Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202776.roa
File:                     AS202776.roa (raw, json)
Hash identifier:          uvulRrsYXRLKQmD7UEv/AuktCr78vM0U6ZKaQziklBg=
Subject key identifier:   59:50:8E:B2:38:B8:8E:42:E3:26:5E:E2:93:C4:A6:C0:2D:FA:78:65
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       66F9C65B6E2A339A41CD54ADABDD118A90BA32DD
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202776.roa
Signing time:             Thu 04 Jun 2026 15:58:51 +0000
ROA not before:           Thu 04 Jun 2026 15:53:51 +0000
ROA not after:            Thu 03 Jun 2027 15:58:51 +0000
asID:                     202776
IP address blocks:        2a06:a005:2b90::/44 maxlen: 48
                          2a06:a005:2d10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:f9:c6:5b:6e:2a:33:9a:41:cd:54:ad:ab:dd:11:8a:90:ba:32:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:51 2026 GMT
            Not After : Jun  3 15:58:51 2027 GMT
        Subject: CN=59508EB238B88E42E3265EE293C4A6C02DFA7865
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7d:a7:58:c2:27:f5:0b:ee:2e:81:15:09:26:
                    57:2c:84:b4:c5:74:d1:e2:e3:4a:b1:ad:62:de:1f:
                    ae:6f:ca:f9:ac:47:fa:57:8a:13:3f:68:f7:88:d3:
                    d7:91:0b:a2:13:e0:a6:24:8b:39:d5:89:60:e6:40:
                    90:d0:e6:c4:80:00:79:c5:f1:b9:b6:88:49:d2:e3:
                    bc:e3:22:74:82:65:88:71:46:b6:82:01:8a:71:24:
                    14:11:3c:7e:f6:8f:03:73:3a:c7:14:93:71:b6:b2:
                    8d:54:2c:02:1d:19:12:07:b1:54:b5:29:52:b3:76:
                    6e:93:19:97:1e:61:7a:e7:4d:74:25:bf:2e:30:fa:
                    27:32:8d:b3:b7:c9:19:5f:10:ff:4d:56:68:1a:bf:
                    90:76:f6:23:e0:5b:59:a7:b4:fb:b5:30:ec:ef:16:
                    9c:6a:86:43:d6:15:41:c6:df:2e:f5:e9:03:2d:78:
                    7a:85:46:a9:dc:1b:4d:b8:7c:a4:ed:aa:0e:51:e5:
                    ad:7c:14:bd:fa:32:32:4b:ac:c2:b7:b4:3b:4d:df:
                    5c:5d:ac:01:5e:90:bd:e4:27:18:70:80:dd:24:3c:
                    ea:a4:18:ba:bd:c8:ba:2a:af:b4:20:37:4d:83:5f:
                    24:42:56:af:38:af:36:07:da:ff:ef:02:cd:a0:7b:
                    ae:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:50:8E:B2:38:B8:8E:42:E3:26:5E:E2:93:C4:A6:C0:2D:FA:78:65
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202776.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2b90::/44
                  2a06:a005:2d10::/44

    Signature Algorithm: sha256WithRSAEncryption
         3d:5e:ac:a0:23:58:29:70:9b:e4:10:dc:78:ca:a5:0f:50:52:
         04:e2:40:ab:58:94:19:aa:a2:2b:05:05:01:be:86:d5:09:d1:
         85:dc:e0:13:ac:8e:04:5a:b6:da:60:4a:1d:8e:82:5c:19:23:
         3b:06:44:7d:a8:2d:8d:e5:99:e6:cf:67:d4:55:c9:c5:74:dd:
         83:1b:25:8a:8a:af:97:be:e8:b3:28:65:7b:ec:6b:a8:bd:bd:
         53:07:fb:6f:da:eb:72:b8:90:3c:ac:65:0f:d4:83:0f:6d:33:
         b2:82:83:66:49:f4:6e:c1:f6:e5:c3:47:33:e0:65:a2:65:c5:
         12:9b:d8:ed:9d:44:e9:13:81:a9:10:8e:86:26:03:cf:f7:67:
         82:66:9d:00:04:d9:58:6e:1b:dc:98:bb:93:38:e9:75:25:47:
         12:4c:b4:95:6e:53:fe:43:36:b5:f0:88:1d:4a:12:dc:b5:e6:
         49:1c:ad:7b:76:bf:a8:84:6e:bc:49:62:ca:2b:b9:0d:e1:03:
         16:28:66:50:72:40:54:45:c2:b7:0f:af:d7:49:f8:53:3f:3d:
         75:80:1e:13:0d:46:45:e5:b9:87:25:3a:b7:9e:44:21:40:10:
         fb:72:50:bf:90:6e:eb:fc:8e:c4:87:89:cf:97:ba:4d:91:7f:
         8c:88:3e:81
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUZvnGW24qM5pBzVStq90RipC6Mt0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTFaFw0yNzA2MDMxNTU4NTFaMDMxMTAvBgNV
BAMTKDU5NTA4RUIyMzhCODhFNDJFMzI2NUVFMjkzQzRBNkMwMkRGQTc4NjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8fadYwif1C+4ugRUJJlcshLTF
dNHi40qxrWLeH65vyvmsR/pXihM/aPeI09eRC6IT4KYkiznViWDmQJDQ5sSAAHnF
8bm2iEnS47zjInSCZYhxRraCAYpxJBQRPH72jwNzOscUk3G2so1ULAIdGRIHsVS1
KVKzdm6TGZceYXrnTXQlvy4w+icyjbO3yRlfEP9NVmgav5B29iPgW1mntPu1MOzv
FpxqhkPWFUHG3y716QMteHqFRqncG024fKTtqg5R5a18FL36MjJLrMK3tDtN31xd
rAFekL3kJxhwgN0kPOqkGLq9yLoqr7QgN02DXyRCVq84rzYH2v/vAs2ge67zAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUWVCOsji4jkLjJl7ik8SmwC36eGUwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAyNzc2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcEKgagBSuQAwcEKgagBS0QMA0GCSqGSIb3DQEBCwUA
A4IBAQA9XqygI1gpcJvkENx4yqUPUFIE4kCrWJQZqqIrBQUBvobVCdGF3OATrI4E
WrbaYEodjoJcGSM7BkR9qC2N5Znmz2fUVcnFdN2DGyWKiq+XvuizKGV77Guovb1T
B/tv2utyuJA8rGUP1IMPbTOygoNmSfRuwfblw0cz4GWiZcUSm9jtnUTpE4GpEI6G
JgPP92eCZp0ABNlYbhvcmLuTOOl1JUcSTLSVblP+Qza18IgdShLcteZJHK17dr+o
hG68SWLKK7kN4QMWKGZQckBURcK3D6/XSfhTPz11gB4TDUZF5bmHJTq3nkQhQBD7
clC/kG7r/I7Eh4nPl7pNkX+MiD6B
-----END CERTIFICATE-----