Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214546.roa
File:                     AS214546.roa (raw, json)
Hash identifier:          tJ6FCR/0KUAsA+G43RyPjTunm6ZoiWXM+rFIsgafcO8=
Subject key identifier:   EF:E4:E8:C0:75:77:33:83:71:25:A2:1B:1F:A7:80:AE:21:3A:2E:23
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       512ECA0B45F1E6FBBAF97DE249AFD02C2E6A73ED
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214546.roa
Signing time:             Thu 03 Jul 2025 15:51:44 +0000
ROA not before:           Thu 03 Jul 2025 15:46:44 +0000
ROA not after:            Thu 02 Jul 2026 15:51:44 +0000
asID:                     214546
IP address blocks:        2a09:54c2::/32 maxlen: 48
                          2a0d:d900::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:2e:ca:0b:45:f1:e6:fb:ba:f9:7d:e2:49:af:d0:2c:2e:6a:73:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:44 2025 GMT
            Not After : Jul  2 15:51:44 2026 GMT
        Subject: CN=EFE4E8C0757733837125A21B1FA780AE213A2E23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ac:10:21:4c:de:7c:03:8d:45:81:2f:ab:37:
                    9f:e5:de:09:be:ce:44:8a:db:e2:24:55:58:7f:aa:
                    8a:a3:df:75:57:5f:b0:ac:ad:c2:58:31:ce:19:ee:
                    1d:41:0c:b0:2a:2f:83:3d:aa:bf:3b:fa:1a:b6:97:
                    0e:4b:4c:42:fc:c1:35:f7:1b:89:4a:9c:ec:c7:2a:
                    50:e7:56:94:77:fc:03:c1:62:6e:b1:c0:55:53:02:
                    b8:7c:ba:f1:fe:6b:e4:e2:f4:06:5d:98:86:7b:97:
                    73:92:af:6b:e2:12:a4:bf:b1:26:09:50:9f:97:62:
                    b7:f6:dd:62:7d:cd:4f:e3:4a:ae:86:03:6a:7a:33:
                    b3:da:fa:88:be:4c:a2:92:ef:ba:cb:3a:fe:ab:8d:
                    e2:5d:e4:33:66:21:b5:4d:31:73:6d:41:6b:f7:29:
                    fe:ab:26:1e:64:70:5f:85:4c:d0:f9:59:7b:51:a9:
                    4e:2e:cf:46:8b:53:2b:01:65:f1:5a:b4:43:4d:0b:
                    63:e4:a1:30:64:f6:b7:23:27:d7:6e:53:07:de:ee:
                    65:33:19:23:a4:07:5d:a3:48:d3:78:62:2a:3f:dd:
                    17:77:a8:d2:f9:18:63:a2:6a:83:fc:fe:0a:bd:ef:
                    b4:47:8a:64:53:15:b7:94:47:9d:c1:bd:37:cf:8e:
                    00:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:E4:E8:C0:75:77:33:83:71:25:A2:1B:1F:A7:80:AE:21:3A:2E:23
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214546.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:54c2::/32
                  2a0d:d900::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:7f:03:e8:c5:0e:d6:1e:bf:19:5f:89:0a:88:29:6b:41:1c:
         0f:fe:b8:2a:72:7a:49:04:f0:8f:13:a0:eb:8d:44:94:51:7f:
         0a:ed:12:24:11:39:a5:3d:fa:87:d1:3c:dd:3c:b0:aa:f1:ee:
         1d:2b:59:1d:93:27:48:1f:d4:39:04:a6:fc:dc:5c:1a:66:cb:
         3a:7f:a2:bd:49:51:0a:ee:fe:66:cc:5b:2c:c6:a2:2c:ab:50:
         69:63:53:3b:9b:88:61:f9:eb:4b:0f:6a:90:0d:4f:7d:c4:01:
         71:92:65:81:8e:9c:a2:dc:00:44:63:f4:f0:a5:00:d8:09:23:
         5d:17:65:b6:6a:1f:54:27:be:95:f6:2c:d6:1d:6b:20:a7:73:
         0f:a7:59:18:fb:bd:16:e2:b2:b3:66:4c:0e:dc:63:8a:6b:11:
         c5:53:61:fa:b7:34:97:42:9f:ee:e5:e2:56:88:ec:9d:25:a8:
         37:a9:4b:20:91:9f:a8:59:69:6c:dc:25:41:b7:b0:86:63:44:
         04:fb:98:5f:04:c1:1e:c9:96:cf:9c:1f:fc:2b:a2:5a:2e:c5:
         45:b4:3d:61:87:1a:4f:1c:1b:3a:9b:56:e4:26:b5:d9:1b:5a:
         7d:48:78:51:a3:14:32:5b:fc:8c:a8:65:36:da:1b:95:c4:bd:
         b8:e6:c0:2e
-----BEGIN CERTIFICATE-----
MIIE7TCCA9WgAwIBAgIUUS7KC0Xx5vu6+X3iSa/QLC5qc+0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2NDRaFw0yNjA3MDIxNTUxNDRaMDMxMTAvBgNV
BAMTKEVGRTRFOEMwNzU3NzMzODM3MTI1QTIxQjFGQTc4MEFFMjEzQTJFMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVrBAhTN58A41FgS+rN5/l3gm+
zkSK2+IkVVh/qoqj33VXX7CsrcJYMc4Z7h1BDLAqL4M9qr87+hq2lw5LTEL8wTX3
G4lKnOzHKlDnVpR3/APBYm6xwFVTArh8uvH+a+Ti9AZdmIZ7l3OSr2viEqS/sSYJ
UJ+XYrf23WJ9zU/jSq6GA2p6M7Pa+oi+TKKS77rLOv6rjeJd5DNmIbVNMXNtQWv3
Kf6rJh5kcF+FTND5WXtRqU4uz0aLUysBZfFatENNC2PkoTBk9rcjJ9duUwfe7mUz
GSOkB12jSNN4Yio/3Rd3qNL5GGOiaoP8/gq977RHimRTFbeUR53BvTfPjgB9AgMB
AAGjggH3MIIB8zAdBgNVHQ4EFgQU7+TowHV3M4NxJaIbH6eAriE6LiMwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE0NTQ2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEH
AQH/BBgwFjAUBAIAAjAOAwUAKglUwgMFACoN2QAwDQYJKoZIhvcNAQELBQADggEB
AJt/A+jFDtYevxlfiQqIKWtBHA/+uCpyekkE8I8ToOuNRJRRfwrtEiQROaU9+ofR
PN08sKrx7h0rWR2TJ0gf1DkEpvzcXBpmyzp/or1JUQru/mbMWyzGoiyrUGljUzub
iGH560sPapANT33EAXGSZYGOnKLcAERj9PClANgJI10XZbZqH1QnvpX2LNYdayCn
cw+nWRj7vRbisrNmTA7cY4prEcVTYfq3NJdCn+7l4laI7J0lqDepSyCRn6hZaWzc
JUG3sIZjRAT7mF8EwR7Jls+cH/wrolouxUW0PWGHGk8cGzqbVuQmtdkbWn1IeFGj
FDJb/IyoZTbaG5XEvbjmwC4=
-----END CERTIFICATE-----