Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS204693.roa
File:                     AS204693.roa (raw, json)
Hash identifier:          +SlsOSULJXY6NkA7eA2iWyfMSOIAK+66hBUybexj2hY=
Subject key identifier:   91:BB:56:09:7D:CA:22:ED:FE:D8:F9:B8:C8:0F:CF:30:87:3D:F2:89
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       177480D3559990384DBC1A38959BCA279D68BB47
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS204693.roa
Signing time:             Thu 03 Jul 2025 15:52:13 +0000
ROA not before:           Thu 03 Jul 2025 15:47:13 +0000
ROA not after:            Thu 02 Jul 2026 15:52:13 +0000
asID:                     204693
IP address blocks:        2a06:a005:ce0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:74:80:d3:55:99:90:38:4d:bc:1a:38:95:9b:ca:27:9d:68:bb:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:13 2025 GMT
            Not After : Jul  2 15:52:13 2026 GMT
        Subject: CN=91BB56097DCA22EDFED8F9B8C80FCF30873DF289
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:60:25:3a:ff:12:b9:f5:0d:fc:72:34:c3:10:
                    4a:5e:fa:cf:ba:77:75:99:4a:c1:a1:e9:fe:00:86:
                    fe:2d:eb:81:2e:7d:06:f5:94:ea:18:5e:03:1c:22:
                    8d:1d:7a:00:08:a9:44:5a:ee:4f:8d:7c:e5:18:33:
                    ca:3c:3b:c7:ee:89:62:40:33:9c:ee:97:ea:0d:6b:
                    86:95:85:08:87:a2:2c:ae:ef:8f:ed:57:4c:c1:ec:
                    cc:f3:50:e8:6f:e6:70:4a:7e:e6:6a:fe:ef:c1:c0:
                    e3:3f:09:f7:f3:97:f5:20:cd:19:1d:89:bb:c6:be:
                    0f:d8:3b:ef:7c:99:fb:1b:00:a2:c6:9a:d6:a0:7f:
                    06:10:de:c0:be:9d:55:6b:6e:23:36:d3:6f:26:81:
                    48:66:c1:40:17:5d:c8:f8:ec:e4:ee:52:2c:de:3a:
                    8c:c0:6d:4f:8c:88:04:72:cf:11:9c:b4:a6:37:f1:
                    a2:b4:0b:8c:35:56:0b:45:77:14:31:83:62:5f:42:
                    0f:8b:94:27:77:5a:04:c1:03:db:66:3f:5e:dc:d8:
                    ea:e5:c6:0e:72:79:4d:5a:a4:3c:da:44:2a:f9:32:
                    c2:62:c3:dd:09:16:50:9c:2c:9b:a7:51:e5:13:d6:
                    b3:8c:cc:ef:67:90:41:2a:ec:1b:18:8f:18:8d:0a:
                    b7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:BB:56:09:7D:CA:22:ED:FE:D8:F9:B8:C8:0F:CF:30:87:3D:F2:89
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS204693.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:ce0::/44

    Signature Algorithm: sha256WithRSAEncryption
         be:b6:45:1f:b5:a1:ad:36:3c:72:26:5b:fe:31:af:e3:4f:f9:
         ea:bc:cd:84:b1:aa:a8:61:e8:8f:50:5e:51:dd:c5:a3:51:db:
         6f:de:f3:1b:93:10:e4:fc:ff:7f:d9:e7:e2:8b:06:62:1f:b7:
         45:14:db:67:f7:3d:21:aa:a8:35:52:b9:19:5b:e2:11:a8:c9:
         12:c1:18:a1:68:2d:65:c2:e8:ec:4c:81:e6:de:eb:c8:e6:4e:
         85:b0:1a:69:2c:74:ab:4f:33:cd:b0:53:07:bd:32:b2:85:d5:
         e8:dd:d6:46:54:a6:fb:c7:8c:59:a3:4b:5f:ea:6a:35:b7:11:
         d9:f0:49:22:ea:0e:7e:22:1c:3f:fe:dc:cb:42:44:58:19:2e:
         a5:90:67:a2:3c:e7:43:bf:74:37:06:7e:98:96:ca:a1:1d:68:
         82:0e:c1:b4:bd:81:38:21:7f:db:c2:0f:5c:f3:5a:9f:d0:91:
         80:ae:5d:f8:e9:8d:e8:16:f4:86:33:39:92:0d:37:f0:7c:61:
         83:e4:11:51:ac:28:40:a7:75:f2:e7:c4:d4:18:a2:6c:d7:7c:
         f6:2b:45:48:2f:4b:58:61:84:3d:b4:75:71:44:24:ca:f0:cb:
         73:53:05:d4:3c:ee:ee:59:d6:42:6e:cf:91:dd:6d:d6:07:75:
         3b:45:23:c7
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUF3SA01WZkDhNvBo4lZvKJ51ou0cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MTNaFw0yNjA3MDIxNTUyMTNaMDMxMTAvBgNV
BAMTKDkxQkI1NjA5N0RDQTIyRURGRUQ4RjlCOEM4MEZDRjMwODczREYyODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuYCU6/xK59Q38cjTDEEpe+s+6
d3WZSsGh6f4Ahv4t64EufQb1lOoYXgMcIo0degAIqURa7k+NfOUYM8o8O8fuiWJA
M5zul+oNa4aVhQiHoiyu74/tV0zB7MzzUOhv5nBKfuZq/u/BwOM/Cffzl/UgzRkd
ibvGvg/YO+98mfsbAKLGmtagfwYQ3sC+nVVrbiM2028mgUhmwUAXXcj47OTuUize
OozAbU+MiARyzxGctKY38aK0C4w1VgtFdxQxg2JfQg+LlCd3WgTBA9tmP17c2Orl
xg5yeU1apDzaRCr5MsJiw90JFlCcLJunUeUT1rOMzO9nkEEq7BsYjxiNCretAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUkbtWCX3KIu3+2Pm4yA/PMIc98okwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA0NjkzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQzgMA0GCSqGSIb3DQEBCwUAA4IBAQC+tkUf
taGtNjxyJlv+Ma/jT/nqvM2EsaqoYeiPUF5R3cWjUdtv3vMbkxDk/P9/2efiiwZi
H7dFFNtn9z0hqqg1UrkZW+IRqMkSwRihaC1lwujsTIHm3uvI5k6FsBppLHSrTzPN
sFMHvTKyhdXo3dZGVKb7x4xZo0tf6mo1txHZ8Eki6g5+Ihw//tzLQkRYGS6lkGei
POdDv3Q3Bn6YlsqhHWiCDsG0vYE4IX/bwg9c81qf0JGArl346Y3oFvSGMzmSDTfw
fGGD5BFRrChAp3Xy58TUGKJs13z2K0VIL0tYYYQ9tHVxRCTK8MtzUwXUPO7uWdZC
bs+R3W3WB3U7RSPH
-----END CERTIFICATE-----