Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS205214.roa
File:                     AS205214.roa (raw, json)
Hash identifier:          WmfNw0cJC3D5XHtqL9AT5lmn9AJXEM0R8nKud0nvnmA=
Subject key identifier:   81:07:D2:45:AF:78:8F:F0:4E:53:67:5D:79:1A:17:61:CB:6A:4B:28
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       73C41297F0F91B139192E33EFD80968DE22E2880
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS205214.roa
Signing time:             Thu 03 Jul 2025 15:51:27 +0000
ROA not before:           Thu 03 Jul 2025 15:46:27 +0000
ROA not after:            Thu 02 Jul 2026 15:51:27 +0000
asID:                     205214
IP address blocks:        2a06:a005:830::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:c4:12:97:f0:f9:1b:13:91:92:e3:3e:fd:80:96:8d:e2:2e:28:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:27 2025 GMT
            Not After : Jul  2 15:51:27 2026 GMT
        Subject: CN=8107D245AF788FF04E53675D791A1761CB6A4B28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f3:22:b3:f4:37:a5:ee:93:15:c5:b2:85:ff:
                    c5:1d:4e:70:6f:25:dd:97:ef:2c:e2:a1:01:ef:d0:
                    90:8a:65:15:f9:d2:11:ed:54:fa:1d:3f:91:8e:e9:
                    db:29:6a:ba:bc:f5:9b:85:26:6e:17:2f:65:21:65:
                    8f:5a:88:9e:13:1a:43:31:93:83:14:72:c9:db:8b:
                    72:41:55:15:7c:b3:0f:55:17:b4:12:9d:45:8f:0d:
                    25:de:11:0b:25:5f:b7:fc:96:a1:3b:8e:f1:12:63:
                    a0:1b:ec:43:5a:b2:e8:50:79:c1:79:0c:5d:a1:d8:
                    96:0e:be:0e:a1:44:8c:31:54:a0:46:87:f7:51:a0:
                    af:c2:85:cc:0d:21:41:1b:b4:c9:e9:3f:34:0e:98:
                    a0:36:7a:28:53:39:12:66:44:bc:a1:87:5c:fe:a0:
                    d4:57:56:c4:63:d0:e7:bb:9c:6c:98:a7:4a:73:6b:
                    7b:8e:e8:72:7f:a4:22:da:1a:26:42:0f:c0:00:46:
                    f9:86:f0:8b:51:ef:a7:0c:59:a9:21:4e:4e:0a:34:
                    61:0a:87:a2:f6:76:46:8d:44:4f:62:73:9c:37:de:
                    b0:4a:e9:2f:37:53:6c:14:c7:43:21:37:78:5d:1b:
                    81:9d:a4:d2:51:2a:d4:ce:b1:1f:5b:be:c7:31:c4:
                    f6:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:07:D2:45:AF:78:8F:F0:4E:53:67:5D:79:1A:17:61:CB:6A:4B:28
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS205214.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:830::/44

    Signature Algorithm: sha256WithRSAEncryption
         42:ab:d2:f7:68:a1:6d:d6:2a:13:62:aa:42:57:1e:46:93:8c:
         31:55:d5:ad:dd:e4:72:23:50:df:54:31:d4:78:c1:ac:66:bf:
         5d:48:57:f7:cc:20:5e:25:b8:27:d7:64:e6:f3:c6:91:0b:ab:
         02:21:20:92:b0:bb:25:35:f1:97:76:26:b1:64:be:bf:cb:a8:
         25:7d:06:26:95:e4:96:ce:c0:a5:aa:ca:15:65:10:71:5d:12:
         62:c9:b2:af:73:e2:eb:06:d5:d6:dd:5a:69:14:a8:98:d7:a8:
         f5:33:9d:3d:98:2f:7d:90:be:79:31:a8:d3:09:28:a6:55:30:
         89:25:b3:36:58:50:36:dd:48:b1:d0:f1:50:cc:4e:2f:2a:83:
         18:5e:a4:93:89:cc:42:3e:01:ca:b6:e2:b2:14:f2:41:b5:8c:
         1f:27:5e:2d:1b:13:10:a5:e4:fe:26:8e:72:a9:6b:74:07:19:
         bb:53:7e:b5:f7:e7:4e:bb:04:9b:a8:6e:85:a0:d7:b0:25:d1:
         25:34:20:51:f6:d1:68:b1:5b:26:d0:10:3a:ea:66:af:87:5c:
         0b:7a:ef:7c:0f:90:96:c7:53:57:ae:b5:d5:3a:8e:3d:48:fc:
         22:ab:2e:e1:99:bc:a4:93:6d:a4:28:07:07:34:b8:04:23:54:
         20:a6:97:4e
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUc8QSl/D5GxORkuM+/YCWjeIuKIAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MjdaFw0yNjA3MDIxNTUxMjdaMDMxMTAvBgNV
BAMTKDgxMDdEMjQ1QUY3ODhGRjA0RTUzNjc1RDc5MUExNzYxQ0I2QTRCMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH8yKz9Del7pMVxbKF/8UdTnBv
Jd2X7yzioQHv0JCKZRX50hHtVPodP5GO6dsparq89ZuFJm4XL2UhZY9aiJ4TGkMx
k4MUcsnbi3JBVRV8sw9VF7QSnUWPDSXeEQslX7f8lqE7jvESY6Ab7ENasuhQecF5
DF2h2JYOvg6hRIwxVKBGh/dRoK/ChcwNIUEbtMnpPzQOmKA2eihTORJmRLyhh1z+
oNRXVsRj0Oe7nGyYp0pza3uO6HJ/pCLaGiZCD8AARvmG8ItR76cMWakhTk4KNGEK
h6L2dkaNRE9ic5w33rBK6S83U2wUx0MhN3hdG4GdpNJRKtTOsR9bvscxxPajAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUgQfSRa94j/BOU2ddeRoXYctqSygwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA1MjE0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQgwMA0GCSqGSIb3DQEBCwUAA4IBAQBCq9L3
aKFt1ioTYqpCVx5Gk4wxVdWt3eRyI1DfVDHUeMGsZr9dSFf3zCBeJbgn12Tm88aR
C6sCISCSsLslNfGXdiaxZL6/y6glfQYmleSWzsClqsoVZRBxXRJiybKvc+LrBtXW
3VppFKiY16j1M509mC99kL55MajTCSimVTCJJbM2WFA23Uix0PFQzE4vKoMYXqST
icxCPgHKtuKyFPJBtYwfJ14tGxMQpeT+Jo5yqWt0Bxm7U3619+dOuwSbqG6FoNew
JdElNCBR9tFosVsm0BA66mavh1wLeu98D5CWx1NXrrXVOo49SPwiqy7hmbykk22k
KAcHNLgEI1QgppdO
-----END CERTIFICATE-----