Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS216412.roa
File:                     AS216412.roa (raw, json)
Hash identifier:          FOv/mlKcxNDXgPa8Uh+HiaLPChnlVG8e2mkrGLlc794=
Subject key identifier:   EB:ED:5A:D7:C1:60:CB:C6:98:1C:8E:BA:40:BE:A9:66:21:0C:E7:C2
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       06F6838046CD9566C634755FFC76439296A2788D
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS216412.roa
Signing time:             Thu 26 Jun 2025 19:33:27 +0000
ROA not before:           Thu 26 Jun 2025 19:28:27 +0000
ROA not after:            Thu 25 Jun 2026 19:33:27 +0000
asID:                     216412
IP address blocks:        2a06:a002:fe00::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 01:17:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:f6:83:80:46:cd:95:66:c6:34:75:5f:fc:76:43:92:96:a2:78:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jun 26 19:28:27 2025 GMT
            Not After : Jun 25 19:33:27 2026 GMT
        Subject: CN=EBED5AD7C160CBC6981C8EBA40BEA966210CE7C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:2f:70:89:d3:83:8e:ba:9c:37:9b:4f:86:23:
                    b2:35:cb:d5:8d:a1:fa:56:46:a4:5e:52:49:78:c8:
                    3f:4f:84:79:9e:b7:48:cf:99:ef:9e:bf:3e:ff:0e:
                    8f:5e:fa:a1:e2:cb:37:1a:ac:7c:17:cc:8a:e9:9a:
                    ca:9d:d6:a4:4d:0f:6b:4a:63:e2:14:c5:64:60:b2:
                    0e:64:e1:01:cb:35:95:fc:e4:18:ce:2d:b0:d8:b6:
                    1f:39:70:54:0e:0d:01:2c:6b:87:92:b7:e6:d0:1d:
                    bf:76:1f:04:87:36:fb:8f:05:5b:db:dd:e6:84:28:
                    84:45:b2:4a:0b:4d:b4:60:c1:a7:f1:a6:4a:ec:6b:
                    39:eb:02:92:c8:4a:42:b6:a4:56:19:91:21:e7:41:
                    d2:22:f8:8e:21:7a:10:c5:f1:7d:89:b2:5d:bc:82:
                    06:b2:e3:59:14:4a:3a:30:bb:a2:cf:c9:82:07:3a:
                    c9:39:b0:50:e5:c8:7c:3b:62:9b:25:72:ff:e7:bb:
                    bf:b5:f1:47:d0:5c:a6:55:6b:06:99:e0:e7:da:64:
                    2f:08:82:a0:99:b8:b5:48:f6:f6:23:4d:78:99:fb:
                    e7:a1:43:86:e4:d1:a0:ae:23:a3:69:38:94:8f:08:
                    8a:91:d4:21:1c:45:5e:09:d7:be:58:b6:ce:90:be:
                    65:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:ED:5A:D7:C1:60:CB:C6:98:1C:8E:BA:40:BE:A9:66:21:0C:E7:C2
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS216412.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a002:fe00::/39

    Signature Algorithm: sha256WithRSAEncryption
         4d:ea:95:89:26:59:31:44:29:4c:8d:95:a5:5f:8d:8c:79:ad:
         fc:8d:6e:ff:67:83:c8:80:a8:72:f0:c9:ef:d6:4e:ca:a0:be:
         27:a3:6d:42:7f:36:2d:b9:ca:05:5f:3f:5e:e9:ec:ed:5e:1e:
         d8:c3:0e:f1:85:a8:3d:78:4e:d5:12:0d:4c:30:b5:16:0b:a8:
         56:9a:ca:6e:7a:75:2a:7e:4a:5d:7b:9b:4a:eb:1e:a8:f5:68:
         2d:63:86:bc:14:f1:10:3f:83:1d:1c:f8:61:a1:4e:e9:ef:de:
         3d:03:ab:01:cb:52:98:d6:2a:8c:df:5a:6b:f2:29:ea:32:b8:
         d6:dc:1a:61:4b:63:c2:d4:9e:8f:9b:35:42:d9:83:a9:0b:d8:
         65:5f:8f:c0:aa:c4:b8:5c:07:4b:11:9d:b9:ff:86:c3:db:07:
         32:54:d3:b3:75:d5:3e:7c:73:be:25:31:7f:8b:e8:27:16:e1:
         31:9d:7b:10:cb:42:43:61:e6:9c:a7:9c:6e:ed:a3:e2:5d:59:
         22:9d:ce:d9:74:97:31:f5:15:24:b3:3d:9f:b7:dd:57:14:ac:
         07:46:7f:79:70:2e:1b:d7:87:80:23:5f:52:08:8d:3e:11:c6:
         65:28:17:0a:b2:9e:a2:3f:29:1f:ac:da:c1:4f:30:9c:a1:3b:
         47:0c:45:4b
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUBvaDgEbNlWbGNHVf/HZDkpaieI0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNTA2MjYxOTI4MjdaFw0yNjA2MjUxOTMzMjdaMDMxMTAvBgNV
BAMTKEVCRUQ1QUQ3QzE2MENCQzY5ODFDOEVCQTQwQkVBOTY2MjEwQ0U3QzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaL3CJ04OOupw3m0+GI7I1y9WN
ofpWRqReUkl4yD9PhHmet0jPme+evz7/Do9e+qHiyzcarHwXzIrpmsqd1qRND2tK
Y+IUxWRgsg5k4QHLNZX85BjOLbDYth85cFQODQEsa4eSt+bQHb92HwSHNvuPBVvb
3eaEKIRFskoLTbRgwafxpkrsaznrApLISkK2pFYZkSHnQdIi+I4hehDF8X2Jsl28
ggay41kUSjowu6LPyYIHOsk5sFDlyHw7Ypslcv/nu7+18UfQXKZVawaZ4OfaZC8I
gqCZuLVI9vYjTXiZ++ehQ4bk0aCuI6NpOJSPCIqR1CEcRV4J175Yts6QvmXJAgMB
AAGjggHxMIIB7TAdBgNVHQ4EFgQU6+1a18Fgy8aYHI66QL6pZiEM58IwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjE2NDEyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEH
AQH/BBIwEDAOBAIAAjAIAwYBKgagAv4wDQYJKoZIhvcNAQELBQADggEBAE3qlYkm
WTFEKUyNlaVfjYx5rfyNbv9ng8iAqHLwye/WTsqgviejbUJ/Ni25ygVfP17p7O1e
HtjDDvGFqD14TtUSDUwwtRYLqFaaym56dSp+Sl17m0rrHqj1aC1jhrwU8RA/gx0c
+GGhTunv3j0DqwHLUpjWKozfWmvyKeoyuNbcGmFLY8LUno+bNULZg6kL2GVfj8Cq
xLhcB0sRnbn/hsPbBzJU07N11T58c74lMX+L6CcW4TGdexDLQkNh5pynnG7to+Jd
WSKdztl0lzH1FSSzPZ+33VcUrAdGf3lwLhvXh4AjX1IIjT4RxmUoFwqynqI/KR+s
2sFPMJyhO0cMRUs=
-----END CERTIFICATE-----