Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212173.roa
File:                     AS212173.roa (raw, json)
Hash identifier:          1lkS0XyTXYOJDGlknM3jOjRQUPFz2JRvRlSIx7yXSvw=
Subject key identifier:   C1:4E:31:47:6D:60:1A:D5:20:1E:E5:7C:A3:06:BD:2C:C8:6E:5E:39
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       5B928C9D46945B03A5806D73F703256166273094
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212173.roa
Signing time:             Thu 03 Jul 2025 15:52:41 +0000
ROA not before:           Thu 03 Jul 2025 15:47:41 +0000
ROA not after:            Thu 02 Jul 2026 15:52:41 +0000
asID:                     212173
IP address blocks:        2a06:a005:24d0::/44 maxlen: 48
                          2a06:a005:2550::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:92:8c:9d:46:94:5b:03:a5:80:6d:73:f7:03:25:61:66:27:30:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:41 2025 GMT
            Not After : Jul  2 15:52:41 2026 GMT
        Subject: CN=C14E31476D601AD5201EE57CA306BD2CC86E5E39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:32:b5:25:b1:72:68:2d:1f:b7:5e:d4:4b:43:
                    99:73:3e:b2:a6:fd:e3:b0:f3:02:9a:1b:5d:41:fe:
                    f8:ff:da:ca:ab:30:8c:84:1c:31:8b:70:84:16:c0:
                    5f:92:f9:30:86:a7:bd:dc:fa:f0:52:e9:58:59:09:
                    e3:06:fa:c3:ed:9c:78:e3:ff:50:06:80:00:39:3f:
                    0c:77:ed:9f:25:40:17:a4:57:7a:68:30:26:d4:7c:
                    a8:58:d2:91:42:fb:bb:cc:24:45:63:49:a5:87:4c:
                    f6:a4:88:84:fb:cc:ec:91:62:91:b3:10:57:c7:38:
                    e0:30:94:8f:74:51:de:0b:16:7c:60:e8:1c:19:95:
                    8e:fe:a4:3f:af:37:84:63:ec:1e:2b:e3:09:23:75:
                    82:c0:91:46:77:c8:63:1b:eb:37:85:05:5b:20:2b:
                    50:6a:5a:17:e2:7b:90:bb:1b:76:68:f8:f6:25:9e:
                    ec:31:09:90:19:66:8d:d1:7a:1c:53:72:e6:4b:67:
                    d2:1e:5e:10:99:e1:0d:d2:e2:1f:c7:cb:54:d0:f6:
                    76:2f:2d:4b:d0:c3:ae:01:95:f4:f1:75:95:80:36:
                    b7:fa:26:a9:0f:c5:a3:f1:87:97:6e:6e:72:fb:e2:
                    b8:3a:24:47:02:7a:4c:f1:ec:c4:d6:6b:80:ab:17:
                    5d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:4E:31:47:6D:60:1A:D5:20:1E:E5:7C:A3:06:BD:2C:C8:6E:5E:39
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212173.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:24d0::/44
                  2a06:a005:2550::/44

    Signature Algorithm: sha256WithRSAEncryption
         6d:a5:7f:c8:db:b7:8f:51:0c:a8:71:39:81:bb:b1:02:e1:d7:
         72:fc:99:1f:72:d7:09:b9:9c:e4:0f:ab:14:48:ce:7c:bf:27:
         4f:6e:fd:45:7c:de:ad:98:ef:7c:d0:29:1a:6a:58:74:1c:8a:
         f7:62:c6:29:31:bf:9e:13:d9:51:d5:ea:bb:71:37:98:fd:a8:
         1a:55:45:04:fb:34:1a:a9:9d:10:bf:35:0e:1b:3e:9e:d7:e4:
         38:0b:00:66:e6:72:dd:fe:32:89:86:28:f3:a8:fb:cf:99:45:
         ad:5a:eb:dc:02:11:d0:82:e0:e9:f4:52:66:90:bc:23:ad:5a:
         30:6e:d1:23:89:da:04:4d:55:fd:98:47:f9:20:6e:c0:bd:3e:
         3c:40:44:74:4e:22:2e:de:82:b7:d7:37:0f:69:51:ec:30:98:
         0b:70:05:94:a5:cc:a6:a4:48:b9:46:47:8c:e9:25:31:79:43:
         bd:58:54:ac:53:d3:9f:95:c6:47:0a:15:3b:e3:61:5a:fb:51:
         e9:4e:38:ed:fe:06:64:48:4a:d7:b7:c6:09:f7:8b:73:2b:7e:
         be:d7:9e:ac:16:1b:24:c6:8f:6f:83:ca:1f:a5:35:a3:1f:98:
         6d:84:da:45:c0:dc:37:5a:f9:50:73:a9:13:1d:b1:34:bf:32:
         27:ee:40:34
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUW5KMnUaUWwOlgG1z9wMlYWYnMJQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3NDFaFw0yNjA3MDIxNTUyNDFaMDMxMTAvBgNV
BAMTKEMxNEUzMTQ3NkQ2MDFBRDUyMDFFRTU3Q0EzMDZCRDJDQzg2RTVFMzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXMrUlsXJoLR+3XtRLQ5lzPrKm
/eOw8wKaG11B/vj/2sqrMIyEHDGLcIQWwF+S+TCGp73c+vBS6VhZCeMG+sPtnHjj
/1AGgAA5Pwx37Z8lQBekV3poMCbUfKhY0pFC+7vMJEVjSaWHTPakiIT7zOyRYpGz
EFfHOOAwlI90Ud4LFnxg6BwZlY7+pD+vN4Rj7B4r4wkjdYLAkUZ3yGMb6zeFBVsg
K1BqWhfie5C7G3Zo+PYlnuwxCZAZZo3RehxTcuZLZ9IeXhCZ4Q3S4h/Hy1TQ9nYv
LUvQw64BlfTxdZWANrf6JqkPxaPxh5dubnL74rg6JEcCekzx7MTWa4CrF10XAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUwU4xR21gGtUgHuV8owa9LMhuXjkwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjEyMTczLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcEKgagBSTQAwcEKgagBSVQMA0GCSqGSIb3DQEBCwUA
A4IBAQBtpX/I27ePUQyocTmBu7EC4ddy/JkfctcJuZzkD6sUSM58vydPbv1FfN6t
mO980Ckaalh0HIr3YsYpMb+eE9lR1eq7cTeY/agaVUUE+zQaqZ0QvzUOGz6e1+Q4
CwBm5nLd/jKJhijzqPvPmUWtWuvcAhHQguDp9FJmkLwjrVowbtEjidoETVX9mEf5
IG7AvT48QER0TiIu3oK31zcPaVHsMJgLcAWUpcympEi5RkeM6SUxeUO9WFSsU9Of
lcZHChU742Fa+1HpTjjt/gZkSErXt8YJ94tzK36+156sFhskxo9vg8ofpTWjH5ht
hNpFwNw3WvlQc6kTHbE0vzIn7kA0
-----END CERTIFICATE-----