Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS210576.roa
File:                     AS210576.roa (raw, json)
Hash identifier:          k340VZ3K4h3Tlb3ZZzDim3OXM/Ak/6VR1lxb05zJ288=
Subject key identifier:   3E:AF:DD:D6:09:D3:CE:2D:80:7F:EC:45:4B:62:6B:B5:CD:4E:C2:D3
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       48D3A2874A24F3352D7F5C4AB095F3D1D1A77E56
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS210576.roa
Signing time:             Thu 03 Jul 2025 15:51:28 +0000
ROA not before:           Thu 03 Jul 2025 15:46:28 +0000
ROA not after:            Thu 02 Jul 2026 15:51:28 +0000
asID:                     210576
IP address blocks:        2a06:a005:1110::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:d3:a2:87:4a:24:f3:35:2d:7f:5c:4a:b0:95:f3:d1:d1:a7:7e:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:28 2025 GMT
            Not After : Jul  2 15:51:28 2026 GMT
        Subject: CN=3EAFDDD609D3CE2D807FEC454B626BB5CD4EC2D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:23:08:0b:e0:58:d7:50:a6:93:04:86:1c:25:
                    fb:34:46:d1:3a:01:59:4a:1e:6a:9b:82:88:57:c7:
                    04:75:1e:04:55:c1:19:ba:3b:e8:0d:28:6f:49:d9:
                    a5:26:82:6f:e2:8f:e2:4a:f8:bf:62:43:8c:50:3f:
                    22:d3:15:8f:3f:72:c7:62:c8:d7:b1:d5:5a:ec:65:
                    f2:d6:bc:b3:95:a2:5d:86:4c:f2:50:86:ad:a9:0c:
                    68:1c:96:4e:c8:ad:86:6c:d1:db:67:c7:b5:b3:98:
                    cf:a9:27:9b:76:e3:1a:6b:8a:72:83:51:a8:8f:f4:
                    e4:92:00:74:84:87:b6:9c:64:81:ad:88:dd:14:cf:
                    e1:83:28:fb:b5:a1:f7:b4:f4:ee:a1:4e:42:4c:75:
                    b7:d7:d9:6e:cd:c4:f6:03:be:3c:de:0f:08:68:5d:
                    b5:36:0d:14:3a:02:83:0d:82:71:f3:cc:6b:2b:2e:
                    38:25:6f:11:30:3f:48:a7:a3:27:8d:7a:86:93:a7:
                    66:c6:f1:c6:32:47:25:ef:7a:d5:58:cb:6e:6b:98:
                    75:a2:ee:17:26:bb:7e:20:1f:9b:23:4a:09:ca:b3:
                    a9:63:cc:02:75:e6:c2:fd:6e:1d:ec:92:c2:4b:de:
                    4e:dd:cf:27:71:83:00:a9:4d:75:85:b0:17:45:bc:
                    64:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:AF:DD:D6:09:D3:CE:2D:80:7F:EC:45:4B:62:6B:B5:CD:4E:C2:D3
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS210576.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1110::/44

    Signature Algorithm: sha256WithRSAEncryption
         a1:eb:05:5d:29:9e:1f:02:55:19:6f:aa:a2:d4:b0:13:20:14:
         92:1d:81:41:d9:dc:d8:37:98:bc:4d:87:1d:9b:b1:40:44:6c:
         5a:3c:cb:b3:71:a6:84:b4:06:88:0e:2c:51:91:4c:ae:e4:f5:
         80:da:82:16:d7:3b:84:c1:29:24:ed:dd:3e:c4:a6:07:fb:40:
         1b:e3:24:cf:07:1d:b6:70:e1:16:64:08:9d:47:71:22:e7:d9:
         76:90:36:74:ef:20:9f:87:3a:b8:1a:83:54:8b:81:4d:30:5c:
         23:6f:27:41:57:fd:5c:88:06:4e:8e:18:5c:4c:38:8c:c0:10:
         f1:6b:b8:5c:18:d7:a7:f8:20:85:30:62:f5:de:be:aa:75:52:
         a6:5a:f3:1d:03:d9:9a:84:af:a9:18:07:f4:30:4f:9e:ec:82:
         37:06:ba:dc:bc:6d:39:03:4b:f7:66:f9:0a:9f:01:56:d9:45:
         3c:a2:18:23:6b:9a:a2:5e:a9:c0:a3:f8:04:e2:fb:d3:2f:05:
         d0:a5:16:c1:4f:32:38:57:d2:71:84:a8:2e:02:51:2b:ac:78:
         d0:01:5d:1e:6b:e3:a1:26:17:d5:fb:5a:57:40:f6:0a:08:46:
         32:a9:a4:94:6f:9e:9d:1d:dc:1a:29:0f:aa:f8:ad:0c:b1:5a:
         4f:76:04:3d
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUSNOih0ok8zUtf1xKsJXz0dGnflYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MjhaFw0yNjA3MDIxNTUxMjhaMDMxMTAvBgNV
BAMTKDNFQUZEREQ2MDlEM0NFMkQ4MDdGRUM0NTRCNjI2QkI1Q0Q0RUMyRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIIwgL4FjXUKaTBIYcJfs0RtE6
AVlKHmqbgohXxwR1HgRVwRm6O+gNKG9J2aUmgm/ij+JK+L9iQ4xQPyLTFY8/csdi
yNex1VrsZfLWvLOVol2GTPJQhq2pDGgclk7IrYZs0dtnx7WzmM+pJ5t24xprinKD
UaiP9OSSAHSEh7acZIGtiN0Uz+GDKPu1ofe09O6hTkJMdbfX2W7NxPYDvjzeDwho
XbU2DRQ6AoMNgnHzzGsrLjglbxEwP0inoyeNeoaTp2bG8cYyRyXvetVYy25rmHWi
7hcmu34gH5sjSgnKs6ljzAJ15sL9bh3sksJL3k7dzydxgwCpTXWFsBdFvGTBAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUPq/d1gnTzi2Af+xFS2Jrtc1OwtMwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjEwNTc2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBREQMA0GCSqGSIb3DQEBCwUAA4IBAQCh6wVd
KZ4fAlUZb6qi1LATIBSSHYFB2dzYN5i8TYcdm7FARGxaPMuzcaaEtAaIDixRkUyu
5PWA2oIW1zuEwSkk7d0+xKYH+0Ab4yTPBx22cOEWZAidR3Ei59l2kDZ07yCfhzq4
GoNUi4FNMFwjbydBV/1ciAZOjhhcTDiMwBDxa7hcGNen+CCFMGL13r6qdVKmWvMd
A9mahK+pGAf0ME+e7II3BrrcvG05A0v3ZvkKnwFW2UU8ohgja5qiXqnAo/gE4vvT
LwXQpRbBTzI4V9JxhKguAlErrHjQAV0ea+OhJhfV+1pXQPYKCEYyqaSUb56dHdwa
KQ+q+K0MsVpPdgQ9
-----END CERTIFICATE-----