Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS210932.roa
File:                     AS210932.roa (raw, json)
Hash identifier:          eOoDhMiPgwnlYIo7fV+NxHJh06GpylsuGYnkicxXYdE=
Subject key identifier:   AC:F1:68:4D:19:78:6F:C5:C9:EC:18:89:42:A3:98:3F:27:EA:78:76
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       378C1C21A4115C560867CA8225E559470979B8AF
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS210932.roa
Signing time:             Thu 04 Jun 2026 15:58:54 +0000
ROA not before:           Thu 04 Jun 2026 15:53:54 +0000
ROA not after:            Thu 03 Jun 2027 15:58:54 +0000
asID:                     210932
IP address blocks:        2a06:a005:570::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:8c:1c:21:a4:11:5c:56:08:67:ca:82:25:e5:59:47:09:79:b8:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:54 2026 GMT
            Not After : Jun  3 15:58:54 2027 GMT
        Subject: CN=ACF1684D19786FC5C9EC188942A3983F27EA7876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:35:67:11:e0:62:48:b8:aa:7c:1f:c8:40:c2:
                    d0:f1:35:79:6b:65:87:70:fb:10:ac:ec:94:98:0f:
                    fa:0c:9a:60:81:28:94:a2:86:84:b9:0f:a3:22:32:
                    85:05:64:50:d5:04:01:55:06:80:0f:8b:e2:d0:49:
                    d6:e8:77:73:1c:85:d0:69:91:4d:bd:e6:7f:21:24:
                    59:4f:1b:26:bd:d6:2e:b2:27:ef:8a:35:09:f6:27:
                    85:ca:bf:62:37:b3:a6:ba:f7:d2:e5:6a:9f:73:dd:
                    d2:9b:0d:15:a5:ab:7a:39:cc:c8:f1:4a:25:5a:d1:
                    64:93:5b:8e:a9:3a:c8:dc:1a:9c:ab:87:b4:fb:35:
                    a3:b4:ec:bb:2b:9e:74:50:4f:c6:f4:88:b8:4c:47:
                    c6:63:56:1b:31:3c:aa:fd:f9:76:50:90:5d:9c:ee:
                    91:c3:fa:06:9c:f8:85:a3:4e:37:76:51:de:87:18:
                    5d:52:e5:c5:cb:c8:d5:61:41:5e:ca:a9:d7:b2:17:
                    f0:e1:2e:51:1f:67:c9:f6:91:ae:42:68:65:85:7d:
                    8e:e0:c6:0d:1d:82:d3:41:62:42:76:d8:87:85:63:
                    90:d3:de:b4:ab:d0:6c:06:08:55:7b:88:67:2d:ee:
                    66:27:79:04:84:e1:32:5c:3b:f4:46:c2:03:50:3a:
                    bf:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:F1:68:4D:19:78:6F:C5:C9:EC:18:89:42:A3:98:3F:27:EA:78:76
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS210932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:570::/44

    Signature Algorithm: sha256WithRSAEncryption
         7d:86:7e:b7:76:1d:96:b7:d2:72:97:8c:62:6e:32:54:f8:27:
         d4:26:cc:a2:50:da:2d:99:8e:d9:3e:23:32:6e:29:96:ac:8a:
         5b:29:52:3a:98:17:86:87:54:1b:5b:72:91:de:34:3b:da:20:
         97:0c:a4:a1:88:d6:4d:d9:ef:a0:e1:1e:62:1c:c8:aa:8b:be:
         97:72:0a:a6:20:7b:15:ca:de:e1:84:4f:27:2d:f2:5d:4a:e8:
         2b:41:4f:25:66:ff:c6:10:24:79:f4:c8:35:7a:d2:8e:5b:06:
         97:0e:35:5a:93:02:28:e4:82:fc:f3:3e:bf:26:7c:35:e0:cf:
         d7:b4:ee:60:8e:46:3a:6a:59:23:3b:eb:81:75:4c:96:f3:0c:
         98:e3:c7:95:f4:ab:11:79:f6:da:b6:91:8d:f1:55:57:2e:e2:
         f6:df:54:51:86:ef:e6:f8:3f:15:64:36:57:1e:df:40:02:ac:
         b3:11:4e:1c:26:cd:d3:30:6f:7a:f9:16:f5:77:c8:07:0c:e2:
         b5:a0:2e:69:d1:6d:19:59:59:2a:14:9e:79:28:d9:26:4e:f7:
         ca:b9:1a:7e:af:11:2d:ea:dd:14:05:16:5e:46:7b:2f:ca:60:
         3b:63:f1:8b:94:32:71:4e:04:88:81:e7:21:b8:cc:c7:eb:76:
         29:98:d1:47
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUN4wcIaQRXFYIZ8qCJeVZRwl5uK8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTRaFw0yNzA2MDMxNTU4NTRaMDMxMTAvBgNV
BAMTKEFDRjE2ODREMTk3ODZGQzVDOUVDMTg4OTQyQTM5ODNGMjdFQTc4NzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmNWcR4GJIuKp8H8hAwtDxNXlr
ZYdw+xCs7JSYD/oMmmCBKJSihoS5D6MiMoUFZFDVBAFVBoAPi+LQSdbod3MchdBp
kU295n8hJFlPGya91i6yJ++KNQn2J4XKv2I3s6a699Llap9z3dKbDRWlq3o5zMjx
SiVa0WSTW46pOsjcGpyrh7T7NaO07LsrnnRQT8b0iLhMR8ZjVhsxPKr9+XZQkF2c
7pHD+gac+IWjTjd2Ud6HGF1S5cXLyNVhQV7KqdeyF/DhLlEfZ8n2ka5CaGWFfY7g
xg0dgtNBYkJ22IeFY5DT3rSr0GwGCFV7iGct7mYneQSE4TJcO/RGwgNQOr/HAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUrPFoTRl4b8XJ7BiJQqOYPyfqeHYwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjEwOTMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQVwMA0GCSqGSIb3DQEBCwUAA4IBAQB9hn63
dh2Wt9Jyl4xibjJU+CfUJsyiUNotmY7ZPiMybimWrIpbKVI6mBeGh1QbW3KR3jQ7
2iCXDKShiNZN2e+g4R5iHMiqi76XcgqmIHsVyt7hhE8nLfJdSugrQU8lZv/GECR5
9Mg1etKOWwaXDjVakwIo5IL88z6/Jnw14M/XtO5gjkY6alkjO+uBdUyW8wyY48eV
9KsRefbatpGN8VVXLuL231RRhu/m+D8VZDZXHt9AAqyzEU4cJs3TMG96+Rb1d8gH
DOK1oC5p0W0ZWVkqFJ55KNkmTvfKuRp+rxEt6t0UBRZeRnsvymA7Y/GLlDJxTgSI
gechuMzH63YpmNFH
-----END CERTIFICATE-----