Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS401486.roa
File:                     AS401486.roa (raw, json)
Hash identifier:          TM/VNXPTs80VpIuRfJV1nI1o/QIFsOSCzYzP80ImHZI=
Subject key identifier:   8A:89:7B:9E:DA:62:B8:62:98:33:CB:39:91:09:56:32:C8:DF:40:3F
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       249D2D73C00B53CF8A6D18DA4F068A48056B233D
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS401486.roa
Signing time:             Wed 08 Apr 2026 21:23:38 +0000
ROA not before:           Wed 08 Apr 2026 21:18:38 +0000
ROA not after:            Wed 07 Apr 2027 21:23:38 +0000
asID:                     401486
IP address blocks:        2a05:dfc6::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 Apr 2026 14:30:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:9d:2d:73:c0:0b:53:cf:8a:6d:18:da:4f:06:8a:48:05:6b:23:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Apr  8 21:18:38 2026 GMT
            Not After : Apr  7 21:23:38 2027 GMT
        Subject: CN=8A897B9EDA62B8629833CB3991095632C8DF403F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f5:9d:69:cc:d5:22:0d:e2:88:a0:05:32:c2:
                    ab:b6:83:55:fa:5b:aa:13:3c:ab:84:69:88:de:86:
                    5f:ef:e1:3c:5e:b1:2f:cf:65:d5:06:56:ea:54:61:
                    6b:0d:46:9a:cd:84:dc:96:ff:67:9a:dd:c9:d1:6d:
                    17:05:ee:07:6e:3c:c7:2d:86:6c:ed:59:19:29:7e:
                    8f:c3:d1:0b:ec:3a:54:5e:09:57:c9:a4:2c:79:35:
                    c4:69:d0:73:fd:8c:1f:45:c4:5b:48:ba:75:d7:9a:
                    15:e3:4c:70:ae:96:dd:30:0e:e0:4e:c3:d2:86:ac:
                    2c:91:4d:83:3f:e5:5c:3f:eb:a0:73:ea:cf:df:d4:
                    36:0a:98:fe:9f:c5:5b:5e:09:f8:a6:8d:5c:04:7a:
                    ad:ff:df:4b:d5:00:29:d3:d9:45:69:f0:fa:c5:df:
                    a9:2e:37:d2:4e:28:63:67:4e:63:ba:a3:53:c4:41:
                    8d:d1:98:80:31:64:de:87:ce:30:d5:b1:25:d0:b3:
                    5c:d2:68:cf:99:84:fd:89:37:a6:05:fb:29:b6:a5:
                    fd:00:49:75:c9:62:87:5d:0d:94:a1:ef:e4:77:71:
                    3d:41:66:52:26:e9:e2:4b:67:ae:04:05:b0:51:1f:
                    e2:4f:c1:d8:89:81:9e:b4:e5:41:c7:05:5a:2f:7c:
                    18:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:89:7B:9E:DA:62:B8:62:98:33:CB:39:91:09:56:32:C8:DF:40:3F
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS401486.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc6::/32

    Signature Algorithm: sha256WithRSAEncryption
         2f:c3:47:84:cf:7b:de:a7:a2:af:03:89:f4:c2:17:32:3d:5f:
         e9:01:92:63:ea:b4:32:ea:5a:93:4c:51:9e:f9:1a:1b:ba:48:
         0a:e3:38:54:ad:3e:db:ae:62:5c:1a:d5:bd:d1:66:2b:da:f5:
         85:9c:3f:bf:65:5d:3c:fb:02:7b:31:bf:3a:e3:b0:ba:81:8e:
         28:65:19:c8:71:fb:d3:51:58:50:ca:70:2b:a9:59:f1:e0:f3:
         3d:c2:8e:82:96:43:c4:d5:c4:40:0e:3d:8f:6e:29:4f:61:e4:
         a0:8f:75:80:5e:3a:17:50:6f:f7:7c:25:30:9e:21:07:de:38:
         83:02:7d:9e:97:f4:be:19:ae:e5:98:ec:5a:34:76:cd:28:c7:
         32:ef:cd:d7:e1:01:83:f5:b3:bd:72:9e:65:52:5c:0c:3f:f2:
         9d:56:23:d9:e8:d1:bd:20:f8:3b:42:55:2b:3b:07:1a:93:ad:
         55:1a:4b:29:e0:7d:fe:07:c8:67:ef:3c:79:66:09:76:4a:e4:
         67:fa:12:ae:c1:53:61:7d:a9:51:72:86:22:9e:71:22:da:ed:
         b6:d0:32:40:8f:2c:f2:bf:55:43:80:5a:ae:4c:a3:88:94:22:
         82:03:5a:d9:bf:3b:a3:15:06:e4:e2:e7:59:92:4e:fc:b0:a2:
         18:ff:3c:d2
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIUJJ0tc8ALU8+KbRjaTwaKSAVrIz0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA0MDgyMTE4MzhaFw0yNzA0MDcyMTIzMzhaMDMxMTAvBgNV
BAMTKDhBODk3QjlFREE2MkI4NjI5ODMzQ0IzOTkxMDk1NjMyQzhERjQwM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp9Z1pzNUiDeKIoAUywqu2g1X6
W6oTPKuEaYjehl/v4TxesS/PZdUGVupUYWsNRprNhNyW/2ea3cnRbRcF7gduPMct
hmztWRkpfo/D0QvsOlReCVfJpCx5NcRp0HP9jB9FxFtIunXXmhXjTHCult0wDuBO
w9KGrCyRTYM/5Vw/66Bz6s/f1DYKmP6fxVteCfimjVwEeq3/30vVACnT2UVp8PrF
36kuN9JOKGNnTmO6o1PEQY3RmIAxZN6HzjDVsSXQs1zSaM+ZhP2JN6YF+ym2pf0A
SXXJYoddDZSh7+R3cT1BZlIm6eJLZ64EBbBRH+JPwdiJgZ605UHHBVovfBhVAgMB
AAGjggHwMIIB7DAdBgNVHQ4EFgQUiol7ntpiuGKYM8s5kQlWMsjfQD8wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NDAxNDg2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEH
AQH/BBEwDzANBAIAAjAHAwUAKgXfxjANBgkqhkiG9w0BAQsFAAOCAQEAL8NHhM97
3qeirwOJ9MIXMj1f6QGSY+q0Mupak0xRnvkaG7pICuM4VK0+265iXBrVvdFmK9r1
hZw/v2VdPPsCezG/OuOwuoGOKGUZyHH701FYUMpwK6lZ8eDzPcKOgpZDxNXEQA49
j24pT2HkoI91gF46F1Bv93wlMJ4hB944gwJ9npf0vhmu5ZjsWjR2zSjHMu/N1+EB
g/WzvXKeZVJcDD/ynVYj2ejRvSD4O0JVKzsHGpOtVRpLKeB9/gfIZ+88eWYJdkrk
Z/oSrsFTYX2pUXKGIp5xItrtttAyQI8s8r9VQ4BarkyjiJQiggNa2b87oxUG5OLn
WZJO/LCiGP880g==
-----END CERTIFICATE-----