Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS205214.roa
File:                     AS205214.roa (raw, json)
Hash identifier:          9YYmkqdY/mDQshXN09A5PCPxig64Y/VKpWgK6Ita6io=
Subject key identifier:   CC:75:41:12:2A:10:D6:1D:C3:49:53:9D:C3:AE:DA:A1:4D:A7:9B:8C
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       65FACB8EA13D3D87DCF42CB63BFCBA478FEC9872
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS205214.roa
Signing time:             Thu 04 Jun 2026 15:58:50 +0000
ROA not before:           Thu 04 Jun 2026 15:53:50 +0000
ROA not after:            Thu 03 Jun 2027 15:58:50 +0000
asID:                     205214
IP address blocks:        2a06:a005:830::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:fa:cb:8e:a1:3d:3d:87:dc:f4:2c:b6:3b:fc:ba:47:8f:ec:98:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:50 2026 GMT
            Not After : Jun  3 15:58:50 2027 GMT
        Subject: CN=CC7541122A10D61DC349539DC3AEDAA14DA79B8C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c3:bc:24:60:c4:14:55:98:61:ab:84:80:54:
                    4a:fd:8e:3e:5c:f5:07:d4:3b:7e:2e:ea:54:9c:d9:
                    be:23:c0:0a:4f:b6:29:34:7f:ff:8b:14:d8:84:53:
                    ee:90:ff:5d:db:ac:99:ac:dc:1e:d8:02:1b:1b:8d:
                    31:25:29:71:54:23:51:a0:e9:9a:a4:cc:65:da:a3:
                    f4:10:72:05:bf:17:9e:cb:30:38:42:c5:fc:74:2b:
                    d4:76:a3:57:9a:1d:a4:30:36:74:0f:34:77:80:39:
                    c7:63:9c:73:d4:93:b9:b8:f3:a4:e6:af:40:04:a6:
                    d9:d1:b2:cb:f6:e9:01:f9:b9:c9:cc:a3:82:ec:f3:
                    f3:8f:5d:25:68:d7:8b:2a:d8:d2:ae:0f:50:73:03:
                    8e:15:37:19:4a:45:0f:2b:dc:eb:c7:97:06:99:97:
                    6e:a0:7f:5b:54:8d:71:e8:b5:8a:9f:72:b8:d4:85:
                    fb:3d:ed:2b:96:d6:c1:a7:38:f5:da:5e:6b:84:e8:
                    4f:f9:74:90:73:c0:f0:1d:e9:38:b0:3b:41:c4:ae:
                    60:08:c7:27:ce:5d:ae:75:87:91:a9:2f:78:a9:40:
                    11:36:49:27:19:78:d9:60:32:fe:fd:ca:f7:3d:2a:
                    32:f8:65:ae:90:e3:4e:5d:6e:11:04:0d:f0:5e:65:
                    3d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:75:41:12:2A:10:D6:1D:C3:49:53:9D:C3:AE:DA:A1:4D:A7:9B:8C
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS205214.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:830::/44

    Signature Algorithm: sha256WithRSAEncryption
         c7:90:d0:68:b7:a7:b9:7d:ae:4e:45:2b:cd:d1:9c:5d:70:23:
         9b:95:87:ab:75:96:d1:9d:3f:1c:74:96:c1:48:99:cc:de:42:
         d6:7f:65:e4:d3:dc:b4:5e:43:96:84:f3:3e:59:79:f7:50:78:
         3c:20:9a:30:b3:fb:9d:01:b0:c3:e2:75:68:98:64:b9:e1:ea:
         22:b6:60:66:bd:1c:19:1c:2e:bf:12:a6:e8:99:65:90:03:98:
         f9:9f:f2:91:8c:80:dc:7e:ec:04:c5:10:50:57:39:21:42:77:
         da:c6:6b:63:80:6c:ff:3d:98:f6:97:1e:8a:23:7b:1a:b8:77:
         27:17:d6:7e:41:28:54:cd:47:83:63:94:1f:2a:2c:1b:8e:cd:
         80:83:a2:3b:6c:6f:07:13:4b:57:1b:e7:ed:84:ce:c0:86:97:
         8c:3d:ea:2a:d8:26:8c:9d:9f:88:24:e0:75:e1:9d:d3:2f:f6:
         b1:d8:c9:47:5e:b6:d4:7b:70:1d:8c:82:0b:3f:96:2f:af:e2:
         71:80:b6:64:a1:41:de:8c:1b:31:bf:34:3e:5d:1b:d3:13:56:
         49:e7:7d:a8:fa:81:96:e2:30:b2:61:56:67:ed:73:7b:8e:7c:
         5f:cb:da:8d:b2:be:f1:20:20:13:85:c0:16:b8:96:5a:88:ed:
         76:1b:2b:36
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUZfrLjqE9PYfc9Cy2O/y6R4/smHIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTBaFw0yNzA2MDMxNTU4NTBaMDMxMTAvBgNV
BAMTKENDNzU0MTEyMkExMEQ2MURDMzQ5NTM5REMzQUVEQUExNERBNzlCOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJw7wkYMQUVZhhq4SAVEr9jj5c
9QfUO34u6lSc2b4jwApPtik0f/+LFNiEU+6Q/13brJms3B7YAhsbjTElKXFUI1Gg
6ZqkzGXao/QQcgW/F57LMDhCxfx0K9R2o1eaHaQwNnQPNHeAOcdjnHPUk7m486Tm
r0AEptnRssv26QH5ucnMo4Ls8/OPXSVo14sq2NKuD1BzA44VNxlKRQ8r3OvHlwaZ
l26gf1tUjXHotYqfcrjUhfs97SuW1sGnOPXaXmuE6E/5dJBzwPAd6TiwO0HErmAI
xyfOXa51h5GpL3ipQBE2SScZeNlgMv79yvc9KjL4Za6Q405dbhEEDfBeZT2FAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUzHVBEioQ1h3DSVOdw67aoU2nm4wwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA1MjE0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQgwMA0GCSqGSIb3DQEBCwUAA4IBAQDHkNBo
t6e5fa5ORSvN0ZxdcCOblYerdZbRnT8cdJbBSJnM3kLWf2Xk09y0XkOWhPM+WXn3
UHg8IJows/udAbDD4nVomGS54eoitmBmvRwZHC6/EqbomWWQA5j5n/KRjIDcfuwE
xRBQVzkhQnfaxmtjgGz/PZj2lx6KI3sauHcnF9Z+QShUzUeDY5QfKiwbjs2Ag6I7
bG8HE0tXG+fthM7AhpeMPeoq2CaMnZ+IJOB14Z3TL/ax2MlHXrbUe3AdjIILP5Yv
r+JxgLZkoUHejBsxvzQ+XRvTE1ZJ532o+oGW4jCyYVZn7XN7jnxfy9qNsr7xICAT
hcAWuJZaiO12Gys2
-----END CERTIFICATE-----