Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS211233.roa
File:                     AS211233.roa (raw, json)
Hash identifier:          jkjOoC9px19PP1+Gl5+OMZPFIPeOSp/73tp4lXipLcw=
Subject key identifier:   83:56:C6:D7:FB:D9:E2:40:80:32:5C:B5:DE:B1:47:26:F5:22:21:C8
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       1B98CC3E7E88FFA87612A8A0DD41996C65F95D78
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS211233.roa
Signing time:             Thu 03 Jul 2025 15:51:22 +0000
ROA not before:           Thu 03 Jul 2025 15:46:22 +0000
ROA not after:            Thu 02 Jul 2026 15:51:22 +0000
asID:                     211233
IP address blocks:        2a06:a005:19b0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:98:cc:3e:7e:88:ff:a8:76:12:a8:a0:dd:41:99:6c:65:f9:5d:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:22 2025 GMT
            Not After : Jul  2 15:51:22 2026 GMT
        Subject: CN=8356C6D7FBD9E24080325CB5DEB14726F52221C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c0:68:7c:b3:60:9f:6a:30:5f:33:01:97:a8:
                    af:4f:06:a7:67:2d:8d:9d:56:c9:1a:19:76:c6:cc:
                    67:96:0c:a2:71:21:aa:e8:2e:f6:62:29:43:93:7d:
                    65:a7:4c:1a:c8:c5:0f:79:c5:da:de:d3:66:09:7f:
                    8d:16:a0:50:95:f8:c2:83:0f:4f:1e:2f:8b:65:02:
                    16:c5:24:fc:1d:11:49:6a:e7:bc:45:3a:4f:02:11:
                    da:15:f2:ca:a9:78:cb:4e:8a:00:f0:fa:c0:92:03:
                    5e:d8:44:91:c4:74:44:30:37:c8:4e:3b:53:17:11:
                    e1:5b:fe:40:88:f9:55:ef:e1:37:ad:02:24:c3:b4:
                    25:8f:b7:f0:84:8a:d9:53:ef:19:20:a1:d7:2c:ec:
                    70:84:a4:c4:78:66:03:21:4d:eb:e4:d5:56:8f:f5:
                    53:92:b7:90:7b:b9:cf:ba:8c:f2:16:42:a0:cc:5e:
                    0b:94:a1:9e:6a:63:e2:4d:dc:0b:d1:5f:89:30:a4:
                    39:3a:44:5a:87:a7:05:e5:c1:07:2d:fa:3c:58:21:
                    f1:92:c4:11:00:28:7f:39:32:98:cd:b9:05:6d:c0:
                    c5:be:7b:82:e8:c8:09:3c:7c:d2:5c:ea:af:57:a5:
                    75:ef:a6:fd:df:d4:4a:2c:ce:49:fa:44:b7:45:60:
                    5a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:56:C6:D7:FB:D9:E2:40:80:32:5C:B5:DE:B1:47:26:F5:22:21:C8
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS211233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:19b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a1:cd:b2:44:13:bf:78:5c:eb:34:ad:58:32:fe:cf:f4:e5:6a:
         19:21:25:b5:5c:02:8a:ef:d4:3d:9e:76:b8:e1:85:d3:34:3c:
         d4:a4:e3:28:ba:70:4c:85:01:42:be:09:80:a4:90:48:19:2a:
         62:21:2d:8c:dd:86:28:86:09:6c:53:a3:43:16:63:4a:9c:a3:
         9c:0c:e5:75:1b:f9:81:c7:2e:5d:d5:d1:74:93:8a:29:d7:14:
         6c:59:77:b8:01:8a:3e:6e:f4:26:89:ff:56:21:f1:7d:f1:22:
         de:5c:4b:b9:62:fe:4c:a3:7f:61:50:1c:1d:7c:ad:e5:11:ab:
         bc:a5:ce:da:b8:de:f2:eb:c1:04:29:e2:7f:b4:c3:26:30:2e:
         94:99:7c:98:8d:6e:1f:f7:c5:29:0e:3e:5a:b8:a9:eb:d3:70:
         ef:96:d1:a6:b8:a3:f9:4d:a3:23:46:be:34:2e:95:67:36:ce:
         e0:d6:38:ff:25:ac:76:1f:bf:59:d3:cb:8c:15:80:69:e4:0d:
         82:f0:f1:3c:58:94:d4:b2:fe:93:e6:78:9e:fb:9f:38:52:8b:
         3d:63:60:d0:ca:2c:82:ed:1e:fb:6c:ef:e5:ed:f0:7a:ef:03:
         ba:5d:16:76:cc:f3:07:2e:ea:3e:a7:4d:e1:bb:d7:ce:98:99:
         ce:52:b6:ed
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUG5jMPn6I/6h2Eqig3UGZbGX5XXgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MjJaFw0yNjA3MDIxNTUxMjJaMDMxMTAvBgNV
BAMTKDgzNTZDNkQ3RkJEOUUyNDA4MDMyNUNCNURFQjE0NzI2RjUyMjIxQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIwGh8s2CfajBfMwGXqK9PBqdn
LY2dVskaGXbGzGeWDKJxIaroLvZiKUOTfWWnTBrIxQ95xdre02YJf40WoFCV+MKD
D08eL4tlAhbFJPwdEUlq57xFOk8CEdoV8sqpeMtOigDw+sCSA17YRJHEdEQwN8hO
O1MXEeFb/kCI+VXv4TetAiTDtCWPt/CEitlT7xkgodcs7HCEpMR4ZgMhTevk1VaP
9VOSt5B7uc+6jPIWQqDMXguUoZ5qY+JN3AvRX4kwpDk6RFqHpwXlwQct+jxYIfGS
xBEAKH85MpjNuQVtwMW+e4LoyAk8fNJc6q9XpXXvpv3f1Eoszkn6RLdFYFr3AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUg1bG1/vZ4kCAMly13rFHJvUiIcgwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjExMjMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRmwMA0GCSqGSIb3DQEBCwUAA4IBAQChzbJE
E794XOs0rVgy/s/05WoZISW1XAKK79Q9nna44YXTNDzUpOMounBMhQFCvgmApJBI
GSpiIS2M3YYohglsU6NDFmNKnKOcDOV1G/mBxy5d1dF0k4op1xRsWXe4AYo+bvQm
if9WIfF98SLeXEu5Yv5Mo39hUBwdfK3lEau8pc7auN7y68EEKeJ/tMMmMC6UmXyY
jW4f98UpDj5auKnr03DvltGmuKP5TaMjRr40LpVnNs7g1jj/Jax2H79Z08uMFYBp
5A2C8PE8WJTUsv6T5nie+584Uos9Y2DQyiyC7R77bO/l7fB67wO6XRZ2zPMHLuo+
p03hu9fOmJnOUrbt
-----END CERTIFICATE-----