Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203415.roa
File:                     AS203415.roa (raw, json)
Hash identifier:          NMlyCJrvvL6JoCBVkB46ratm3/X/CeK/wGdS3Idg2gU=
Subject key identifier:   BC:A5:5C:5E:87:FE:FE:9B:30:62:B0:05:A5:ED:D4:4B:6C:1C:6D:A8
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       1B9119C4BE41E08FE7D5C15F2FE6CAC23243B2DB
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203415.roa
Signing time:             Thu 03 Jul 2025 15:52:13 +0000
ROA not before:           Thu 03 Jul 2025 15:47:13 +0000
ROA not after:            Thu 02 Jul 2026 15:52:13 +0000
asID:                     203415
IP address blocks:        2a06:a005:5ac::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:91:19:c4:be:41:e0:8f:e7:d5:c1:5f:2f:e6:ca:c2:32:43:b2:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:13 2025 GMT
            Not After : Jul  2 15:52:13 2026 GMT
        Subject: CN=BCA55C5E87FEFE9B3062B005A5EDD44B6C1C6DA8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:39:01:f7:23:30:23:6f:88:be:b8:bf:f5:2b:
                    e1:3e:b3:4b:d5:35:88:0a:c4:7b:63:7b:90:99:8a:
                    4e:e4:ac:fa:c8:db:ef:39:94:ae:e9:78:59:ee:41:
                    70:66:8c:17:a2:52:42:d0:a8:4c:6c:36:f6:f3:89:
                    e5:f1:c8:f1:f5:a1:03:69:d2:e0:35:1d:4a:43:5d:
                    f8:ac:38:78:a6:57:51:92:45:50:ef:fe:e2:06:c9:
                    13:e0:39:fa:a3:99:14:18:de:d3:34:db:eb:c4:e0:
                    12:f5:c6:94:60:9e:f6:6c:99:a9:ba:0e:27:b8:a8:
                    46:22:b1:e5:67:5e:29:95:0e:7d:a3:61:2f:0b:96:
                    4a:6c:8b:a5:80:6f:3c:61:b1:ea:1f:56:2f:0c:bf:
                    90:93:a7:50:9c:12:eb:da:8e:fc:55:5e:53:32:7d:
                    1b:7a:05:81:7b:73:08:f0:e0:fb:aa:a1:fc:76:9e:
                    be:69:89:fc:bc:35:c8:e0:50:f0:e4:d0:8c:d1:d9:
                    0a:58:ee:af:f6:7f:0c:4d:30:b9:3e:91:cf:aa:19:
                    8f:0f:00:10:ce:96:9f:ab:f7:c3:cd:36:72:da:8d:
                    0c:73:d4:71:dd:d0:a5:3f:ed:03:56:b8:f7:ed:1c:
                    d3:10:ba:f1:0d:e2:85:b2:e1:8a:ce:73:55:f2:5b:
                    8b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:A5:5C:5E:87:FE:FE:9B:30:62:B0:05:A5:ED:D4:4B:6C:1C:6D:A8
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203415.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:b3:93:d4:a7:0e:c2:b8:a8:f9:0f:9a:8a:cc:26:d4:55:03:
         c2:0b:9d:5f:ce:d8:8d:06:b3:27:47:fb:41:b1:12:5c:7b:50:
         7f:d6:77:d6:72:88:60:b3:eb:b0:2f:ee:55:c8:6a:b8:1f:72:
         6d:61:6b:fc:27:9c:61:fa:bb:a0:b1:fe:13:be:d7:a5:e7:98:
         0d:a8:90:6b:a0:0b:12:44:6a:60:c4:5e:58:b0:ec:48:38:00:
         3d:84:33:44:17:64:3c:5e:13:31:05:8a:10:68:e8:cd:21:a4:
         03:f4:c9:47:30:db:41:eb:e7:73:62:52:a9:22:cd:17:d6:c9:
         f5:ef:6f:df:45:f2:04:f5:61:72:3b:25:ec:9e:20:ed:ec:30:
         78:14:cd:91:ed:8a:8b:26:58:75:99:86:b7:04:21:b2:98:04:
         7c:ab:0d:e3:6f:6e:0a:e8:07:72:43:3d:79:5c:e1:9b:2c:22:
         03:ba:8e:c3:f3:64:a9:4d:2b:22:7d:3d:69:d4:9f:8c:54:27:
         a1:89:c7:05:ad:dc:32:6d:c8:7a:f9:6f:b3:32:03:ab:6f:8c:
         6a:36:64:8e:22:55:db:6f:32:5b:73:67:e6:9e:d1:17:17:3d:
         39:c2:49:11:f8:ee:7b:97:6b:25:43:f2:ca:c0:46:fc:a7:de:
         bf:e7:8c:8a
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUG5EZxL5B4I/n1cFfL+bKwjJDstswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MTNaFw0yNjA3MDIxNTUyMTNaMDMxMTAvBgNV
BAMTKEJDQTU1QzVFODdGRUZFOUIzMDYyQjAwNUE1RURENDRCNkMxQzZEQTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiOQH3IzAjb4i+uL/1K+E+s0vV
NYgKxHtje5CZik7krPrI2+85lK7peFnuQXBmjBeiUkLQqExsNvbzieXxyPH1oQNp
0uA1HUpDXfisOHimV1GSRVDv/uIGyRPgOfqjmRQY3tM02+vE4BL1xpRgnvZsmam6
Die4qEYiseVnXimVDn2jYS8Llkpsi6WAbzxhseofVi8Mv5CTp1CcEuvajvxVXlMy
fRt6BYF7cwjw4Puqofx2nr5pify8NcjgUPDk0IzR2QpY7q/2fwxNMLk+kc+qGY8P
ABDOlp+r98PNNnLajQxz1HHd0KU/7QNWuPftHNMQuvEN4oWy4YrOc1XyW4vRAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUvKVcXof+/pswYrAFpe3US2wcbagwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAzNDE1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQWsMA0GCSqGSIb3DQEBCwUAA4IBAQCls5PU
pw7CuKj5D5qKzCbUVQPCC51fztiNBrMnR/tBsRJce1B/1nfWcohgs+uwL+5VyGq4
H3JtYWv8J5xh+rugsf4Tvtel55gNqJBroAsSRGpgxF5YsOxIOAA9hDNEF2Q8XhMx
BYoQaOjNIaQD9MlHMNtB6+dzYlKpIs0X1sn172/fRfIE9WFyOyXsniDt7DB4FM2R
7YqLJlh1mYa3BCGymAR8qw3jb24K6AdyQz15XOGbLCIDuo7D82SpTSsifT1p1J+M
VCehiccFrdwybch6+W+zMgOrb4xqNmSOIlXbbzJbc2fmntEXFz05wkkR+O57l2sl
Q/LKwEb8p96/54yK
-----END CERTIFICATE-----