Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202952.roa
File:                     AS202952.roa (raw, json)
Hash identifier:          V2DkzVUUhwnmb/cfSD+UjA018m/z6DV6XqG94YuEacE=
Subject key identifier:   C3:F5:B0:E3:D4:C9:AD:2D:29:D3:9C:1F:56:F4:AB:1D:91:2B:F7:3B
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       5EB1B5ABA39F6337BE5390F43DC10E6AC19E33CA
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202952.roa
Signing time:             Thu 03 Jul 2025 15:51:31 +0000
ROA not before:           Thu 03 Jul 2025 15:46:31 +0000
ROA not after:            Thu 02 Jul 2026 15:51:31 +0000
asID:                     202952
IP address blocks:        2a06:a005:1b90::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:b1:b5:ab:a3:9f:63:37:be:53:90:f4:3d:c1:0e:6a:c1:9e:33:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:31 2025 GMT
            Not After : Jul  2 15:51:31 2026 GMT
        Subject: CN=C3F5B0E3D4C9AD2D29D39C1F56F4AB1D912BF73B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:07:51:0b:9b:2f:4d:f2:ef:9b:f2:79:d1:0f:
                    74:b0:b6:26:5e:3d:04:d5:0c:7e:02:8b:cc:51:b9:
                    a6:a9:32:3c:4c:85:cd:8b:9e:94:1c:6e:07:b9:3f:
                    ea:fd:83:9f:ab:93:87:05:bf:a7:35:a1:15:d4:9f:
                    64:c1:d3:1f:ab:9d:5b:fd:fe:91:1d:45:df:f2:04:
                    a0:ae:2d:cb:06:03:ec:8d:0b:56:60:4d:a6:3c:a5:
                    27:df:4a:f6:1f:3c:0c:d0:2f:63:9a:60:f4:0c:c2:
                    cc:d6:8f:25:80:12:3e:0e:bc:38:b2:cd:d8:b7:18:
                    04:8b:7f:cb:82:d3:d1:74:b2:8c:1d:7d:bc:83:3b:
                    82:14:94:67:57:76:41:14:6a:13:d8:24:34:b5:c0:
                    05:90:ac:7e:4e:3e:e0:73:8e:04:db:84:dd:41:11:
                    45:8e:a4:c4:cb:d7:34:cb:9a:ad:68:f4:49:1a:1b:
                    f7:93:e2:c9:4f:dd:2d:4a:cf:dd:d6:df:d6:e8:d0:
                    95:ae:f1:bd:94:05:6f:24:1f:77:4f:6c:34:c6:b9:
                    42:8c:4f:c2:ba:52:58:89:c1:c4:02:88:f0:74:8a:
                    0c:c4:f8:c4:38:f5:08:13:c5:e6:95:70:a3:34:39:
                    a6:ed:ff:2e:ab:8d:c3:29:20:eb:20:fe:31:b2:0b:
                    64:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:F5:B0:E3:D4:C9:AD:2D:29:D3:9C:1F:56:F4:AB:1D:91:2B:F7:3B
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202952.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1b90::/44

    Signature Algorithm: sha256WithRSAEncryption
         bf:39:10:3d:56:31:a1:b2:18:25:dc:99:d7:a8:af:01:90:04:
         b9:75:23:d8:37:c0:a3:a1:bc:6c:40:b6:6c:cd:af:8a:1d:a8:
         72:e8:a5:06:07:d4:81:a9:ce:90:a0:eb:60:00:b1:53:c8:5d:
         60:a5:7a:f1:c1:a5:ed:75:b9:2a:8e:82:78:8a:ea:97:9d:38:
         a8:91:c5:aa:34:53:d5:89:64:e4:f4:98:99:52:a5:fc:75:5f:
         ba:98:72:f5:47:49:df:96:de:14:c0:5a:79:4b:0c:0b:83:08:
         44:b9:c0:14:84:dc:09:9d:2d:3d:30:b5:19:c9:4f:95:e4:ac:
         b9:ee:22:8c:83:c1:f1:a4:56:5c:ad:02:70:1e:11:35:71:2f:
         2a:ea:de:52:f5:9c:80:d8:6c:16:d4:b1:6e:e6:d3:08:3c:2d:
         74:b9:b5:38:ff:da:7c:88:b2:29:c1:14:c0:fb:e8:fd:da:52:
         a9:ef:6e:fa:76:c2:f9:70:5c:87:7a:c8:53:ff:28:6b:65:23:
         85:bd:cb:1c:97:b2:9b:8b:80:0f:0a:a7:f6:73:48:c1:80:ea:
         bd:92:3e:cf:e2:eb:5c:bf:8f:31:97:5d:ab:85:fe:95:a2:2a:
         7e:80:9b:a1:3e:0b:f7:3d:c3:65:60:ed:0c:91:0d:a7:6a:ab:
         2d:d4:3c:11
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUXrG1q6OfYze+U5D0PcEOasGeM8owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MzFaFw0yNjA3MDIxNTUxMzFaMDMxMTAvBgNV
BAMTKEMzRjVCMEUzRDRDOUFEMkQyOUQzOUMxRjU2RjRBQjFEOTEyQkY3M0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBB1ELmy9N8u+b8nnRD3SwtiZe
PQTVDH4Ci8xRuaapMjxMhc2LnpQcbge5P+r9g5+rk4cFv6c1oRXUn2TB0x+rnVv9
/pEdRd/yBKCuLcsGA+yNC1ZgTaY8pSffSvYfPAzQL2OaYPQMwszWjyWAEj4OvDiy
zdi3GASLf8uC09F0sowdfbyDO4IUlGdXdkEUahPYJDS1wAWQrH5OPuBzjgTbhN1B
EUWOpMTL1zTLmq1o9EkaG/eT4slP3S1Kz93W39bo0JWu8b2UBW8kH3dPbDTGuUKM
T8K6UliJwcQCiPB0igzE+MQ49QgTxeaVcKM0Oabt/y6rjcMpIOsg/jGyC2SNAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUw/Ww49TJrS0p05wfVvSrHZEr9zswHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAyOTUyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRuQMA0GCSqGSIb3DQEBCwUAA4IBAQC/ORA9
VjGhshgl3JnXqK8BkAS5dSPYN8CjobxsQLZsza+KHahy6KUGB9SBqc6QoOtgALFT
yF1gpXrxwaXtdbkqjoJ4iuqXnTiokcWqNFPViWTk9JiZUqX8dV+6mHL1R0nflt4U
wFp5SwwLgwhEucAUhNwJnS09MLUZyU+V5Ky57iKMg8HxpFZcrQJwHhE1cS8q6t5S
9ZyA2GwW1LFu5tMIPC10ubU4/9p8iLIpwRTA++j92lKp7276dsL5cFyHeshT/yhr
ZSOFvcscl7Kbi4APCqf2c0jBgOq9kj7P4utcv48xl12rhf6Voip+gJuhPgv3PcNl
YO0MkQ2naqst1DwR
-----END CERTIFICATE-----