Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215683.roa
File:                     AS215683.roa (raw, json)
Hash identifier:          mp1cQC4nIK1xIC5u5JMiDcyzf8ZSl4WQxinlLUwsjng=
Subject key identifier:   D7:56:61:B2:5B:08:00:C0:F7:20:4F:D0:BA:C0:1A:51:82:69:0C:84
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       33B19AB7F8DD50CB6E73C5D7F5E949B642CB52D5
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215683.roa
Signing time:             Thu 04 Jun 2026 15:58:48 +0000
ROA not before:           Thu 04 Jun 2026 15:53:48 +0000
ROA not after:            Thu 03 Jun 2027 15:58:48 +0000
asID:                     215683
IP address blocks:        2a06:9f44:f130::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:b1:9a:b7:f8:dd:50:cb:6e:73:c5:d7:f5:e9:49:b6:42:cb:52:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:48 2026 GMT
            Not After : Jun  3 15:58:48 2027 GMT
        Subject: CN=D75661B25B0800C0F7204FD0BAC01A5182690C84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:08:15:84:7c:f6:6b:52:c6:09:43:68:b1:05:
                    1a:bd:c6:59:97:63:69:a1:9a:06:a1:3c:d3:c0:60:
                    4c:94:ac:01:18:29:76:aa:87:ff:cb:bf:38:7c:aa:
                    4e:83:a1:0c:0b:db:12:11:28:af:20:19:91:a9:f6:
                    56:24:c5:fc:b7:6c:65:7f:04:c9:b8:43:b6:e8:6d:
                    da:6e:f8:fa:1f:b1:35:ae:6c:f5:0c:c4:3d:27:eb:
                    5e:12:a3:c4:c8:e4:c3:2b:d5:4a:8e:bb:c6:3d:b2:
                    8a:ab:6e:c9:c4:3b:c7:56:63:52:39:9d:54:b7:7e:
                    ce:19:20:db:cb:37:0f:a7:f2:29:d1:9e:d8:80:0b:
                    b1:ab:b9:f7:9b:83:6c:f3:1a:b5:f3:5e:58:19:88:
                    ca:ab:21:c2:56:49:94:0b:fe:e9:d7:fb:71:a9:6b:
                    2e:f4:bd:e1:56:1b:8a:71:17:60:4b:3c:d6:17:eb:
                    f7:e6:23:b1:a7:d5:e5:7d:7c:dc:36:fb:a6:db:6b:
                    20:bf:4e:75:e2:8e:e5:4c:cb:74:5a:5e:5b:ff:3b:
                    d3:0d:95:02:9b:49:b9:e5:b3:82:23:24:31:ad:76:
                    0b:6a:50:e3:9e:46:c2:23:67:04:bd:7e:7d:b5:cd:
                    9a:8f:3d:ab:40:58:e3:c8:4c:4f:8b:44:ef:56:c2:
                    ff:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:56:61:B2:5B:08:00:C0:F7:20:4F:D0:BA:C0:1A:51:82:69:0C:84
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215683.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9f44:f130::/44

    Signature Algorithm: sha256WithRSAEncryption
         5c:ee:2d:31:ce:68:91:16:5d:c6:4f:17:2d:28:40:d6:1c:63:
         ca:29:ef:fc:e1:d8:7b:bd:4e:5e:7f:f6:b6:f5:7b:7c:cd:8e:
         22:68:f8:c2:22:25:83:8d:e0:b0:ab:65:88:28:1c:c3:ec:e9:
         a7:cd:f6:93:31:5f:09:83:bc:5c:bc:f8:a5:e0:64:05:14:58:
         32:65:e8:20:01:b0:a9:07:5e:40:21:69:18:98:3b:cb:99:4b:
         2e:3f:45:bf:dd:b9:49:eb:ab:e1:f7:67:ec:2f:83:a2:a3:80:
         e3:d7:fb:67:21:1a:72:5c:6e:a8:a5:20:7f:16:96:6d:05:30:
         67:35:b7:b8:ee:e7:06:ee:27:fb:b1:9b:90:75:c0:7d:7e:0d:
         25:81:7d:63:96:d0:3a:5f:e8:0c:8d:7f:07:f0:c3:4c:f6:1c:
         14:34:e4:73:ca:9f:8c:fb:f5:fd:d0:98:e7:4f:73:1c:76:fd:
         33:e6:67:57:86:14:83:e5:e0:3a:6c:1e:ef:de:04:52:a6:da:
         b8:9e:41:53:e2:1b:97:8b:6e:12:7b:df:3d:01:d9:db:ac:5c:
         c7:ec:90:30:75:4c:29:6e:f8:6b:27:1a:d9:4a:43:d3:fd:47:
         e8:02:1a:13:15:f0:19:60:17:1f:34:5b:f0:39:e6:5a:b9:34:
         0d:9b:24:c8
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUM7Gat/jdUMtuc8XX9elJtkLLUtUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDhaFw0yNzA2MDMxNTU4NDhaMDMxMTAvBgNV
BAMTKEQ3NTY2MUIyNUIwODAwQzBGNzIwNEZEMEJBQzAxQTUxODI2OTBDODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDECBWEfPZrUsYJQ2ixBRq9xlmX
Y2mhmgahPNPAYEyUrAEYKXaqh//Lvzh8qk6DoQwL2xIRKK8gGZGp9lYkxfy3bGV/
BMm4Q7bobdpu+PofsTWubPUMxD0n614So8TI5MMr1UqOu8Y9soqrbsnEO8dWY1I5
nVS3fs4ZINvLNw+n8inRntiAC7Grufebg2zzGrXzXlgZiMqrIcJWSZQL/unX+3Gp
ay70veFWG4pxF2BLPNYX6/fmI7Gn1eV9fNw2+6bbayC/TnXijuVMy3RaXlv/O9MN
lQKbSbnls4IjJDGtdgtqUOOeRsIjZwS9fn21zZqPPatAWOPITE+LRO9Wwv+9AgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU11ZhslsIAMD3IE/QusAaUYJpDIQwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE1NjgzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgafRPEwMA0GCSqGSIb3DQEBCwUAA4IBAQBc7i0x
zmiRFl3GTxctKEDWHGPKKe/84dh7vU5ef/a29Xt8zY4iaPjCIiWDjeCwq2WIKBzD
7OmnzfaTMV8Jg7xcvPil4GQFFFgyZeggAbCpB15AIWkYmDvLmUsuP0W/3blJ66vh
92fsL4Oio4Dj1/tnIRpyXG6opSB/FpZtBTBnNbe47ucG7if7sZuQdcB9fg0lgX1j
ltA6X+gMjX8H8MNM9hwUNORzyp+M+/X90JjnT3Mcdv0z5mdXhhSD5eA6bB7v3gRS
ptq4nkFT4huXi24Se989AdnbrFzH7JAwdUwpbvhrJxrZSkPT/UfoAhoTFfAZYBcf
NFvwOeZauTQNmyTI
-----END CERTIFICATE-----