Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS210932.roa
File:                     AS210932.roa (raw, json)
Hash identifier:          ckW2e7ukdjV30Me2Jm6G77UMClxGauB/6DhqehhRp7Q=
Subject key identifier:   6B:25:C4:55:9C:E0:BA:F8:17:16:0B:B2:A1:A0:AE:26:FF:09:1F:84
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       3C1F114205CA472DB3B52CCAEA3F81C1D76C7067
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS210932.roa
Signing time:             Thu 03 Jul 2025 15:52:18 +0000
ROA not before:           Thu 03 Jul 2025 15:47:18 +0000
ROA not after:            Thu 02 Jul 2026 15:52:18 +0000
asID:                     210932
IP address blocks:        2a06:a005:570::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:1f:11:42:05:ca:47:2d:b3:b5:2c:ca:ea:3f:81:c1:d7:6c:70:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:18 2025 GMT
            Not After : Jul  2 15:52:18 2026 GMT
        Subject: CN=6B25C4559CE0BAF817160BB2A1A0AE26FF091F84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c1:e4:35:d0:fb:48:53:2c:3a:3b:6c:3e:ad:
                    0e:46:26:02:89:7c:68:5d:69:b7:36:41:cf:77:4d:
                    59:b3:17:97:6c:61:8d:a2:21:49:49:60:a6:8a:1f:
                    d5:80:8c:43:30:a2:6e:ea:bd:d7:9a:5d:28:42:0f:
                    6c:15:b3:e1:6a:0e:4c:33:91:06:c1:3b:86:70:cd:
                    bc:1e:a5:e0:e2:5a:ec:33:3e:9b:ca:ee:15:d6:60:
                    23:a1:99:44:25:ef:ab:a3:89:29:1e:46:62:cc:92:
                    a3:6f:80:f8:ed:15:c1:bd:2e:c9:aa:60:63:a3:27:
                    db:8f:b8:05:52:36:16:30:b7:28:40:37:c4:cb:15:
                    87:a8:02:7f:d8:24:81:71:57:19:16:9b:f0:91:6c:
                    4a:4a:85:08:23:6f:78:e3:15:53:dc:d4:9e:a1:19:
                    c8:7a:20:8f:fd:21:c9:21:f3:bd:8c:bf:f6:6b:d3:
                    06:04:36:44:24:15:25:fa:6c:36:91:fa:3c:f8:4c:
                    05:5c:be:0d:a2:cd:e9:82:45:11:7e:f3:ec:3a:c4:
                    83:8b:4f:c5:67:7a:09:17:d7:79:9a:7c:17:19:96:
                    70:aa:df:10:8d:33:4e:c6:3b:99:f9:d5:f2:39:d8:
                    68:5a:65:8e:fe:58:83:05:d6:3d:33:b3:4a:b9:ea:
                    d1:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:25:C4:55:9C:E0:BA:F8:17:16:0B:B2:A1:A0:AE:26:FF:09:1F:84
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS210932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:570::/44

    Signature Algorithm: sha256WithRSAEncryption
         8a:e9:e9:5a:4f:fa:1d:e8:5f:5b:bc:3a:59:4d:e1:cb:e5:30:
         c4:9f:c4:b2:dc:05:39:20:16:8e:1b:49:d6:77:ce:ad:28:52:
         12:3d:19:a8:da:03:1e:ab:5d:ba:c5:a0:f1:31:31:6d:8e:a4:
         e9:44:23:ab:af:cf:39:ca:38:36:bc:41:0c:f5:08:3e:fd:75:
         ba:8e:1c:8d:23:1f:7e:2e:4f:41:3f:fc:e7:0c:dc:e4:61:7b:
         19:d5:3f:3c:a9:49:0e:f1:bc:03:79:3a:73:0e:80:18:15:20:
         9b:b4:82:fd:d7:b4:d2:f3:b5:9a:e6:e7:cc:e3:ea:65:1a:78:
         54:2d:3a:c1:57:a0:36:15:08:0a:51:4f:27:c4:5e:79:e8:3a:
         dc:94:8f:ba:5a:b8:bc:83:3b:87:51:3c:e8:84:bf:62:5e:2d:
         fe:13:f1:c8:7a:75:46:f9:d4:d3:e9:5a:34:2f:a7:92:01:77:
         27:6d:74:97:79:8c:7c:97:b7:cb:68:97:08:2a:4a:c7:76:3c:
         25:c8:b9:44:60:19:2b:ef:8d:5b:b6:8d:62:22:d7:d6:57:a7:
         9b:b2:e0:56:32:0e:aa:51:c6:da:a1:0d:fa:d1:0d:62:ac:4b:
         6f:2a:7b:3a:07:84:3c:46:45:15:a7:d3:e8:b4:34:a3:a4:10:
         86:7b:11:49
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUPB8RQgXKRy2ztSzK6j+BwddscGcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MThaFw0yNjA3MDIxNTUyMThaMDMxMTAvBgNV
BAMTKDZCMjVDNDU1OUNFMEJBRjgxNzE2MEJCMkExQTBBRTI2RkYwOTFGODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfweQ10PtIUyw6O2w+rQ5GJgKJ
fGhdabc2Qc93TVmzF5dsYY2iIUlJYKaKH9WAjEMwom7qvdeaXShCD2wVs+FqDkwz
kQbBO4ZwzbwepeDiWuwzPpvK7hXWYCOhmUQl76ujiSkeRmLMkqNvgPjtFcG9Lsmq
YGOjJ9uPuAVSNhYwtyhAN8TLFYeoAn/YJIFxVxkWm/CRbEpKhQgjb3jjFVPc1J6h
Gch6II/9Ickh872Mv/Zr0wYENkQkFSX6bDaR+jz4TAVcvg2izemCRRF+8+w6xIOL
T8VnegkX13mafBcZlnCq3xCNM07GO5n51fI52GhaZY7+WIMF1j0zs0q56tFrAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUayXEVZzguvgXFguyoaCuJv8JH4QwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjEwOTMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQVwMA0GCSqGSIb3DQEBCwUAA4IBAQCK6ela
T/od6F9bvDpZTeHL5TDEn8Sy3AU5IBaOG0nWd86tKFISPRmo2gMeq126xaDxMTFt
jqTpRCOrr885yjg2vEEM9Qg+/XW6jhyNIx9+Lk9BP/znDNzkYXsZ1T88qUkO8bwD
eTpzDoAYFSCbtIL917TS87Wa5ufM4+plGnhULTrBV6A2FQgKUU8nxF556DrclI+6
Wri8gzuHUTzohL9iXi3+E/HIenVG+dTT6Vo0L6eSAXcnbXSXeYx8l7fLaJcIKkrH
djwlyLlEYBkr741bto1iItfWV6ebsuBWMg6qUcbaoQ360Q1irEtvKns6B4Q8RkUV
p9PotDSjpBCGexFJ
-----END CERTIFICATE-----