Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS205088.roa
File:                     AS205088.roa (raw, json)
Hash identifier:          xOajnl9e49x8bFfl3efrhfGcVJygYoVOKCIeOVNYBEk=
Subject key identifier:   65:BE:C3:99:0B:A7:17:EA:E6:1C:DE:3F:6E:5C:A6:40:6A:8A:72:6A
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       37F52026EEFBCFF7ABC5DC66B36A2007B7AFEEFE
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS205088.roa
Signing time:             Thu 03 Jul 2025 15:51:41 +0000
ROA not before:           Thu 03 Jul 2025 15:46:41 +0000
ROA not after:            Thu 02 Jul 2026 15:51:41 +0000
asID:                     205088
IP address blocks:        2a06:a005:bc0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:f5:20:26:ee:fb:cf:f7:ab:c5:dc:66:b3:6a:20:07:b7:af:ee:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:41 2025 GMT
            Not After : Jul  2 15:51:41 2026 GMT
        Subject: CN=65BEC3990BA717EAE61CDE3F6E5CA6406A8A726A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:61:68:b7:13:46:5e:90:09:78:a2:8b:eb:68:
                    1f:e5:b1:74:09:db:e5:b5:c7:23:70:ff:da:34:0d:
                    38:51:f3:e2:81:81:e9:df:1b:2f:d2:6d:e7:2d:68:
                    74:93:46:b2:71:06:3b:bd:a9:43:15:f1:7d:70:60:
                    26:14:9c:05:8b:a7:37:07:9a:c3:d1:f2:f0:84:98:
                    7b:f3:3c:6f:a6:9c:11:71:06:ce:77:87:cf:3e:92:
                    bc:94:9d:b5:e3:f0:20:35:e1:c2:ba:08:aa:16:1e:
                    56:de:8e:23:93:89:f4:c2:6f:a3:64:cf:d5:bc:2d:
                    b6:7b:83:a9:ac:7b:f2:c6:00:ba:f1:4e:ae:9b:76:
                    61:ee:33:5a:a0:7f:0c:97:4c:5f:8e:5e:40:85:47:
                    4c:59:cf:24:eb:c1:3a:37:26:b7:2c:0a:58:98:82:
                    c0:1f:97:48:ff:48:6a:30:60:a2:2f:1e:b0:d1:4c:
                    7f:de:a0:d2:6e:a8:dc:e7:9d:f4:d7:de:d3:0a:a6:
                    5f:fd:33:74:15:42:93:60:22:7e:06:dd:8d:94:6e:
                    31:4c:eb:b9:d4:0a:ee:70:da:66:73:8c:57:3e:af:
                    4b:6b:54:a0:73:0c:05:49:8f:9e:3c:da:43:ad:28:
                    d9:f8:d5:81:07:c1:4d:c1:a9:5f:35:ea:40:3e:83:
                    26:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:BE:C3:99:0B:A7:17:EA:E6:1C:DE:3F:6E:5C:A6:40:6A:8A:72:6A
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS205088.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:bc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         aa:bd:01:6e:0c:c5:4b:bd:2c:71:26:e3:15:d4:5a:28:36:44:
         4a:97:59:4c:32:97:50:60:a1:8a:ab:11:b2:68:00:35:2e:3b:
         95:ba:d5:3a:fb:2f:91:06:9c:23:c9:d5:90:2c:37:a1:49:d2:
         ca:9c:76:87:91:37:19:5d:83:2b:e1:a1:ea:11:d1:d0:4c:b4:
         ce:22:c3:c5:d0:7e:90:d9:49:3c:8a:cd:05:67:a4:8a:b4:cc:
         80:7f:7e:39:3f:e9:12:7a:ed:f7:6a:ae:72:04:d6:c7:75:51:
         18:d5:d7:01:35:cd:c8:a2:12:f1:38:62:6a:52:ff:18:15:cb:
         6a:0e:16:5a:24:69:1d:01:0e:ea:54:5f:5e:35:1f:3c:92:ce:
         68:e8:1d:00:79:44:80:72:06:98:f9:20:f5:a9:2b:76:03:e9:
         e4:5d:c2:c6:f0:1f:67:ec:bf:e9:3c:8f:35:8c:db:02:b8:d5:
         97:cf:44:cf:76:ed:87:75:a8:66:c5:ee:72:1c:7f:0a:65:45:
         8a:de:5b:8e:28:a0:7b:66:fc:aa:69:07:5c:04:97:69:38:4b:
         dc:ad:a0:d9:79:0f:7a:48:08:ba:03:4f:e3:18:a6:4b:1c:4c:
         02:85:75:86:09:12:15:0c:cc:1b:5c:12:7e:21:77:8b:45:21:
         57:64:77:74
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUN/UgJu77z/erxdxms2ogB7ev7v4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2NDFaFw0yNjA3MDIxNTUxNDFaMDMxMTAvBgNV
BAMTKDY1QkVDMzk5MEJBNzE3RUFFNjFDREUzRjZFNUNBNjQwNkE4QTcyNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrYWi3E0ZekAl4oovraB/lsXQJ
2+W1xyNw/9o0DThR8+KBgenfGy/SbectaHSTRrJxBju9qUMV8X1wYCYUnAWLpzcH
msPR8vCEmHvzPG+mnBFxBs53h88+kryUnbXj8CA14cK6CKoWHlbejiOTifTCb6Nk
z9W8LbZ7g6mse/LGALrxTq6bdmHuM1qgfwyXTF+OXkCFR0xZzyTrwTo3JrcsCliY
gsAfl0j/SGowYKIvHrDRTH/eoNJuqNznnfTX3tMKpl/9M3QVQpNgIn4G3Y2UbjFM
67nUCu5w2mZzjFc+r0trVKBzDAVJj5482kOtKNn41YEHwU3BqV816kA+gybRAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUZb7DmQunF+rmHN4/blymQGqKcmowHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA1MDg4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQvAMA0GCSqGSIb3DQEBCwUAA4IBAQCqvQFu
DMVLvSxxJuMV1FooNkRKl1lMMpdQYKGKqxGyaAA1LjuVutU6+y+RBpwjydWQLDeh
SdLKnHaHkTcZXYMr4aHqEdHQTLTOIsPF0H6Q2Uk8is0FZ6SKtMyAf345P+kSeu33
aq5yBNbHdVEY1dcBNc3IohLxOGJqUv8YFctqDhZaJGkdAQ7qVF9eNR88ks5o6B0A
eUSAcgaY+SD1qSt2A+nkXcLG8B9n7L/pPI81jNsCuNWXz0TPdu2Hdahmxe5yHH8K
ZUWK3luOKKB7ZvyqaQdcBJdpOEvcraDZeQ96SAi6A0/jGKZLHEwChXWGCRIVDMwb
XBJ+IXeLRSFXZHd0
-----END CERTIFICATE-----