Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS58212.roa
File:                     AS58212.roa (raw, json)
Hash identifier:          20mhiJF71cmYR4FbHjwpY/WSYHv+lsSm68UxWQU2nA8=
Subject key identifier:   60:84:C3:C4:86:D1:F2:8D:30:F0:A9:3B:A7:CC:6C:B6:78:C3:57:AD
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       336A656A78C8BC84A231251B5ADB6EC017753766
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS58212.roa
Signing time:             Fri 19 Sep 2025 19:28:49 +0000
ROA not before:           Fri 19 Sep 2025 19:23:49 +0000
ROA not after:            Fri 18 Sep 2026 19:28:49 +0000
asID:                     58212
IP address blocks:        2a05:dfc7::/32 maxlen: 48
                          2a06:a007::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:6a:65:6a:78:c8:bc:84:a2:31:25:1b:5a:db:6e:c0:17:75:37:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Sep 19 19:23:49 2025 GMT
            Not After : Sep 18 19:28:49 2026 GMT
        Subject: CN=6084C3C486D1F28D30F0A93BA7CC6CB678C357AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:65:42:cb:97:04:e1:e7:f2:67:ce:ae:5f:86:
                    86:20:d5:13:32:f5:00:28:94:a4:d8:05:31:8b:19:
                    94:51:60:07:26:43:a5:9a:84:b8:a1:cb:6b:86:b7:
                    f5:60:ee:14:99:22:35:f8:95:63:17:67:d3:6d:11:
                    7c:39:8e:71:4d:ac:3f:f9:c1:91:46:19:aa:49:42:
                    ff:8b:f0:99:ae:b0:aa:48:64:3d:f7:e1:fe:7c:f6:
                    c7:8a:d0:11:a0:6f:c9:b2:80:08:26:e9:91:54:91:
                    b6:06:75:e1:ce:67:40:4f:79:23:0c:62:3d:27:77:
                    31:36:1b:09:4a:c1:f8:d4:5d:10:b6:b4:c1:51:77:
                    fe:ed:fb:82:fa:c1:04:9c:36:39:7a:73:8d:65:ac:
                    0e:e9:40:7c:a0:08:fb:91:cc:dd:50:55:6d:67:9f:
                    84:d5:af:09:d0:90:69:9a:0c:91:db:0e:40:ce:16:
                    d4:e5:5b:7e:89:3b:bf:33:be:bb:12:ed:b9:1c:ac:
                    bb:73:bc:d8:c7:e2:a0:be:45:ad:62:d7:cf:9e:2a:
                    cf:a8:24:74:a3:5f:03:e9:1a:a1:0e:af:3b:46:f9:
                    d2:76:c6:8e:50:35:5b:93:e3:b9:14:c9:ef:16:ba:
                    e5:ef:5e:60:43:77:d7:b7:de:1e:4c:9b:92:fa:b4:
                    32:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:84:C3:C4:86:D1:F2:8D:30:F0:A9:3B:A7:CC:6C:B6:78:C3:57:AD
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS58212.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc7::/32
                  2a06:a007::/32

    Signature Algorithm: sha256WithRSAEncryption
         c5:c5:c6:3d:ed:5a:5c:a5:cf:52:80:27:dd:9e:84:ac:66:c0:
         ec:bd:19:37:be:20:b3:7f:6f:34:30:d2:3a:b9:65:a5:c9:0a:
         e1:e6:55:8b:85:a7:9d:07:63:db:e6:a3:c3:55:46:82:8b:1a:
         db:d2:84:32:32:4f:ab:9a:20:f4:89:51:f1:1f:3e:b3:db:40:
         cf:89:4d:f8:c6:8d:41:16:ba:a8:97:34:f8:b2:ee:80:f3:9c:
         73:79:c5:e5:b1:96:33:37:2b:68:8d:e5:a7:b0:6d:60:56:78:
         64:a8:03:11:45:85:2e:57:0b:7f:d2:f0:44:43:b7:e2:2d:72:
         21:a5:7c:ca:3e:02:75:a2:47:b8:c2:df:77:97:ab:37:0a:e7:
         fe:aa:c9:e0:63:16:6c:ad:99:c6:72:b4:dd:69:64:34:ae:ed:
         40:c8:73:22:ae:fe:5c:f0:f1:4c:c8:91:9e:e6:b3:0c:48:6c:
         27:14:86:88:8b:59:f9:f4:b8:83:0c:2a:60:9d:08:1c:ee:62:
         ea:68:9e:ad:39:51:7b:4a:8e:a2:20:60:22:b2:a1:36:63:2b:
         c2:d6:7f:37:7d:b8:fa:1b:07:09:58:2c:3e:bd:5a:7a:e3:8b:
         f0:70:d1:0e:1b:b2:2e:cc:ad:fd:82:e0:62:8e:e1:12:d2:a3:
         9b:6f:dd:2e
-----BEGIN CERTIFICATE-----
MIIE7DCCA9SgAwIBAgIUM2planjIvISiMSUbWttuwBd1N2YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA5MTkxOTIzNDlaFw0yNjA5MTgxOTI4NDlaMDMxMTAvBgNV
BAMTKDYwODRDM0M0ODZEMUYyOEQzMEYwQTkzQkE3Q0M2Q0I2NzhDMzU3QUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZZULLlwTh5/Jnzq5fhoYg1RMy
9QAolKTYBTGLGZRRYAcmQ6WahLihy2uGt/Vg7hSZIjX4lWMXZ9NtEXw5jnFNrD/5
wZFGGapJQv+L8JmusKpIZD334f589seK0BGgb8mygAgm6ZFUkbYGdeHOZ0BPeSMM
Yj0ndzE2GwlKwfjUXRC2tMFRd/7t+4L6wQScNjl6c41lrA7pQHygCPuRzN1QVW1n
n4TVrwnQkGmaDJHbDkDOFtTlW36JO78zvrsS7bkcrLtzvNjH4qC+Ra1i18+eKs+o
JHSjXwPpGqEOrztG+dJ2xo5QNVuT47kUye8WuuXvXmBDd9e33h5Mm5L6tDK5AgMB
AAGjggH2MIIB8jAdBgNVHQ4EFgQUYITDxIbR8o0w8Kk7p8xstnjDV60wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NTgyMTIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwJwYIKwYBBQUHAQcB
Af8EGDAWMBQEAgACMA4DBQAqBd/HAwUAKgagBzANBgkqhkiG9w0BAQsFAAOCAQEA
xcXGPe1aXKXPUoAn3Z6ErGbA7L0ZN74gs39vNDDSOrllpckK4eZVi4WnnQdj2+aj
w1VGgosa29KEMjJPq5og9IlR8R8+s9tAz4lN+MaNQRa6qJc0+LLugPOcc3nF5bGW
MzcraI3lp7BtYFZ4ZKgDEUWFLlcLf9LwREO34i1yIaV8yj4CdaJHuMLfd5erNwrn
/qrJ4GMWbK2ZxnK03WlkNK7tQMhzIq7+XPDxTMiRnuazDEhsJxSGiItZ+fS4gwwq
YJ0IHO5i6mierTlRe0qOoiBgIrKhNmMrwtZ/N324+hsHCVgsPr1aeuOL8HDRDhuy
Lsyt/YLgYo7hEtKjm2/dLg==
-----END CERTIFICATE-----