Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215683.roa
File:                     AS215683.roa (raw, json)
Hash identifier:          rYWwg2zSyPFyFq1e0nxPH01nEtk7Ao16YNnr175acnM=
Subject key identifier:   89:DE:F9:BA:74:BC:D4:B8:E1:ED:1D:A5:8B:7D:15:25:D2:96:48:56
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       2A4F482E9A5B302F6A4455699D56BA7D603A88F1
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215683.roa
Signing time:             Thu 03 Jul 2025 15:51:37 +0000
ROA not before:           Thu 03 Jul 2025 15:46:37 +0000
ROA not after:            Thu 02 Jul 2026 15:51:37 +0000
asID:                     215683
IP address blocks:        2a06:9f44:f130::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:4f:48:2e:9a:5b:30:2f:6a:44:55:69:9d:56:ba:7d:60:3a:88:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:37 2025 GMT
            Not After : Jul  2 15:51:37 2026 GMT
        Subject: CN=89DEF9BA74BCD4B8E1ED1DA58B7D1525D2964856
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8e:52:7f:58:61:f2:f5:c2:71:e5:1f:04:6b:
                    53:81:67:91:f5:0e:63:77:8c:ec:1b:eb:6b:5d:9f:
                    e1:ff:c5:56:92:93:5d:a8:57:1f:58:c1:ab:0d:6e:
                    7e:b3:51:f2:30:81:dc:b3:15:a9:2a:d8:9a:7e:aa:
                    21:72:60:d9:91:67:35:29:87:6c:ba:fc:05:65:a7:
                    fe:46:c5:7a:1f:14:95:e8:e3:e4:0e:f5:3c:6e:b2:
                    34:f2:2e:d8:7b:b4:bb:98:99:65:a0:14:c6:7a:59:
                    23:e5:11:9c:d5:03:b0:59:77:73:72:d0:f9:de:5a:
                    c2:af:a3:cc:57:54:04:25:63:28:24:3a:d1:cd:fc:
                    36:0a:98:95:75:1c:d3:07:a6:0d:3d:58:5a:7b:ab:
                    42:fc:dd:ce:80:33:01:8a:2e:a7:78:99:eb:3e:97:
                    0e:41:4d:31:66:8d:5f:d0:16:cf:1f:46:bd:a9:36:
                    f7:3a:14:44:13:e5:58:a7:21:77:af:f6:42:25:2f:
                    bb:7f:bc:aa:f5:0d:68:a6:4e:30:6e:05:62:82:7e:
                    e8:60:a9:2f:37:53:3a:b3:13:08:9a:1a:b9:5d:74:
                    4d:3c:2b:cd:e0:d8:a8:0e:b6:ad:bf:f3:c3:00:5b:
                    cb:e8:06:5e:f0:41:f9:bc:f0:98:0b:d8:d5:98:47:
                    e7:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:DE:F9:BA:74:BC:D4:B8:E1:ED:1D:A5:8B:7D:15:25:D2:96:48:56
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215683.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9f44:f130::/44

    Signature Algorithm: sha256WithRSAEncryption
         88:e2:7d:6b:eb:6d:b7:63:b5:cc:76:61:ff:49:ce:2c:3e:cb:
         f0:0e:ea:cf:db:f4:8b:09:03:c1:55:c7:98:af:f3:7a:bd:1f:
         ae:0e:23:6c:28:bd:a9:47:4f:fc:e4:c5:95:61:9b:f9:8e:07:
         32:f0:34:ee:57:d3:4a:75:0c:a3:39:51:89:cc:9f:b1:d6:74:
         6f:80:df:db:f5:2c:7e:f1:68:e2:28:1e:2b:1f:d8:cc:c7:45:
         2d:a8:d4:e6:fa:e8:80:0c:de:01:13:c4:88:a2:f7:70:48:f2:
         26:86:4b:a2:8a:c0:b7:fc:a4:88:8f:a5:3d:ef:ad:c8:8c:9f:
         2b:e8:f9:f4:46:59:b1:3e:04:40:75:c0:3b:a2:c1:9a:62:96:
         68:d2:5e:c1:c7:cb:86:77:5b:5f:76:9d:76:8a:d4:f5:b0:87:
         84:b1:26:44:a2:43:fe:ca:38:b5:f6:45:15:ef:6d:b5:9d:60:
         28:50:f7:0a:63:61:3b:5a:a4:aa:6d:0d:2b:f7:f2:66:c3:40:
         1b:c9:5b:8f:04:84:97:6f:1f:0e:11:82:50:03:94:b4:fe:79:
         7e:68:eb:c1:05:53:9d:c8:a0:9c:6d:4e:78:bc:c6:aa:1e:7b:
         06:c4:f8:c9:c4:88:84:78:be:0d:ff:8c:29:16:c5:e8:1a:f5:
         96:f0:e3:54
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUKk9ILppbMC9qRFVpnVa6fWA6iPEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MzdaFw0yNjA3MDIxNTUxMzdaMDMxMTAvBgNV
BAMTKDg5REVGOUJBNzRCQ0Q0QjhFMUVEMURBNThCN0QxNTI1RDI5NjQ4NTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCojlJ/WGHy9cJx5R8Ea1OBZ5H1
DmN3jOwb62tdn+H/xVaSk12oVx9YwasNbn6zUfIwgdyzFakq2Jp+qiFyYNmRZzUp
h2y6/AVlp/5GxXofFJXo4+QO9TxusjTyLth7tLuYmWWgFMZ6WSPlEZzVA7BZd3Ny
0PneWsKvo8xXVAQlYygkOtHN/DYKmJV1HNMHpg09WFp7q0L83c6AMwGKLqd4mes+
lw5BTTFmjV/QFs8fRr2pNvc6FEQT5VinIXev9kIlL7t/vKr1DWimTjBuBWKCfuhg
qS83UzqzEwiaGrlddE08K83g2KgOtq2/88MAW8voBl7wQfm88JgL2NWYR+c7AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUid75unS81Ljh7R2li30VJdKWSFYwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE1NjgzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgafRPEwMA0GCSqGSIb3DQEBCwUAA4IBAQCI4n1r
6223Y7XMdmH/Sc4sPsvwDurP2/SLCQPBVceYr/N6vR+uDiNsKL2pR0/85MWVYZv5
jgcy8DTuV9NKdQyjOVGJzJ+x1nRvgN/b9Sx+8WjiKB4rH9jMx0UtqNTm+uiADN4B
E8SIovdwSPImhkuiisC3/KSIj6U9763IjJ8r6Pn0RlmxPgRAdcA7osGaYpZo0l7B
x8uGd1tfdp12itT1sIeEsSZEokP+yji19kUV7221nWAoUPcKY2E7WqSqbQ0r9/Jm
w0AbyVuPBISXbx8OEYJQA5S0/nl+aOvBBVOdyKCcbU54vMaqHnsGxPjJxIiEeL4N
/4wpFsXoGvWW8ONU
-----END CERTIFICATE-----