Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS0.roa
File:                     AS0.roa (raw, json)
Hash identifier:          TJQkb+TU51ilAg29cQtkva8XQidCZRAqDv9VGAe4qPA=
Subject key identifier:   C3:4D:E3:A3:CB:57:9B:52:C3:CA:87:83:4E:6D:25:E4:76:E5:07:8D
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       3D91A01282AB2663E73EF8C03DB404628BE3461A
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS0.roa
Signing time:             Sun 12 Oct 2025 17:13:53 +0000
ROA not before:           Sun 12 Oct 2025 17:08:53 +0000
ROA not after:            Sun 11 Oct 2026 17:13:53 +0000
asID:                     0
IP address blocks:        2a06:a000:100::/40 maxlen: 48
                          2a0d:d900::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:91:a0:12:82:ab:26:63:e7:3e:f8:c0:3d:b4:04:62:8b:e3:46:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Oct 12 17:08:53 2025 GMT
            Not After : Oct 11 17:13:53 2026 GMT
        Subject: CN=C34DE3A3CB579B52C3CA87834E6D25E476E5078D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:25:5c:5d:31:72:78:52:5d:ad:7e:c5:0a:04:
                    4d:c7:a6:1d:4a:32:b2:ae:8a:eb:53:9d:64:9d:50:
                    ca:31:07:96:7e:03:99:fb:62:42:95:e1:7d:d3:af:
                    30:ea:3f:b8:bf:ab:e6:06:f7:4a:2a:c6:c4:55:5d:
                    c8:bc:59:ba:11:82:b1:56:ab:46:d8:10:43:b9:17:
                    82:88:86:a1:7b:85:93:80:2c:ea:d2:7c:0b:35:a5:
                    22:60:e2:36:9e:9c:a7:69:6f:42:ff:1d:d2:d5:e7:
                    9e:51:a3:5f:18:14:f0:f9:36:20:8a:49:33:b8:4a:
                    0c:96:07:5c:5e:7e:84:f4:f2:40:b3:94:f3:d2:67:
                    e4:d2:f6:c5:1e:4d:75:23:94:07:0e:0e:14:e2:7c:
                    a9:34:f8:10:79:43:34:84:90:ac:9d:28:09:05:f5:
                    6b:3b:a7:cb:47:9e:d7:73:82:d6:30:cf:fd:d1:50:
                    a7:b5:1d:6d:01:38:c6:fb:40:73:fb:71:92:b9:55:
                    11:ea:44:6f:cd:91:9f:4d:2a:61:3a:85:11:2d:ed:
                    bb:00:9b:41:1b:b3:57:28:b7:f1:eb:9c:c0:4d:37:
                    0f:ea:f7:e3:6d:bf:15:95:ca:a2:2c:3e:c6:4a:f1:
                    82:76:a0:cf:09:bf:8c:16:f5:03:d6:27:19:81:d6:
                    43:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:4D:E3:A3:CB:57:9B:52:C3:CA:87:83:4E:6D:25:E4:76:E5:07:8D
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS0.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a000:100::/40
                  2a0d:d900::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:c4:30:4f:f7:f8:d0:2b:52:4c:1d:af:d3:fd:8b:e7:00:89:
         da:af:7f:20:d1:53:f5:4a:ae:d8:2c:2b:0e:de:d5:ca:b8:d3:
         34:00:e3:de:ab:17:60:ce:5b:24:21:70:59:a1:b2:15:85:de:
         2d:33:a5:e4:72:53:9c:43:ed:81:f9:46:ca:d7:9b:f7:e3:e4:
         bd:97:44:84:d5:6e:98:a0:5b:18:f5:d6:cc:be:a6:0c:af:98:
         00:58:8f:38:11:47:a6:4d:20:55:5b:5d:ec:37:e1:68:29:ba:
         92:82:a5:09:38:61:f9:f0:5c:0c:84:0a:bd:ff:2a:9b:35:8e:
         00:38:26:8f:00:28:e9:69:29:68:57:da:8f:ef:84:3e:cd:88:
         f3:8c:e2:22:8e:3e:97:02:df:49:cf:a5:c2:4b:aa:98:33:1d:
         9a:e8:1a:1f:c8:8d:14:41:ec:b3:2f:06:8d:fd:0e:fd:e3:3c:
         a2:5c:ea:6f:9d:d8:5e:2e:8e:25:bc:04:22:1b:32:4f:4d:e2:
         91:66:03:4f:6c:0b:07:f2:b0:09:b4:ff:7a:35:92:70:4b:37:
         02:d4:44:79:eb:57:88:49:46:62:6e:8f:ab:d9:78:26:a7:6f:
         c5:09:51:51:70:f0:53:c1:2b:33:45:5c:01:63:b4:d4:88:09:
         87:fb:44:b7
-----BEGIN CERTIFICATE-----
MIIE6TCCA9GgAwIBAgIUPZGgEoKrJmPnPvjAPbQEYovjRhowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTEwMTIxNzA4NTNaFw0yNjEwMTExNzEzNTNaMDMxMTAvBgNV
BAMTKEMzNERFM0EzQ0I1NzlCNTJDM0NBODc4MzRFNkQyNUU0NzZFNTA3OEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiJVxdMXJ4Ul2tfsUKBE3Hph1K
MrKuiutTnWSdUMoxB5Z+A5n7YkKV4X3TrzDqP7i/q+YG90oqxsRVXci8WboRgrFW
q0bYEEO5F4KIhqF7hZOALOrSfAs1pSJg4jaenKdpb0L/HdLV555Ro18YFPD5NiCK
STO4SgyWB1xefoT08kCzlPPSZ+TS9sUeTXUjlAcODhTifKk0+BB5QzSEkKydKAkF
9Ws7p8tHntdzgtYwz/3RUKe1HW0BOMb7QHP7cZK5VRHqRG/NkZ9NKmE6hREt7bsA
m0Ebs1cot/HrnMBNNw/q9+NtvxWVyqIsPsZK8YJ2oM8Jv4wW9QPWJxmB1kMhAgMB
AAGjggHzMIIB7zAdBgNVHQ4EFgQUw03jo8tXm1LDyoeDTm0l5HblB40wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBrBggrBgEF
BQcBCwRfMF0wWwYIKwYBBQUHMAuGT3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAoBggrBgEFBQcBBwEB/wQZ
MBcwFQQCAAIwDwMGACoGoAABAwUAKg3ZADANBgkqhkiG9w0BAQsFAAOCAQEALsQw
T/f40CtSTB2v0/2L5wCJ2q9/INFT9Uqu2CwrDt7VyrjTNADj3qsXYM5bJCFwWaGy
FYXeLTOl5HJTnEPtgflGyteb9+PkvZdEhNVumKBbGPXWzL6mDK+YAFiPOBFHpk0g
VVtd7DfhaCm6koKlCThh+fBcDIQKvf8qmzWOADgmjwAo6WkpaFfaj++EPs2I84zi
Io4+lwLfSc+lwkuqmDMdmugaH8iNFEHssy8Gjf0O/eM8olzqb53YXi6OJbwEIhsy
T03ikWYDT2wLB/KwCbT/ejWScEs3AtREeetXiElGYm6Pq9l4JqdvxQlRUXDwU8Er
M0VcAWO01IgJh/tEtw==
-----END CERTIFICATE-----