Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS7018.roa
File:                     AS7018.roa (raw, json)
Hash identifier:          QjwqElTzwyUTBXLe84LcsKEtX2IHmpSA3Qjh9o1zkVs=
Subject key identifier:   A2:59:1A:CA:75:59:F1:09:5B:52:DC:0A:84:EF:67:EE:AE:C6:3D:61
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       63C1D505725687AAB89A307A84BD31F0E2E22BE0
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS7018.roa
Signing time:             Sat 27 Sep 2025 06:44:38 +0000
ROA not before:           Sat 27 Sep 2025 06:39:38 +0000
ROA not after:            Sat 26 Sep 2026 06:44:38 +0000
asID:                     7018
IP address blocks:        2a06:a005:3070::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:c1:d5:05:72:56:87:aa:b8:9a:30:7a:84:bd:31:f0:e2:e2:2b:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Sep 27 06:39:38 2025 GMT
            Not After : Sep 26 06:44:38 2026 GMT
        Subject: CN=A2591ACA7559F1095B52DC0A84EF67EEAEC63D61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:96:47:89:a1:d1:08:58:58:16:98:74:93:f8:
                    70:c0:9a:b2:98:2d:e1:87:1f:f7:62:22:4d:d4:b8:
                    3f:eb:eb:02:d0:54:8e:20:bf:ad:6a:75:2f:fb:51:
                    01:0d:0f:37:d3:99:84:26:2d:45:ab:0d:a1:ac:15:
                    11:af:0c:42:24:39:19:c1:49:73:87:e5:cd:49:d2:
                    b9:d6:ef:8a:8f:92:ba:06:b0:03:e3:7d:be:47:d5:
                    07:66:a3:1f:c1:ac:86:15:a8:a0:64:83:f0:1a:f4:
                    a5:f9:70:f0:df:da:4c:6c:f1:c3:07:55:c5:76:93:
                    9b:ca:74:92:c7:ec:e9:d3:18:3e:15:49:ba:25:fc:
                    f8:c4:58:32:66:f0:82:4c:14:21:f3:39:3b:86:b8:
                    13:7e:32:a7:8d:a4:df:a6:ad:bc:e8:7d:a4:60:c1:
                    e8:90:ca:83:c1:2b:4a:b2:10:bc:98:04:50:95:86:
                    ca:43:8b:78:81:42:11:50:d4:f9:a0:fa:e0:84:41:
                    ab:d1:48:c9:ef:82:4d:0f:96:96:03:b0:3d:45:e2:
                    a2:a6:98:88:36:3e:60:18:bb:79:75:b3:cf:ff:9b:
                    32:67:fe:1f:d9:3e:55:9d:2b:3b:4c:86:0a:b9:b7:
                    33:e6:67:a9:c2:2b:39:81:47:e7:54:a1:ea:10:31:
                    cd:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:59:1A:CA:75:59:F1:09:5B:52:DC:0A:84:EF:67:EE:AE:C6:3D:61
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS7018.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:3070::/44

    Signature Algorithm: sha256WithRSAEncryption
         7a:82:7a:4d:83:71:37:ff:15:d5:52:33:d8:61:65:56:9b:96:
         3f:81:3b:45:0c:da:46:33:80:8a:aa:00:39:6c:fd:30:81:f8:
         1b:c0:87:8b:7a:a6:29:65:7d:ea:cd:50:5f:9e:c9:d0:51:cb:
         7d:41:6d:df:52:1a:e9:e9:01:96:da:91:a3:bd:dc:83:43:25:
         38:fa:b2:9a:fe:46:1e:72:08:06:a6:e1:ad:0c:a9:18:5e:cf:
         2d:65:89:ef:8e:df:41:d2:f8:71:ef:e1:7b:90:b2:2b:7f:a1:
         39:5f:52:e8:c6:3e:67:50:61:67:d9:4b:2c:c4:38:14:08:c5:
         fc:6a:17:c5:fe:26:1f:7f:e9:17:cd:23:0d:3f:ba:0b:6f:5a:
         22:f1:61:f5:95:f4:76:ee:19:a6:04:14:5c:2c:ec:82:91:8c:
         b2:87:37:80:1b:97:6c:e3:b4:e4:0f:d9:d0:ca:f5:fb:34:54:
         03:b7:ed:ab:9e:5a:80:84:f6:0e:1d:45:6c:ef:04:99:7a:e9:
         8a:62:03:37:39:de:8a:3d:d8:17:92:90:d8:c5:e3:86:6c:33:
         f8:a6:16:c8:09:7d:de:03:6a:c6:d4:44:a4:cc:1d:52:35:87:
         a2:6f:83:d5:a5:58:71:cb:85:3d:37:51:2b:68:69:9f:46:f1:
         f3:ac:70:78
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIUY8HVBXJWh6q4mjB6hL0x8OLiK+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA5MjcwNjM5MzhaFw0yNjA5MjYwNjQ0MzhaMDMxMTAvBgNV
BAMTKEEyNTkxQUNBNzU1OUYxMDk1QjUyREMwQTg0RUY2N0VFQUVDNjNENjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtlkeJodEIWFgWmHST+HDAmrKY
LeGHH/diIk3UuD/r6wLQVI4gv61qdS/7UQENDzfTmYQmLUWrDaGsFRGvDEIkORnB
SXOH5c1J0rnW74qPkroGsAPjfb5H1Qdmox/BrIYVqKBkg/Aa9KX5cPDf2kxs8cMH
VcV2k5vKdJLH7OnTGD4VSbol/PjEWDJm8IJMFCHzOTuGuBN+MqeNpN+mrbzofaRg
weiQyoPBK0qyELyYBFCVhspDi3iBQhFQ1Pmg+uCEQavRSMnvgk0PlpYDsD1F4qKm
mIg2PmAYu3l1s8//mzJn/h/ZPlWdKztMhgq5tzPmZ6nCKzmBR+dUoeoQMc1FAgMB
AAGjggHwMIIB7DAdBgNVHQ4EFgQUolkaynVZ8QlbUtwKhO9n7q7GPWEwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBuBggrBgEF
BQcBCwRiMGAwXgYIKwYBBQUHMAuGUnJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NzAxOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB
/wQTMBEwDwQCAAIwCQMHBCoGoAUwcDANBgkqhkiG9w0BAQsFAAOCAQEAeoJ6TYNx
N/8V1VIz2GFlVpuWP4E7RQzaRjOAiqoAOWz9MIH4G8CHi3qmKWV96s1QX57J0FHL
fUFt31Ia6ekBltqRo73cg0MlOPqymv5GHnIIBqbhrQypGF7PLWWJ747fQdL4ce/h
e5CyK3+hOV9S6MY+Z1BhZ9lLLMQ4FAjF/GoXxf4mH3/pF80jDT+6C29aIvFh9ZX0
du4ZpgQUXCzsgpGMsoc3gBuXbOO05A/Z0Mr1+zRUA7ftq55agIT2Dh1FbO8EmXrp
imIDNzneij3YF5KQ2MXjhmwz+KYWyAl93gNqxtREpMwdUjWHom+D1aVYccuFPTdR
K2hpn0bx86xweA==
-----END CERTIFICATE-----