Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212178.roa
File:                     AS212178.roa (raw, json)
Hash identifier:          R0F4BO9pIsCCPF35xSp7tFKze6cB5l9cVNt5qODz8wg=
Subject key identifier:   3E:38:18:43:CB:BE:C1:36:BE:86:8B:9C:C1:3F:F8:46:37:50:F0:41
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       036FD1A15A37844C0CF7F8655BAFFDC6FAB1DB4B
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212178.roa
Signing time:             Thu 03 Jul 2025 15:51:24 +0000
ROA not before:           Thu 03 Jul 2025 15:46:24 +0000
ROA not after:            Thu 02 Jul 2026 15:51:24 +0000
asID:                     212178
IP address blocks:        2a06:a005:1630::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:6f:d1:a1:5a:37:84:4c:0c:f7:f8:65:5b:af:fd:c6:fa:b1:db:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:24 2025 GMT
            Not After : Jul  2 15:51:24 2026 GMT
        Subject: CN=3E381843CBBEC136BE868B9CC13FF8463750F041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:8c:3e:20:94:70:d6:e8:8f:dc:73:f4:8b:f9:
                    52:c4:64:73:b8:5b:77:60:6e:b6:df:10:d2:14:de:
                    fd:ef:58:e2:11:b2:b0:28:4d:47:ab:59:e0:26:54:
                    f7:67:84:52:98:46:b7:ef:bd:90:55:ec:4c:1c:17:
                    ab:f1:94:5b:de:1f:a6:82:5d:17:63:4e:9b:c5:39:
                    f7:2e:59:24:5e:8f:f7:86:db:a5:d8:e1:19:16:b8:
                    06:8b:11:15:fa:39:ba:5d:2e:50:a8:7e:2d:fc:7e:
                    a8:61:3a:50:21:64:2d:57:86:b1:a8:03:11:a5:f8:
                    c0:36:ea:42:a3:88:b4:97:57:44:b7:3c:c3:42:97:
                    89:ae:b3:6e:03:43:e6:9e:2c:8e:68:2b:58:ec:85:
                    8f:14:e5:37:0a:f7:1e:a2:30:1a:41:bf:65:8a:86:
                    86:99:2f:1a:f0:da:d8:f4:48:66:0c:08:91:bb:23:
                    5d:e0:fc:c7:ce:49:31:07:83:92:65:12:35:d2:4f:
                    b0:1a:c3:e2:75:51:45:7a:ce:35:e8:d6:d6:40:e8:
                    3f:7e:a4:da:9a:da:ce:af:ca:d2:28:a7:62:14:aa:
                    98:8b:1b:71:ea:f8:0b:ad:22:db:82:39:01:8f:22:
                    f9:eb:e5:0d:e0:0b:96:14:c6:1d:33:c0:6c:03:ab:
                    b9:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:38:18:43:CB:BE:C1:36:BE:86:8B:9C:C1:3F:F8:46:37:50:F0:41
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212178.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1630::/44

    Signature Algorithm: sha256WithRSAEncryption
         0a:fd:89:b2:d3:d2:33:75:13:89:ab:87:71:02:e2:c2:da:a2:
         1d:7a:4f:d4:d5:f3:9a:5b:fb:40:31:45:48:6d:4f:5f:93:2e:
         90:34:36:54:e3:ca:5a:5b:d1:f2:95:90:5b:ed:56:aa:4f:18:
         b2:30:ee:c5:a3:9e:ef:1e:0e:4f:48:f6:e5:f0:4f:b5:1b:21:
         09:d1:83:fa:ba:12:0a:79:7a:ad:c4:75:6e:60:c3:7c:cb:3b:
         a9:f5:e4:d3:bc:5c:9a:f0:7a:00:ff:d3:aa:27:2f:b8:4f:38:
         05:dc:0f:9c:f0:90:0f:51:9c:c6:aa:94:61:78:65:2b:80:be:
         e5:cb:6b:8e:3f:81:9d:98:27:43:cd:28:d0:7f:48:0c:50:44:
         0f:90:1c:49:9a:6c:ba:1c:d0:65:b0:4c:db:0a:a2:c4:22:c4:
         9f:17:90:27:47:e4:0a:ab:b3:09:24:04:1a:f5:81:1b:78:b2:
         2c:3a:e5:bb:10:2c:65:9e:67:df:97:f6:ef:79:d1:c3:fd:33:
         8b:f6:58:d3:fb:ce:72:56:f4:75:5d:01:60:f3:b8:f1:1d:24:
         56:98:54:71:cf:1c:38:c1:04:bb:89:15:cb:22:55:7d:08:0e:
         6e:21:48:fc:cf:a1:93:85:f1:1d:d4:71:20:16:1f:ff:02:1f:
         08:4a:e6:78
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUA2/RoVo3hEwM9/hlW6/9xvqx20swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MjRaFw0yNjA3MDIxNTUxMjRaMDMxMTAvBgNV
BAMTKDNFMzgxODQzQ0JCRUMxMzZCRTg2OEI5Q0MxM0ZGODQ2Mzc1MEYwNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+jD4glHDW6I/cc/SL+VLEZHO4
W3dgbrbfENIU3v3vWOIRsrAoTUerWeAmVPdnhFKYRrfvvZBV7EwcF6vxlFveH6aC
XRdjTpvFOfcuWSRej/eG26XY4RkWuAaLERX6ObpdLlCofi38fqhhOlAhZC1XhrGo
AxGl+MA26kKjiLSXV0S3PMNCl4mus24DQ+aeLI5oK1jshY8U5TcK9x6iMBpBv2WK
hoaZLxrw2tj0SGYMCJG7I13g/MfOSTEHg5JlEjXST7Aaw+J1UUV6zjXo1tZA6D9+
pNqa2s6vytIop2IUqpiLG3Hq+AutItuCOQGPIvnr5Q3gC5YUxh0zwGwDq7kpAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUPjgYQ8u+wTa+houcwT/4RjdQ8EEwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjEyMTc4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRYwMA0GCSqGSIb3DQEBCwUAA4IBAQAK/Ymy
09IzdROJq4dxAuLC2qIdek/U1fOaW/tAMUVIbU9fky6QNDZU48paW9HylZBb7Vaq
TxiyMO7Fo57vHg5PSPbl8E+1GyEJ0YP6uhIKeXqtxHVuYMN8yzup9eTTvFya8HoA
/9OqJy+4TzgF3A+c8JAPUZzGqpRheGUrgL7ly2uOP4GdmCdDzSjQf0gMUEQPkBxJ
mmy6HNBlsEzbCqLEIsSfF5AnR+QKq7MJJAQa9YEbeLIsOuW7ECxlnmffl/bvedHD
/TOL9ljT+85yVvR1XQFg87jxHSRWmFRxzxw4wQS7iRXLIlV9CA5uIUj8z6GThfEd
1HEgFh//Ah8ISuZ4
-----END CERTIFICATE-----