Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212196.roa
File:                     AS212196.roa (raw, json)
Hash identifier:          /G7hs/ylOnTeA/u3yIAq7XMyaK67PwxHiRCkLkbyia8=
Subject key identifier:   BC:AC:8A:ED:A1:4D:59:DE:BA:08:89:B2:10:03:7D:DC:C9:23:49:98
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       78C9FC8DDC5D0A0920B8E448B822D27AD78BCF13
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212196.roa
Signing time:             Thu 03 Jul 2025 15:51:30 +0000
ROA not before:           Thu 03 Jul 2025 15:46:30 +0000
ROA not after:            Thu 02 Jul 2026 15:51:30 +0000
asID:                     212196
IP address blocks:        2a06:a005:2c10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:c9:fc:8d:dc:5d:0a:09:20:b8:e4:48:b8:22:d2:7a:d7:8b:cf:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:30 2025 GMT
            Not After : Jul  2 15:51:30 2026 GMT
        Subject: CN=BCAC8AEDA14D59DEBA0889B210037DDCC9234998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:02:ca:8d:4c:25:3e:5d:88:9a:20:65:6e:d9:
                    09:22:99:76:4b:2d:23:21:13:1d:38:d7:e0:ae:d9:
                    92:8c:a4:fa:30:95:b0:f8:7c:41:b9:2d:07:43:cf:
                    f7:d8:d2:06:94:9b:0d:ed:a5:fd:7c:51:cc:53:1b:
                    d1:46:bd:82:cf:0b:c0:31:8a:c5:33:ab:df:04:a4:
                    21:30:2b:da:d6:01:c2:ba:5b:b8:02:db:be:79:bc:
                    bd:1b:b6:b6:71:17:36:fb:b4:e4:02:eb:e8:6f:46:
                    88:e1:ee:ad:46:07:24:1e:3b:96:0a:ff:b5:e7:13:
                    b9:9c:3e:f4:1c:16:8c:bf:0b:75:e1:47:8e:36:b7:
                    3e:9d:19:2e:db:e4:a2:db:d6:a2:d4:ae:21:50:39:
                    7e:ac:5c:bc:01:6c:48:fa:2c:91:e2:34:34:a3:78:
                    d0:27:46:e6:50:e8:13:85:c4:8b:af:f5:31:47:66:
                    d7:c0:ff:29:17:7d:94:00:39:02:68:7c:28:c7:e3:
                    c3:d2:72:9d:27:a6:ce:a3:0b:8c:3d:5f:b8:cf:5b:
                    f5:83:64:16:05:26:a4:db:61:9b:ef:2e:76:35:73:
                    ee:64:49:c9:52:5e:51:27:34:02:cf:e8:a8:2d:09:
                    5d:a3:71:6f:ae:f9:ae:9c:b5:5b:06:38:a4:56:3f:
                    c2:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:AC:8A:ED:A1:4D:59:DE:BA:08:89:B2:10:03:7D:DC:C9:23:49:98
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212196.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2c10::/44

    Signature Algorithm: sha256WithRSAEncryption
         11:a0:b9:8d:f4:99:f5:81:8b:e0:72:5f:1b:2a:d7:be:51:fb:
         81:02:ea:80:e5:6c:53:d6:ad:73:70:25:6b:03:05:73:d6:e2:
         89:12:58:45:93:f1:7c:01:c3:3c:0a:90:36:e9:6f:c9:2c:13:
         0b:bb:64:3a:57:1e:22:12:3f:06:0d:c7:ae:33:34:70:a2:da:
         bb:45:7b:84:10:7b:ff:04:eb:1c:a6:99:b1:85:c9:2e:fb:88:
         32:1a:72:39:71:4c:17:8f:cd:67:9e:0f:91:3e:ef:8a:54:24:
         52:b0:ee:06:04:c8:a8:64:78:f0:95:c9:30:8a:46:57:bf:27:
         46:ec:e8:76:0f:f6:cd:3a:8e:73:4d:b7:ed:0a:c5:47:62:d8:
         3e:8d:11:ed:68:91:99:3d:20:a1:b4:79:6e:f1:02:39:7d:90:
         3d:d5:d5:36:96:9e:b3:48:22:bc:ac:23:6c:23:7e:fe:49:06:
         a5:e9:d4:6b:14:f5:29:ef:93:1b:80:b7:d7:26:21:58:40:42:
         85:3d:e0:70:16:4e:5c:50:21:aa:0a:c6:60:a2:ec:54:ac:7a:
         52:56:38:ad:36:39:0c:81:07:ae:30:e8:0d:85:9d:bd:7c:42:
         4b:36:4d:bc:c3:8e:a1:d2:a2:6e:3e:7e:f1:a6:d6:21:30:b6:
         44:5d:69:f6
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUeMn8jdxdCgkguORIuCLSeteLzxMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MzBaFw0yNjA3MDIxNTUxMzBaMDMxMTAvBgNV
BAMTKEJDQUM4QUVEQTE0RDU5REVCQTA4ODlCMjEwMDM3RERDQzkyMzQ5OTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4AsqNTCU+XYiaIGVu2QkimXZL
LSMhEx041+Cu2ZKMpPowlbD4fEG5LQdDz/fY0gaUmw3tpf18UcxTG9FGvYLPC8Ax
isUzq98EpCEwK9rWAcK6W7gC2755vL0btrZxFzb7tOQC6+hvRojh7q1GByQeO5YK
/7XnE7mcPvQcFoy/C3XhR442tz6dGS7b5KLb1qLUriFQOX6sXLwBbEj6LJHiNDSj
eNAnRuZQ6BOFxIuv9TFHZtfA/ykXfZQAOQJofCjH48PScp0nps6jC4w9X7jPW/WD
ZBYFJqTbYZvvLnY1c+5kSclSXlEnNALP6KgtCV2jcW+u+a6ctVsGOKRWP8KfAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUvKyK7aFNWd66CImyEAN93MkjSZgwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjEyMTk2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBSwQMA0GCSqGSIb3DQEBCwUAA4IBAQARoLmN
9Jn1gYvgcl8bKte+UfuBAuqA5WxT1q1zcCVrAwVz1uKJElhFk/F8AcM8CpA26W/J
LBMLu2Q6Vx4iEj8GDceuMzRwotq7RXuEEHv/BOscppmxhcku+4gyGnI5cUwXj81n
ng+RPu+KVCRSsO4GBMioZHjwlckwikZXvydG7Oh2D/bNOo5zTbftCsVHYtg+jRHt
aJGZPSChtHlu8QI5fZA91dU2lp6zSCK8rCNsI37+SQal6dRrFPUp75MbgLfXJiFY
QEKFPeBwFk5cUCGqCsZgouxUrHpSVjitNjkMgQeuMOgNhZ29fEJLNk28w46h0qJu
Pn7xptYhMLZEXWn2
-----END CERTIFICATE-----