Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS211562.roa
File:                     AS211562.roa (raw, json)
Hash identifier:          7tk0TgFub5jmKkKH10ydmRya74McK+838lR/0pt4FYM=
Subject key identifier:   FC:CE:20:C5:79:62:C8:1D:90:CD:60:C8:1F:F8:6F:6E:06:22:EF:54
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       475CF264624035562AB506428549F1983B6AA124
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS211562.roa
Signing time:             Thu 03 Jul 2025 15:52:03 +0000
ROA not before:           Thu 03 Jul 2025 15:47:03 +0000
ROA not after:            Thu 02 Jul 2026 15:52:03 +0000
asID:                     211562
IP address blocks:        2a06:a005:180b::/48 maxlen: 48
                          2a06:a005:187b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:5c:f2:64:62:40:35:56:2a:b5:06:42:85:49:f1:98:3b:6a:a1:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:03 2025 GMT
            Not After : Jul  2 15:52:03 2026 GMT
        Subject: CN=FCCE20C57962C81D90CD60C81FF86F6E0622EF54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:0a:f1:6d:5d:1f:c4:0f:bc:dc:d9:2f:f0:86:
                    9b:5e:0c:c6:12:51:08:e7:f0:54:91:6f:68:34:2e:
                    5b:51:15:37:8e:7e:54:9a:5f:6b:d0:34:f5:7b:4d:
                    ff:90:89:68:7a:24:b5:a7:a9:8b:b0:9d:e6:3e:19:
                    99:83:7d:dc:08:a5:7a:ed:3c:75:1d:b7:ab:d1:dd:
                    d3:ae:02:b0:7c:ef:e2:69:f3:35:a8:51:48:fa:79:
                    a9:65:b9:8e:63:84:2e:c8:ac:d0:3c:6d:ca:bf:74:
                    18:be:83:5c:f9:bd:30:1b:22:6f:33:5f:15:aa:96:
                    b3:e5:bd:34:02:86:76:18:a1:d4:1a:b1:a0:46:2b:
                    02:5d:f9:9b:44:05:71:dc:72:d4:39:d1:83:41:08:
                    68:24:e7:4c:f9:14:31:30:a7:fe:27:d4:13:d6:39:
                    2a:99:a6:1f:60:82:f0:47:9b:57:0c:c8:86:15:c5:
                    c4:2b:2f:ec:9e:31:19:5e:93:a4:79:03:6e:6b:66:
                    c2:ce:f1:81:55:cb:0a:49:34:cf:cb:0f:93:39:9c:
                    f8:bf:f1:f5:b7:fd:03:7d:8e:6a:b4:e5:4a:b1:93:
                    65:6a:e9:bd:a1:ea:94:40:e0:05:2a:e8:83:ce:fd:
                    e5:48:81:8c:98:46:ca:51:48:cf:29:19:bb:51:8f:
                    89:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:CE:20:C5:79:62:C8:1D:90:CD:60:C8:1F:F8:6F:6E:06:22:EF:54
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS211562.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:180b::/48
                  2a06:a005:187b::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:5f:9a:d6:7f:7f:4b:f7:77:70:15:2f:05:12:9f:93:b5:22:
         9a:b5:cb:75:22:6f:d1:0f:10:72:75:fa:c6:5a:85:e4:80:14:
         54:4b:1e:3e:2e:62:32:f2:28:64:32:cf:d9:72:7e:c7:2b:f1:
         01:ef:84:bf:20:b1:e5:1b:3b:9d:20:0d:8a:b1:0b:f0:fa:d0:
         a4:04:0d:c3:5c:b0:c5:6a:ba:b6:20:37:8e:f8:66:33:b9:f4:
         4b:2e:e8:42:80:41:e9:75:18:9b:d3:10:74:2a:6c:67:4d:c0:
         94:75:61:ed:f6:86:e6:7e:28:b0:37:85:6d:b0:0e:07:38:db:
         03:94:b9:66:28:dd:49:72:0f:5c:62:e5:ef:68:16:92:df:d8:
         44:17:8a:4e:21:ed:2a:63:c2:f1:06:c0:ff:3b:92:7a:00:b1:
         50:33:ef:a3:62:8a:1c:35:7a:6f:67:81:6b:31:27:03:4a:87:
         cb:70:c9:55:cb:1b:e2:f0:23:64:ce:e9:6d:32:81:c0:cb:fd:
         50:60:ba:0f:ce:d1:ce:e6:9e:9f:af:fe:5a:f1:6e:5e:28:42:
         6e:96:e5:c4:1d:7b:0e:76:ad:1f:4d:cc:85:0e:2e:11:ed:13:
         d5:f4:87:8f:a5:be:50:9a:18:67:7c:ee:86:3d:36:ff:d2:9e:
         48:1a:71:21
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUR1zyZGJANVYqtQZChUnxmDtqoSQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MDNaFw0yNjA3MDIxNTUyMDNaMDMxMTAvBgNV
BAMTKEZDQ0UyMEM1Nzk2MkM4MUQ5MENENjBDODFGRjg2RjZFMDYyMkVGNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUCvFtXR/ED7zc2S/whpteDMYS
UQjn8FSRb2g0LltRFTeOflSaX2vQNPV7Tf+QiWh6JLWnqYuwneY+GZmDfdwIpXrt
PHUdt6vR3dOuArB87+Jp8zWoUUj6ealluY5jhC7IrNA8bcq/dBi+g1z5vTAbIm8z
XxWqlrPlvTQChnYYodQasaBGKwJd+ZtEBXHcctQ50YNBCGgk50z5FDEwp/4n1BPW
OSqZph9ggvBHm1cMyIYVxcQrL+yeMRlek6R5A25rZsLO8YFVywpJNM/LD5M5nPi/
8fW3/QN9jmq05Uqxk2Vq6b2h6pRA4AUq6IPO/eVIgYyYRspRSM8pGbtRj4ldAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQU/M4gxXliyB2QzWDIH/hvbgYi71QwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjExNTYyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcAKgagBRgLAwcAKgagBRh7MA0GCSqGSIb3DQEBCwUA
A4IBAQCBX5rWf39L93dwFS8FEp+TtSKatct1Im/RDxBydfrGWoXkgBRUSx4+LmIy
8ihkMs/Zcn7HK/EB74S/ILHlGzudIA2KsQvw+tCkBA3DXLDFarq2IDeO+GYzufRL
LuhCgEHpdRib0xB0KmxnTcCUdWHt9obmfiiwN4VtsA4HONsDlLlmKN1Jcg9cYuXv
aBaS39hEF4pOIe0qY8LxBsD/O5J6ALFQM++jYoocNXpvZ4FrMScDSofLcMlVyxvi
8CNkzultMoHAy/1QYLoPztHO5p6fr/5a8W5eKEJuluXEHXsOdq0fTcyFDi4R7RPV
9IePpb5QmhhnfO6GPTb/0p5IGnEh
-----END CERTIFICATE-----