Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212001.roa
File:                     AS212001.roa (raw, json)
Hash identifier:          Mix9YWrpqfZU02SOnquoJGWFXTpc3Pt4f6IaOH6ciis=
Subject key identifier:   C8:52:60:2D:D3:8E:23:AE:C1:82:FF:51:32:D3:AA:9C:E2:F2:C8:03
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       0DAA731939FB59D388F4EE9936336CBF182BE40B
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212001.roa
Signing time:             Thu 04 Jun 2026 15:58:49 +0000
ROA not before:           Thu 04 Jun 2026 15:53:49 +0000
ROA not after:            Thu 03 Jun 2027 15:58:49 +0000
asID:                     212001
IP address blocks:        2a06:9f44:d000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:aa:73:19:39:fb:59:d3:88:f4:ee:99:36:33:6c:bf:18:2b:e4:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:49 2026 GMT
            Not After : Jun  3 15:58:49 2027 GMT
        Subject: CN=C852602DD38E23AEC182FF5132D3AA9CE2F2C803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c2:1d:bc:b4:c2:22:48:53:55:3d:b0:9d:f7:
                    f7:e2:31:ff:fb:ff:b8:0e:3b:94:38:0c:10:e0:f6:
                    ae:23:1c:8c:9c:1d:f5:7e:ff:b7:00:91:5d:bf:cd:
                    16:20:0e:c6:5b:6f:82:14:b4:07:27:1e:2b:85:bd:
                    1b:05:b7:a1:6f:5a:2c:e2:16:4a:ec:1c:56:71:b5:
                    eb:65:ce:ac:e1:5c:a7:3a:82:3c:61:8a:9f:74:35:
                    e8:c4:7b:6a:28:48:b8:47:d8:e1:9c:60:b1:71:c0:
                    f7:65:83:b4:26:ff:1a:ab:66:0b:25:a6:f4:bc:8c:
                    49:72:59:5c:56:bf:84:20:91:cf:dc:35:8b:ac:89:
                    a9:f8:f7:6a:fe:58:24:9d:9c:7f:9a:86:89:c9:2c:
                    eb:a0:8c:0a:84:a1:c3:fd:e3:8e:2b:18:e7:04:04:
                    0e:d7:9e:18:a8:46:02:26:11:d5:70:fc:9c:85:3d:
                    f6:de:67:8a:84:ad:3c:36:2c:fa:6e:20:5a:33:91:
                    0b:3f:bb:bc:88:1a:d6:7c:6c:d5:ff:c2:a3:60:dd:
                    55:c4:bb:91:0a:b7:1e:1b:9b:6a:10:57:18:5c:4a:
                    4e:69:9d:b1:c0:55:79:44:11:34:68:8e:51:16:7a:
                    f3:c6:57:60:b0:ee:69:e9:bf:1a:1a:5a:c3:0b:73:
                    15:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:52:60:2D:D3:8E:23:AE:C1:82:FF:51:32:D3:AA:9C:E2:F2:C8:03
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212001.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9f44:d000::/36

    Signature Algorithm: sha256WithRSAEncryption
         22:c0:56:25:a4:8a:14:66:76:9a:40:2a:9f:79:35:d6:65:e3:
         8a:bb:6b:a5:3d:22:8b:01:35:d8:cc:ee:c9:b5:a0:cb:aa:7b:
         f0:11:86:19:1f:c8:e3:f5:78:01:94:85:8c:83:b5:e2:05:a2:
         c0:fd:af:b5:3c:2d:de:51:d7:b1:d7:b2:a3:9c:04:aa:6b:1d:
         2d:d8:5b:87:6a:88:03:c1:90:90:7e:5a:2a:7d:4b:3e:0d:12:
         a6:1d:60:c5:d8:9e:49:f4:02:d8:64:d1:16:4e:1b:dc:24:81:
         59:4e:58:1c:35:ba:15:08:6f:e1:04:ca:6d:e6:98:7f:88:9c:
         c5:27:1a:2b:a8:37:ab:7f:ed:a7:b3:87:d5:6d:ac:29:ea:f8:
         59:cd:fa:f9:11:82:74:02:fe:84:a3:3c:61:af:9a:68:3d:3b:
         25:57:29:1c:b7:f9:98:df:53:e3:bf:2b:86:95:7b:10:e5:d2:
         0d:2b:e6:12:e9:22:5f:50:11:df:7e:d3:93:70:13:19:ae:12:
         96:70:0e:5c:37:2e:b4:c0:97:f2:5c:69:cf:0e:3b:d0:df:64:
         c2:f1:9a:a9:d2:d2:9c:c1:c1:55:8b:1f:fb:c5:d3:29:b5:2b:
         1f:cf:78:ee:92:a5:c3:90:1b:e2:b5:57:c7:36:ff:71:bb:61:
         b2:a9:08:d6
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUDapzGTn7WdOI9O6ZNjNsvxgr5AswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDlaFw0yNzA2MDMxNTU4NDlaMDMxMTAvBgNV
BAMTKEM4NTI2MDJERDM4RTIzQUVDMTgyRkY1MTMyRDNBQTlDRTJGMkM4MDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHwh28tMIiSFNVPbCd9/fiMf/7
/7gOO5Q4DBDg9q4jHIycHfV+/7cAkV2/zRYgDsZbb4IUtAcnHiuFvRsFt6FvWizi
FkrsHFZxtetlzqzhXKc6gjxhip90NejEe2ooSLhH2OGcYLFxwPdlg7Qm/xqrZgsl
pvS8jElyWVxWv4Qgkc/cNYusian492r+WCSdnH+ahonJLOugjAqEocP9444rGOcE
BA7XnhioRgImEdVw/JyFPfbeZ4qErTw2LPpuIFozkQs/u7yIGtZ8bNX/wqNg3VXE
u5EKtx4bm2oQVxhcSk5pnbHAVXlEETRojlEWevPGV2Cw7mnpvxoaWsMLcxUbAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUyFJgLdOOI67Bgv9RMtOqnOLyyAMwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjEyMDAxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEH
AQH/BBIwEDAOBAIAAjAIAwYEKgafRNAwDQYJKoZIhvcNAQELBQADggEBACLAViWk
ihRmdppAKp95NdZl44q7a6U9IosBNdjM7sm1oMuqe/ARhhkfyOP1eAGUhYyDteIF
osD9r7U8Ld5R17HXsqOcBKprHS3YW4dqiAPBkJB+Wip9Sz4NEqYdYMXYnkn0Athk
0RZOG9wkgVlOWBw1uhUIb+EEym3mmH+InMUnGiuoN6t/7aezh9VtrCnq+FnN+vkR
gnQC/oSjPGGvmmg9OyVXKRy3+ZjfU+O/K4aVexDl0g0r5hLpIl9QEd9+05NwExmu
EpZwDlw3LrTAl/Jcac8OO9DfZMLxmqnS0pzBwVWLH/vF0ym1Kx/PeO6SpcOQG+K1
V8c2/3G7YbKpCNY=
-----END CERTIFICATE-----