Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212995.roa
File:                     AS212995.roa (raw, json)
Hash identifier:          qC+4PN1QoH0FF800V6HqWz0GPa+9v+mwqBNhxQ9nj7Y=
Subject key identifier:   0A:33:A9:82:1F:B2:7C:B1:DC:67:9A:5F:5F:36:84:05:D1:DF:1F:79
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       2C1FC5AD91333CC8050741624E58681FCC4CA91A
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212995.roa
Signing time:             Thu 03 Jul 2025 15:52:09 +0000
ROA not before:           Thu 03 Jul 2025 15:47:09 +0000
ROA not after:            Thu 02 Jul 2026 15:52:09 +0000
asID:                     212995
IP address blocks:        2a06:a005:4a0::/44 maxlen: 48
                          2a06:a005:cd0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:1f:c5:ad:91:33:3c:c8:05:07:41:62:4e:58:68:1f:cc:4c:a9:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:09 2025 GMT
            Not After : Jul  2 15:52:09 2026 GMT
        Subject: CN=0A33A9821FB27CB1DC679A5F5F368405D1DF1F79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:99:aa:5b:df:f6:ed:b2:c0:ce:87:e7:52:fa:
                    cc:fb:75:a6:01:dc:f6:1f:a0:ee:19:1d:d4:32:fe:
                    04:ac:70:02:a8:58:63:27:1a:a5:b4:10:11:52:ac:
                    ae:d5:c8:59:69:a7:45:7b:e9:4a:39:6d:14:96:58:
                    4f:9c:0a:fa:c0:96:d3:89:f1:76:c5:ee:db:8e:0e:
                    8b:f1:1e:57:b7:66:f9:9d:0d:99:19:de:e1:a8:51:
                    5f:70:ae:41:87:0b:bb:f6:74:9d:bb:b1:37:68:e5:
                    cf:32:fa:ba:f9:02:3e:b4:4c:d9:2f:c8:1f:90:1a:
                    25:e5:4d:1d:e3:b2:f9:b3:c0:f0:a8:d3:09:0c:f6:
                    d4:f6:81:30:96:de:93:50:9e:1e:86:e3:c0:3e:8c:
                    b5:56:8e:00:87:82:be:27:14:d5:22:aa:f5:c6:fb:
                    58:4a:4a:01:13:6d:94:1d:57:e6:e7:b0:4d:78:ec:
                    5e:da:ed:b5:a2:e3:90:c7:53:6f:e8:83:f8:47:d4:
                    a1:91:df:9c:3e:39:f1:81:a4:c7:9f:0a:e2:21:86:
                    d9:f4:a1:0f:25:3f:18:4a:36:f2:82:0f:7a:d6:78:
                    81:5c:32:93:61:61:2f:f8:bd:c0:68:07:5b:e3:cc:
                    2c:e0:3e:44:66:8e:c6:42:1d:fb:01:03:dc:f2:a7:
                    51:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:33:A9:82:1F:B2:7C:B1:DC:67:9A:5F:5F:36:84:05:D1:DF:1F:79
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS212995.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:4a0::/44
                  2a06:a005:cd0::/44

    Signature Algorithm: sha256WithRSAEncryption
         c4:84:b1:69:fb:cd:e0:55:a0:36:a0:e8:33:e1:5d:b6:f2:08:
         f8:dc:bd:3c:c1:0e:9e:56:b2:2e:77:a3:ba:a4:7b:4e:e7:3f:
         2d:7c:20:c9:d0:d9:b2:1b:cb:0b:e5:f9:50:f9:85:d3:3b:de:
         65:98:15:8b:d3:e0:df:32:f8:76:3e:eb:4d:7c:5d:ae:90:cd:
         99:77:20:92:c0:f7:2f:8b:90:fa:f3:26:0b:0c:c9:ba:27:e0:
         ce:ae:6d:14:9f:5e:3c:e0:5c:58:86:df:1f:19:67:ac:8b:42:
         a7:5b:76:da:cb:5d:db:23:3c:5a:c3:47:62:fc:f0:a7:8c:4c:
         56:a6:e2:da:f8:e2:cd:e1:ac:fb:3f:42:70:cb:76:76:54:2a:
         47:cb:17:d8:86:28:4f:93:cb:19:39:c4:18:ed:eb:5a:20:4b:
         1f:23:6f:8f:2a:72:b6:2a:64:87:aa:32:b1:ca:c3:a8:d5:f7:
         e7:f8:d8:89:51:54:6f:aa:d5:c1:35:5b:20:5b:c8:fd:a5:1f:
         3d:5d:ab:9e:9c:e1:28:fb:d1:87:5e:46:11:23:40:3d:16:c6:
         8b:75:38:8c:cc:38:66:3f:fc:49:59:fa:08:94:4b:db:29:67:
         16:80:07:f3:42:de:4c:00:29:3e:06:0e:73:43:06:e4:e8:ce:
         62:70:a8:49
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIULB/FrZEzPMgFB0FiTlhoH8xMqRowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MDlaFw0yNjA3MDIxNTUyMDlaMDMxMTAvBgNV
BAMTKDBBMzNBOTgyMUZCMjdDQjFEQzY3OUE1RjVGMzY4NDA1RDFERjFGNzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXmapb3/btssDOh+dS+sz7daYB
3PYfoO4ZHdQy/gSscAKoWGMnGqW0EBFSrK7VyFlpp0V76Uo5bRSWWE+cCvrAltOJ
8XbF7tuODovxHle3ZvmdDZkZ3uGoUV9wrkGHC7v2dJ27sTdo5c8y+rr5Aj60TNkv
yB+QGiXlTR3jsvmzwPCo0wkM9tT2gTCW3pNQnh6G48A+jLVWjgCHgr4nFNUiqvXG
+1hKSgETbZQdV+bnsE147F7a7bWi45DHU2/og/hH1KGR35w+OfGBpMefCuIhhtn0
oQ8lPxhKNvKCD3rWeIFcMpNhYS/4vcBoB1vjzCzgPkRmjsZCHfsBA9zyp1FBAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUCjOpgh+yfLHcZ5pfXzaEBdHfH3kwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjEyOTk1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAAjASAwcEKgagBQSgAwcEKgagBQzQMA0GCSqGSIb3DQEBCwUA
A4IBAQDEhLFp+83gVaA2oOgz4V228gj43L08wQ6eVrIud6O6pHtO5z8tfCDJ0Nmy
G8sL5flQ+YXTO95lmBWL0+DfMvh2PutNfF2ukM2ZdyCSwPcvi5D68yYLDMm6J+DO
rm0Un1484FxYht8fGWesi0KnW3bay13bIzxaw0di/PCnjExWpuLa+OLN4az7P0Jw
y3Z2VCpHyxfYhihPk8sZOcQY7etaIEsfI2+PKnK2KmSHqjKxysOo1ffn+NiJUVRv
qtXBNVsgW8j9pR89XauenOEo+9GHXkYRI0A9FsaLdTiMzDhmP/xJWfoIlEvbKWcW
gAfzQt5MACk+Bg5zQwbk6M5icKhJ
-----END CERTIFICATE-----