Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS51312.roa
File:                     AS51312.roa (raw, json)
Hash identifier:          mAwbjjqmh0OQSUQk5cMK/+xpIS7Dn9AfB4TetpaZbTE=
Subject key identifier:   69:7E:82:2C:77:69:63:9D:7F:BC:D3:D3:39:1A:37:C6:B6:A0:DA:F4
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       5821A6F02B265B97A392D43CDF17EDAF0573C890
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS51312.roa
Signing time:             Thu 03 Jul 2025 15:52:38 +0000
ROA not before:           Thu 03 Jul 2025 15:47:38 +0000
ROA not after:            Thu 02 Jul 2026 15:52:38 +0000
asID:                     51312
IP address blocks:        2a06:a005:2280::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:21:a6:f0:2b:26:5b:97:a3:92:d4:3c:df:17:ed:af:05:73:c8:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:38 2025 GMT
            Not After : Jul  2 15:52:38 2026 GMT
        Subject: CN=697E822C7769639D7FBCD3D3391A37C6B6A0DAF4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:59:b6:2e:98:57:f8:95:d4:3d:e9:92:8f:8f:
                    ee:64:32:4a:0d:23:79:1f:c6:00:ec:6c:5a:ab:10:
                    2d:16:0e:a9:7f:a5:77:5d:14:fd:75:e5:e8:c4:f7:
                    b9:f6:a9:99:c0:cf:c5:98:1d:03:36:40:d9:17:b2:
                    ef:b1:cf:59:28:0a:73:6c:04:2b:ee:0b:26:41:42:
                    b3:15:be:50:b5:38:30:13:f0:ce:cf:6b:fd:09:05:
                    5d:6c:94:61:ec:44:e6:8d:d1:81:21:e6:7a:6b:50:
                    3b:5a:77:d4:6f:9d:bb:01:dd:a2:3c:36:a0:e5:a5:
                    73:57:09:98:34:29:76:a9:98:be:d9:1f:87:cb:91:
                    42:55:e2:60:6d:8d:3d:58:f9:6a:59:fd:d5:cb:a9:
                    24:66:16:f3:ec:63:02:82:e3:0b:62:94:2c:1d:59:
                    32:bf:68:62:7f:77:29:95:d6:70:32:d0:db:28:a7:
                    99:ec:f6:39:03:d5:73:68:d8:de:57:3f:6d:39:a8:
                    61:ff:6f:e6:68:da:3d:59:16:94:0a:84:c3:6a:8a:
                    0f:cd:66:ca:ec:24:d2:5b:08:6c:96:45:ab:27:59:
                    e0:f6:3b:bf:e2:8a:09:b2:af:8f:83:a7:45:d6:fe:
                    1e:b0:01:c4:ae:50:e9:cb:09:37:75:e5:8f:86:fd:
                    8f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:7E:82:2C:77:69:63:9D:7F:BC:D3:D3:39:1A:37:C6:B6:A0:DA:F4
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS51312.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:2280::/44

    Signature Algorithm: sha256WithRSAEncryption
         18:d4:e7:ce:4f:9d:53:8c:57:33:79:8e:70:26:06:ef:71:87:
         4e:71:81:58:24:ee:ed:5b:97:07:99:a1:50:26:58:d1:12:cd:
         b5:a9:34:f3:cd:c0:8e:26:88:52:d5:ac:16:61:54:6e:9c:c2:
         b0:f8:57:45:c2:90:a0:3d:ab:9c:8f:e8:72:17:ec:38:dc:b5:
         42:c0:b6:ed:52:41:90:40:0c:7e:7d:be:49:53:97:2a:f6:0a:
         13:49:53:54:be:33:38:be:e8:86:a9:6b:7c:3c:d1:ac:79:4e:
         98:5d:03:0b:96:e1:e3:63:84:d5:c5:cf:ee:63:29:f6:80:31:
         2e:a3:d3:6e:58:ec:6a:b2:05:d0:9e:ad:48:96:8b:81:09:e6:
         69:10:7f:46:06:9d:cc:dd:8d:4a:47:8c:43:24:03:68:e5:fb:
         b5:8e:5f:0b:ac:98:91:4c:21:f7:72:2b:e8:27:fb:31:3e:6d:
         02:b8:2a:a9:e9:b5:3a:b7:ef:ea:3f:6f:be:cf:ee:69:90:ce:
         c8:ce:e6:b8:15:d8:5c:d1:a1:4c:c7:75:70:bb:e8:ca:3f:02:
         09:87:25:9b:98:04:d3:3c:57:8e:95:60:15:f4:64:08:83:80:
         74:ae:f6:fa:21:bc:0d:94:9c:53:0f:02:08:88:6e:7c:30:10:
         cd:44:dc:fa
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUWCGm8CsmW5ejktQ83xftrwVzyJAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MzhaFw0yNjA3MDIxNTUyMzhaMDMxMTAvBgNV
BAMTKDY5N0U4MjJDNzc2OTYzOUQ3RkJDRDNEMzM5MUEzN0M2QjZBMERBRjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdWbYumFf4ldQ96ZKPj+5kMkoN
I3kfxgDsbFqrEC0WDql/pXddFP115ejE97n2qZnAz8WYHQM2QNkXsu+xz1koCnNs
BCvuCyZBQrMVvlC1ODAT8M7Pa/0JBV1slGHsROaN0YEh5nprUDtad9RvnbsB3aI8
NqDlpXNXCZg0KXapmL7ZH4fLkUJV4mBtjT1Y+WpZ/dXLqSRmFvPsYwKC4wtilCwd
WTK/aGJ/dymV1nAy0Nsop5ns9jkD1XNo2N5XP205qGH/b+Zo2j1ZFpQKhMNqig/N
ZsrsJNJbCGyWRasnWeD2O7/iigmyr4+Dp0XW/h6wAcSuUOnLCTd15Y+G/Y9RAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQUaX6CLHdpY51/vNPTORo3xrag2vQwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NTEzMTIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcB
Af8EEzARMA8EAgACMAkDBwQqBqAFIoAwDQYJKoZIhvcNAQELBQADggEBABjU585P
nVOMVzN5jnAmBu9xh05xgVgk7u1blweZoVAmWNESzbWpNPPNwI4miFLVrBZhVG6c
wrD4V0XCkKA9q5yP6HIX7DjctULAtu1SQZBADH59vklTlyr2ChNJU1S+Mzi+6Iap
a3w80ax5TphdAwuW4eNjhNXFz+5jKfaAMS6j025Y7GqyBdCerUiWi4EJ5mkQf0YG
nczdjUpHjEMkA2jl+7WOXwusmJFMIfdyK+gn+zE+bQK4KqnptTq37+o/b77P7mmQ
zsjO5rgV2FzRoUzHdXC76Mo/AgmHJZuYBNM8V46VYBX0ZAiDgHSu9vohvA2UnFMP
AgiIbnwwEM1E3Po=
-----END CERTIFICATE-----