Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203062.roa
File:                     AS203062.roa (raw, json)
Hash identifier:          TYH6UJhICPN1Rgwst8VLs7EYrmmLzT1STlJpSacNWgo=
Subject key identifier:   55:08:5D:FF:9E:78:15:26:65:5D:DA:2D:E2:A2:54:B4:8D:CA:C9:22
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       3CC966EE96C2CFFA65696F79793BD65E5FCEE4A9
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203062.roa
Signing time:             Thu 03 Jul 2025 15:51:43 +0000
ROA not before:           Thu 03 Jul 2025 15:46:43 +0000
ROA not after:            Thu 02 Jul 2026 15:51:43 +0000
asID:                     203062
IP address blocks:        2a06:a005:1d40::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:c9:66:ee:96:c2:cf:fa:65:69:6f:79:79:3b:d6:5e:5f:ce:e4:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:43 2025 GMT
            Not After : Jul  2 15:51:43 2026 GMT
        Subject: CN=55085DFF9E781526655DDA2DE2A254B48DCAC922
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:e2:4a:fc:ac:2d:60:d0:20:f8:08:7e:92:5b:
                    c9:78:fd:34:28:25:2b:f8:77:10:c7:6d:63:c7:9a:
                    25:72:49:e0:5c:fe:14:26:cd:06:f5:10:c9:23:1e:
                    a1:82:7d:95:36:1c:49:f4:ea:a9:d6:4f:74:94:02:
                    4f:8d:19:c5:7e:3d:59:05:81:75:4e:8f:56:8d:f2:
                    27:3f:4c:4b:fd:85:0e:8f:12:a7:22:0b:d2:e1:ae:
                    20:47:89:b3:a1:24:09:7b:62:69:be:c0:29:91:46:
                    10:f5:12:ec:ba:66:3b:83:70:02:22:bd:1d:94:89:
                    15:8b:c2:aa:15:52:f7:cb:df:0b:84:68:c9:9e:37:
                    b0:af:fa:8d:a9:18:24:e6:3d:c8:62:07:39:06:f7:
                    82:f4:b9:69:78:82:e0:f3:c0:db:92:96:77:67:e7:
                    02:36:cf:05:a7:50:02:26:bc:b3:c8:d4:37:be:9d:
                    fb:36:71:29:7e:de:67:98:ae:02:ca:3e:98:1f:be:
                    6c:1a:35:fc:57:85:00:e2:a8:0e:72:9c:80:9c:69:
                    73:85:6b:76:6a:23:4f:e7:76:d8:73:db:72:97:15:
                    89:16:b2:86:11:b1:77:97:9c:58:a8:fd:fd:d7:3f:
                    71:d9:0e:52:6f:a9:e4:fe:de:80:b0:14:25:14:d8:
                    52:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:08:5D:FF:9E:78:15:26:65:5D:DA:2D:E2:A2:54:B4:8D:CA:C9:22
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203062.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1d40::/44

    Signature Algorithm: sha256WithRSAEncryption
         88:ba:33:b5:3d:20:e2:12:88:b7:bf:ab:e7:bb:65:45:4b:64:
         aa:2d:5a:73:9b:c9:78:fa:8e:59:3d:6a:2e:68:8a:0a:72:48:
         29:c1:f4:66:99:3c:48:66:58:f0:56:8e:2d:3a:01:a8:d2:36:
         5c:42:72:f5:8a:7e:39:b1:23:61:58:d7:1f:a4:22:34:d7:8b:
         ce:f2:ff:5b:fe:f5:51:ad:55:de:56:87:a2:cf:34:b1:2f:38:
         37:b0:77:68:34:b4:f5:fa:5e:42:c1:3b:0f:14:03:c1:d2:11:
         80:93:d7:72:ef:bd:c1:ad:db:e2:57:f4:63:2d:6a:31:76:cc:
         5f:c5:ba:97:e0:59:71:e4:b6:3b:04:66:f4:e3:63:7b:2b:94:
         e0:1a:9e:35:06:08:30:6a:75:5d:63:90:20:b8:f7:46:fb:96:
         e6:8c:db:0a:bf:ba:5f:0d:d7:b7:6d:d5:9a:d1:6d:bb:69:79:
         f7:f8:9b:01:fc:be:d2:3c:9f:74:cf:ff:9e:ed:9a:1d:25:cd:
         a1:7f:07:de:05:6a:ab:f6:a0:ee:b3:1f:2c:d4:44:8c:b9:44:
         29:2d:71:e5:6c:2b:16:58:b0:27:ae:57:df:5a:97:36:f1:d3:
         10:57:4c:ad:c7:49:df:56:48:e2:8f:6b:b5:bf:a5:d8:bd:23:
         ed:46:f3:01
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUPMlm7pbCz/plaW95eTvWXl/O5KkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2NDNaFw0yNjA3MDIxNTUxNDNaMDMxMTAvBgNV
BAMTKDU1MDg1REZGOUU3ODE1MjY2NTVEREEyREUyQTI1NEI0OERDQUM5MjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD64kr8rC1g0CD4CH6SW8l4/TQo
JSv4dxDHbWPHmiVySeBc/hQmzQb1EMkjHqGCfZU2HEn06qnWT3SUAk+NGcV+PVkF
gXVOj1aN8ic/TEv9hQ6PEqciC9LhriBHibOhJAl7Ymm+wCmRRhD1Euy6ZjuDcAIi
vR2UiRWLwqoVUvfL3wuEaMmeN7Cv+o2pGCTmPchiBzkG94L0uWl4guDzwNuSlndn
5wI2zwWnUAImvLPI1De+nfs2cSl+3meYrgLKPpgfvmwaNfxXhQDiqA5ynICcaXOF
a3ZqI0/ndthz23KXFYkWsoYRsXeXnFio/f3XP3HZDlJvqeT+3oCwFCUU2FJDAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUVQhd/554FSZlXdot4qJUtI3KySIwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAzMDYyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBR1AMA0GCSqGSIb3DQEBCwUAA4IBAQCIujO1
PSDiEoi3v6vnu2VFS2SqLVpzm8l4+o5ZPWouaIoKckgpwfRmmTxIZljwVo4tOgGo
0jZcQnL1in45sSNhWNcfpCI014vO8v9b/vVRrVXeVoeizzSxLzg3sHdoNLT1+l5C
wTsPFAPB0hGAk9dy773BrdviV/RjLWoxdsxfxbqX4Flx5LY7BGb042N7K5TgGp41
BggwanVdY5AguPdG+5bmjNsKv7pfDde3bdWa0W27aXn3+JsB/L7SPJ90z/+e7Zod
Jc2hfwfeBWqr9qDusx8s1ESMuUQpLXHlbCsWWLAnrlffWpc28dMQV0ytx0nfVkji
j2u1v6XYvSPtRvMB
-----END CERTIFICATE-----