Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS211495.roa
File:                     AS211495.roa (raw, json)
Hash identifier:          u44SlpuIb8kglm8fzZuviZ9x2LE0nI91CjV9Ahzkp4w=
Subject key identifier:   5F:6D:9C:BD:D0:EA:47:0E:2B:66:67:6C:94:A4:CE:B6:D1:A9:FA:C4
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       728EF213E53911083CAF43A11BE4AD76F411B8EB
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS211495.roa
Signing time:             Thu 03 Jul 2025 15:52:11 +0000
ROA not before:           Thu 03 Jul 2025 15:47:11 +0000
ROA not after:            Thu 02 Jul 2026 15:52:11 +0000
asID:                     211495
IP address blocks:        2a06:a005:6b0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:8e:f2:13:e5:39:11:08:3c:af:43:a1:1b:e4:ad:76:f4:11:b8:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:11 2025 GMT
            Not After : Jul  2 15:52:11 2026 GMT
        Subject: CN=5F6D9CBDD0EA470E2B66676C94A4CEB6D1A9FAC4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:36:67:48:11:26:73:06:d9:42:72:8e:80:e4:
                    70:90:14:09:bc:04:d8:8e:9f:42:10:d1:77:77:37:
                    5e:84:aa:ad:e2:e3:3b:7a:37:6d:f6:00:80:f3:cb:
                    ca:80:86:e1:04:09:3b:a9:53:e1:b2:78:b5:c0:37:
                    7c:07:e6:49:b4:63:f5:30:fd:88:e2:90:78:02:96:
                    86:eb:4a:31:cd:61:ad:3c:ac:3b:03:20:8a:f0:d4:
                    e6:1a:d5:4b:84:9a:46:af:cf:82:14:0e:81:dc:02:
                    63:3b:b4:83:35:c1:04:4c:85:9b:4a:80:9b:24:4b:
                    bd:3b:5f:72:59:e7:80:98:38:a2:56:6c:b2:02:fc:
                    5f:af:06:75:8d:28:92:59:94:13:11:ac:c0:e8:39:
                    dc:36:08:16:38:7a:f8:14:4d:23:06:4c:e9:ae:97:
                    ee:80:75:3f:67:1b:84:09:e1:f1:b8:b0:50:4d:ef:
                    f1:65:a0:04:54:9d:8a:ac:14:38:d3:f5:f2:e4:90:
                    35:51:65:49:2a:ff:d2:fa:1e:4f:97:b0:01:b0:fb:
                    ea:8b:87:2a:ed:23:81:61:9b:84:b6:23:1a:da:a1:
                    89:d8:46:81:dd:9b:ec:2a:8f:7a:61:db:7f:23:a8:
                    66:89:01:5f:50:54:89:0d:81:52:cc:27:6d:1b:0f:
                    b8:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:6D:9C:BD:D0:EA:47:0E:2B:66:67:6C:94:A4:CE:B6:D1:A9:FA:C4
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS211495.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:6b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         3d:cf:2a:db:17:06:25:3b:bf:51:40:e7:84:be:c7:e2:be:4d:
         ff:aa:db:fb:30:9a:60:d5:05:c1:d6:7f:c5:58:df:0e:39:55:
         0d:28:fd:70:81:11:16:72:71:80:a3:d8:64:f3:37:76:6f:35:
         28:23:ec:5b:fd:68:e3:eb:cb:84:66:bb:ed:67:ac:18:c7:f8:
         1a:34:da:12:8f:b9:98:d7:0d:07:2d:3b:c1:2f:79:2b:90:99:
         49:f7:f3:b6:3e:97:a4:39:4e:f6:71:39:6d:6a:ed:fb:bb:f0:
         02:ee:85:60:a3:23:2d:e3:a5:64:d0:7a:89:8c:9f:34:13:0c:
         bb:e0:f0:05:85:a0:e7:89:e2:02:51:0a:34:2f:c1:81:5a:51:
         75:e9:be:2d:d6:12:6f:4f:a6:a7:c6:dc:d4:86:56:a8:39:37:
         29:bd:17:5b:16:15:28:2e:6f:da:f2:73:fb:0f:0b:c0:be:43:
         81:15:dd:20:7f:d1:18:e3:dd:53:d1:6f:87:5b:1e:24:4a:05:
         45:99:8d:b0:f3:8a:03:d1:1b:83:2c:08:b2:6b:a1:be:64:7f:
         4e:8a:ef:76:2c:4e:12:ed:57:59:48:38:f8:81:43:b5:4d:a5:
         cc:ea:2f:1d:3c:2c:66:c5:f0:64:42:f4:78:e9:3b:04:27:92:
         19:2d:2b:f3
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUco7yE+U5EQg8r0OhG+StdvQRuOswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MTFaFw0yNjA3MDIxNTUyMTFaMDMxMTAvBgNV
BAMTKDVGNkQ5Q0JERDBFQTQ3MEUyQjY2Njc2Qzk0QTRDRUI2RDFBOUZBQzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNmdIESZzBtlCco6A5HCQFAm8
BNiOn0IQ0Xd3N16Eqq3i4zt6N232AIDzy8qAhuEECTupU+GyeLXAN3wH5km0Y/Uw
/YjikHgClobrSjHNYa08rDsDIIrw1OYa1UuEmkavz4IUDoHcAmM7tIM1wQRMhZtK
gJskS707X3JZ54CYOKJWbLIC/F+vBnWNKJJZlBMRrMDoOdw2CBY4evgUTSMGTOmu
l+6AdT9nG4QJ4fG4sFBN7/FloARUnYqsFDjT9fLkkDVRZUkq/9L6Hk+XsAGw++qL
hyrtI4Fhm4S2IxraoYnYRoHdm+wqj3ph238jqGaJAV9QVIkNgVLMJ20bD7iLAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUX22cvdDqRw4rZmdslKTOttGp+sQwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjExNDk1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBQawMA0GCSqGSIb3DQEBCwUAA4IBAQA9zyrb
FwYlO79RQOeEvsfivk3/qtv7MJpg1QXB1n/FWN8OOVUNKP1wgREWcnGAo9hk8zd2
bzUoI+xb/Wjj68uEZrvtZ6wYx/gaNNoSj7mY1w0HLTvBL3krkJlJ9/O2PpekOU72
cTltau37u/AC7oVgoyMt46Vk0HqJjJ80Ewy74PAFhaDnieICUQo0L8GBWlF16b4t
1hJvT6anxtzUhlaoOTcpvRdbFhUoLm/a8nP7DwvAvkOBFd0gf9EY491T0W+HWx4k
SgVFmY2w84oD0RuDLAiya6G+ZH9Oiu92LE4S7VdZSDj4gUO1TaXM6i8dPCxmxfBk
QvR46TsEJ5IZLSvz
-----END CERTIFICATE-----