Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS213286.roa
File:                     AS213286.roa (raw, json)
Hash identifier:          +Hiu8FL94BPtpqxQlmlLjNYK+lij9stG6Asa82NkUrE=
Subject key identifier:   D6:4E:E0:0E:5F:5F:A6:DF:67:47:2C:70:97:EE:7B:B0:96:C9:C8:20
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       27BC492CA83B0D7CB7FE1CB944731D030876A482
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS213286.roa
Signing time:             Thu 03 Jul 2025 15:52:04 +0000
ROA not before:           Thu 03 Jul 2025 15:47:04 +0000
ROA not after:            Thu 02 Jul 2026 15:52:04 +0000
asID:                     213286
IP address blocks:        2a06:a005:17::/48 maxlen: 48
                          2a06:a005:1e::/48 maxlen: 48
                          2a06:a005:852::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:bc:49:2c:a8:3b:0d:7c:b7:fe:1c:b9:44:73:1d:03:08:76:a4:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:04 2025 GMT
            Not After : Jul  2 15:52:04 2026 GMT
        Subject: CN=D64EE00E5F5FA6DF67472C7097EE7BB096C9C820
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3e:25:50:92:8f:b7:4e:d4:60:3d:91:4e:70:
                    ad:8b:86:48:49:ad:20:83:cf:16:a6:e6:2e:35:a2:
                    d5:9c:01:83:a0:2f:c9:b1:ba:1d:85:7a:05:72:b4:
                    1b:fd:f3:99:c5:ea:76:ec:5e:fd:46:d8:60:63:fb:
                    e6:63:e1:2c:74:70:d2:fe:21:6a:60:58:d9:fe:28:
                    29:cc:f7:1f:c3:0b:16:fc:f5:28:65:df:d4:05:6f:
                    33:25:2f:07:11:3d:7c:50:0d:9b:12:05:ed:d3:5e:
                    df:63:36:e5:f4:60:7c:3e:6e:c5:99:96:f3:55:89:
                    5e:14:34:3a:c0:79:15:50:cb:c7:1c:f7:9d:03:57:
                    ac:07:e3:98:40:01:b0:bd:7f:8c:18:c6:0b:68:cb:
                    93:7c:98:87:9a:9f:cc:73:86:07:79:43:62:95:3b:
                    f1:b8:47:80:aa:01:5e:e0:dc:b1:fd:08:0b:e7:b7:
                    51:7b:1f:96:eb:23:6f:09:c8:bb:e5:b7:0c:d4:41:
                    96:3b:10:68:0e:46:a7:94:76:66:b7:f7:80:4a:93:
                    53:82:97:40:ce:39:93:7b:8c:05:39:72:71:51:2f:
                    fb:cd:19:99:4c:1c:99:50:8c:25:51:75:30:15:b5:
                    5a:e0:8d:3f:69:d2:ab:c1:83:3f:c8:52:90:37:4d:
                    a5:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:4E:E0:0E:5F:5F:A6:DF:67:47:2C:70:97:EE:7B:B0:96:C9:C8:20
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS213286.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:17::/48
                  2a06:a005:1e::/48
                  2a06:a005:852::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:ac:23:18:c6:01:9b:82:51:20:5d:48:28:8d:af:bd:c2:85:
         05:52:ad:c6:cc:dd:c6:9d:de:46:d0:5f:c7:e2:30:34:f9:86:
         a8:16:28:de:40:bd:1d:b3:99:e8:e1:32:ee:3d:ad:b9:95:c6:
         5f:98:0e:d2:d1:d1:60:ba:f0:d4:f1:ca:b0:06:40:a9:ed:15:
         78:7b:b1:ed:75:e2:19:71:16:52:61:47:67:bc:56:2f:71:84:
         a1:8f:a0:f6:9f:0e:4b:9b:b9:d6:ab:82:38:2d:7a:26:65:03:
         f7:a5:26:38:cd:84:34:0a:6e:b4:7c:db:27:2f:44:a9:6e:ff:
         17:d5:5c:9b:cb:38:bf:c6:c7:d3:02:ca:cf:8d:46:36:ec:12:
         fe:a1:63:67:4a:ec:69:18:62:8b:84:9e:8f:6d:1b:94:09:be:
         c4:0f:aa:0a:2b:d0:c8:e1:fd:08:ca:8d:6b:9f:3e:91:ed:b7:
         19:40:3a:20:9d:e3:18:7b:4d:91:34:3b:1e:b3:43:6a:f0:b4:
         c4:d7:5f:60:6b:34:4a:4b:6f:1c:5f:c5:22:90:3f:80:38:ab:
         28:f9:3d:ab:93:86:d6:68:98:17:71:b0:4f:b0:21:c6:7c:e0:
         d2:65:dc:c1:61:f5:c3:9a:3f:a7:23:84:c3:cc:ec:90:10:2e:
         ba:b8:8f:fe
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUJ7xJLKg7DXy3/hy5RHMdAwh2pIIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MDRaFw0yNjA3MDIxNTUyMDRaMDMxMTAvBgNV
BAMTKEQ2NEVFMDBFNUY1RkE2REY2NzQ3MkM3MDk3RUU3QkIwOTZDOUM4MjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqPiVQko+3TtRgPZFOcK2LhkhJ
rSCDzxam5i41otWcAYOgL8mxuh2FegVytBv985nF6nbsXv1G2GBj++Zj4Sx0cNL+
IWpgWNn+KCnM9x/DCxb89Shl39QFbzMlLwcRPXxQDZsSBe3TXt9jNuX0YHw+bsWZ
lvNViV4UNDrAeRVQy8cc950DV6wH45hAAbC9f4wYxgtoy5N8mIean8xzhgd5Q2KV
O/G4R4CqAV7g3LH9CAvnt1F7H5brI28JyLvltwzUQZY7EGgORqeUdma394BKk1OC
l0DOOZN7jAU5cnFRL/vNGZlMHJlQjCVRdTAVtVrgjT9p0qvBgz/IUpA3TaWFAgMB
AAGjggIEMIICADAdBgNVHQ4EFgQU1k7gDl9fpt9nRyxwl+57sJbJyCAwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjEzMjg2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzAhBAIAAjAbAwcAKgagBQAXAwcAKgagBQAeAwcAKgagBQhSMA0GCSqG
SIb3DQEBCwUAA4IBAQBarCMYxgGbglEgXUgoja+9woUFUq3GzN3Gnd5G0F/H4jA0
+YaoFijeQL0ds5no4TLuPa25lcZfmA7S0dFguvDU8cqwBkCp7RV4e7HtdeIZcRZS
YUdnvFYvcYShj6D2nw5Lm7nWq4I4LXomZQP3pSY4zYQ0Cm60fNsnL0Spbv8X1Vyb
yzi/xsfTAsrPjUY27BL+oWNnSuxpGGKLhJ6PbRuUCb7ED6oKK9DI4f0Iyo1rnz6R
7bcZQDogneMYe02RNDses0Nq8LTE119gazRKS28cX8UikD+AOKso+T2rk4bWaJgX
cbBPsCHGfODSZdzBYfXDmj+nI4TDzOyQEC66uI/+
-----END CERTIFICATE-----