:
                    22:2a:7b:9a:c6:45:eb:ff:b8:0f:5e:c4:73:e9:70:
                    70:58:48:3e:a0:1e:13:0e:8c:a3:c2:30:94:58:fa:
                    96:37:a7:67:bf:ca:b7:40:48:14:cb:41:d6:d7:33:
                    b7:1e:4f:22:d2:b5:ad:85:d3:e8:d5:97:00:1c:f3:
                    f9:25:a8:c3:9c:9b:72:5c:6c:a7:99:df:4d:83:1d:
                    9a:b4:f6:15:f8:d7:3d:da:a5:1f:83:0b:3d:28:1b:
                    d2:f2:d3:0a:5e:b5:5e:79:c0:a8:20:fa:f5:56:d6:
                    c0:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:51:52:77:19:91:F1:70:EC:0E:6A:D1:FA:47:BE:7F:75:CF:C9:44
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202002.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:cf0::/44
                  2a06:a005:2d20::/44

    Signature Algorithm: sha256WithRSAEncryption
         3b:2d:a4:37:79:4c:6e:d9:dd:7e:1b:b1:94:14:62:03:b4:f5:
         ed:59:a0:5e:14:7f:7e:a4:6f:ca:d6:7b:89:f9:cf:de:4c:d0:
         31:c1:40:17:10:7f:1b:d9:10:90:23:91:b5:b9:cc:6e:20:82:
         a1:45:2a:a5:6e:02:1c:dc:69:99:dc:77:3f:22:3e:a6:bb:17:
         17:66:74:9a:ec:4c:07:17:dd:74:e9:c6:5d:4d:c0:33:4a:69:
         87:97:e1:42:45:6b:19:5e:bc:54:20:59:56:39:90:a3:ee:da:
         f9:ea:1a:1e:b0:40:a9:df:f5:d1:f7:4e:bb:8c:3b:c7:da:53:
         e5:51:e7:ab:01:99:9e:e9:82:e1:77:55:68:5c:34:90:5e:c0:
         d7:2f:a7:e5:a1:f7:66:da:85:6a:24:f3:52:c3:02:24:57:86:
         35:c1:cf:49:19:21:f4:f6:03:7e:62:fa:3b:f7:3a:76:40:7a:
         ab:ba:24:bb:20:99:66:94:26:f2:27:d3:98:4e:7a:b8:75:c0:
         e6:5b:db:28:8a:53:c6:f5:69:71:e0:4c:1f:3e:29:47:80:02:
         62:aa:59:2a:ae:dd:8c:40:4e:65:f0:1d:4e:6c:47:e5:ec:f9:
         de:81:a3:f0:f3:87:f9:4b:68:10:37:62:03:c0:de:a1:b1:3b:
         99:f5:de:52
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUf1agrxI9iXEwFg20Fj46c/yTa78wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MjBaFw0yNjA3MDIxNTUxMjBaMDMxMTAvBgNV
BAMTKDhENTE1Mjc3MTk5MUYxNzBFQzBFNkFEMUZBNDdCRTdGNzVDRkM5NDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1mJ6ZI0K70eqJefVJTKnysngB
j+0FtrRbZzPzNJ259tttqKK/dPADdDReL0uMdtq9tENTSpn9xpYTpmxx3KXgbE69
H5ySZlCSiozFg2RQ8NrQNHPdp2BZ5bge+mLj9iBKeYQdxA6ZkK5dqsEksHGlu7w5
uJ8vMGXJBzGgefZyTAcycCBYx0BxZ7WHPhNn9aMtogmQLyIqe5rGRev/uA9exHPp
cHBYSD6gHhMOjKPCMJRY+pY3p2e/yrdASBTLQdbXM7ceTyLSta2F0+jVlwAc8/kl
qMOcm3JcbKeZ302DHZq09hX41z3apR+DCz0oG9Ly0wpetV55wKgg+vVW1sC1AgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUjVFSdxmR8XDsDmrR+ke+f3XPyUQwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAyMDAyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcEKgagBQzwAwcEKgagBS0gMA0GCSqGSIb3DQEBCwUA
A4IBAQA7LaQ3eUxu2d1+G7GUFGIDtPXtWaBeFH9+pG/K1nuJ+c/eTNAxwUAXEH8b
2RCQI5G1ucxuIIKhRSqlbgIc3GmZ3Hc/Ij6muxcXZnSa7EwHF9106cZdTcAzSmmH
l+FCRWsZXrxUIFlWOZCj7tr56hoesECp3/XR9067jDvH2lPlUeerAZme6YLhd1Vo
XDSQXsDXL6flofdm2oVqJPNSwwIkV4Y1wc9JGSH09gN+Yvo79zp2QHqruiS7IJlm
lCbyJ9OYTnq4dcDmW9soilPG9Wlx4EwfPilHgAJiqlkqrt2MQE5l8B1ObEfl7Pne
gaPw84f5S2gQN2IDwN6hsTuZ9d5S
-----END CERTIFICATE-----