Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS214809.roa
File:                     AS214809.roa (raw, json)
Hash identifier:          ippwLiX8Bi9jHuAGCE1eiGL4V+JaMV0cSPjfvwf2zV8=
Subject key identifier:   85:58:C1:A3:C5:8D:43:5A:6A:8C:A1:60:45:87:CD:BC:AB:9A:E6:33
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       11FD4EF41DD22B8BF39595C966D3C20621EE474B
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS214809.roa
Signing time:             Sun 25 May 2025 20:30:25 +0000
ROA not before:           Sun 25 May 2025 20:25:25 +0000
ROA not after:            Sun 24 May 2026 20:30:25 +0000
asID:                     214809
IP address blocks:        103.139.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Jun 2025 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:fd:4e:f4:1d:d2:2b:8b:f3:95:95:c9:66:d3:c2:06:21:ee:47:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: May 25 20:25:25 2025 GMT
            Not After : May 24 20:30:25 2026 GMT
        Subject: CN=8558C1A3C58D435A6A8CA1604587CDBCAB9AE633
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c8:8d:04:12:86:c2:59:f7:3a:9d:ac:a6:b0:
                    e2:77:0a:77:f3:5c:8f:70:41:80:db:5e:97:1a:34:
                    2a:5b:ec:e7:c0:8b:89:3c:4a:68:6c:d1:9d:90:09:
                    0d:ce:45:95:cb:da:e7:b1:c9:f0:75:17:e4:a6:bb:
                    bf:1d:93:da:4d:74:51:f4:7b:fa:3a:90:a4:2b:58:
                    fc:0f:a4:26:94:c3:b1:a8:63:ef:49:6d:c4:42:c8:
                    7d:58:89:b4:dc:7f:d2:99:76:b5:d0:01:e4:3d:b5:
                    38:8f:b1:99:ee:b1:09:d9:c7:8b:b4:69:b0:03:2b:
                    d3:58:4e:ce:34:2b:ce:be:14:dd:a4:a4:37:42:6c:
                    72:84:7c:74:3c:8b:cf:58:f8:2c:38:c7:f4:cb:8a:
                    16:46:fb:22:8b:12:38:26:cb:91:0d:3a:fb:aa:73:
                    9e:3d:64:0e:ea:b1:c9:f7:ea:60:80:bc:f2:54:a3:
                    3d:d4:d3:61:2c:0f:90:e5:3b:8c:ba:39:c7:e4:66:
                    45:df:71:95:f0:dc:db:21:c7:64:75:c6:1a:14:be:
                    8f:4a:0f:9a:a4:72:d0:bb:55:e8:81:3d:42:bf:a8:
                    83:fa:fa:93:5b:38:82:1d:27:72:ba:47:23:7b:43:
                    c0:a8:6b:ea:49:1b:ac:03:f4:66:66:64:94:da:d3:
                    39:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:58:C1:A3:C5:8D:43:5A:6A:8C:A1:60:45:87:CD:BC:AB:9A:E6:33
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS214809.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.139.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:e7:61:18:47:5c:cd:2f:e2:75:74:eb:21:6d:32:11:52:de:
         a8:05:51:4f:3a:88:86:86:69:36:2c:93:2e:5e:c8:12:8f:b2:
         db:8e:3e:59:c0:b5:8d:ba:49:aa:1b:dc:32:75:e0:b8:49:a7:
         1a:dc:40:44:89:42:8c:52:f3:ea:ed:72:18:a7:84:36:30:e9:
         d9:ed:0b:36:fe:47:d5:80:79:9b:6f:07:11:44:b1:5b:fb:cb:
         d5:b7:84:ae:ef:4b:fa:3c:a0:0c:10:2b:06:0f:9e:a5:f6:f2:
         a2:34:e1:23:87:19:40:c0:99:b6:6c:3a:2d:4b:a1:49:56:07:
         e5:cf:50:e9:93:d7:c4:d7:fd:71:30:76:75:82:62:fa:b7:9e:
         f8:d3:97:65:84:42:c5:bd:cf:35:16:be:85:97:2d:fc:92:10:
         24:af:b9:ba:b3:63:cf:ff:0e:00:a2:68:46:7e:9e:d3:53:59:
         06:a8:37:2c:31:39:74:a9:30:30:6c:df:21:6f:65:6b:5c:f1:
         7d:1e:29:63:77:fb:60:c5:1e:6a:64:56:ce:15:53:25:91:ab:
         55:47:22:d5:50:26:2a:3a:f7:1e:99:21:01:cd:75:ad:cd:51:
         4a:18:fe:ac:df:91:bf:43:6f:f7:c7:de:2a:5b:d3:b5:f0:d0:
         3a:eb:20:c4
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUEf1O9B3SK4vzlZXJZtPCBiHuR0swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNTA1MjUyMDI1MjVaFw0yNjA1MjQyMDMwMjVaMDMxMTAvBgNV
BAMTKDg1NThDMUEzQzU4RDQzNUE2QThDQTE2MDQ1ODdDREJDQUI5QUU2MzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuyI0EEobCWfc6naymsOJ3Cnfz
XI9wQYDbXpcaNCpb7OfAi4k8Smhs0Z2QCQ3ORZXL2uexyfB1F+Smu78dk9pNdFH0
e/o6kKQrWPwPpCaUw7GoY+9JbcRCyH1YibTcf9KZdrXQAeQ9tTiPsZnusQnZx4u0
abADK9NYTs40K86+FN2kpDdCbHKEfHQ8i89Y+Cw4x/TLihZG+yKLEjgmy5ENOvuq
c549ZA7qscn36mCAvPJUoz3U02EsD5DlO4y6OcfkZkXfcZXw3Nshx2R1xhoUvo9K
D5qkctC7VeiBPUK/qIP6+pNbOIIdJ3K6RyN7Q8Coa+pJG6wD9GZmZJTa0zmXAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUhVjBo8WNQ1pqjKFgRYfNvKua5jMwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjE0ODA5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAZ4tYMA0GCSqGSIb3DQEBCwUAA4IBAQBS52EYR1zN
L+J1dOshbTIRUt6oBVFPOoiGhmk2LJMuXsgSj7Lbjj5ZwLWNukmqG9wydeC4Saca
3EBEiUKMUvPq7XIYp4Q2MOnZ7Qs2/kfVgHmbbwcRRLFb+8vVt4Su70v6PKAMECsG
D56l9vKiNOEjhxlAwJm2bDotS6FJVgflz1Dpk9fE1/1xMHZ1gmL6t57405dlhELF
vc81Fr6Fly38khAkr7m6s2PP/w4AomhGfp7TU1kGqDcsMTl0qTAwbN8hb2VrXPF9
Hiljd/tgxR5qZFbOFVMlkatVRyLVUCYqOvcemSEBzXWtzVFKGP6s35G/Q2/3x94q
W9O18NA66yDE
-----END CERTIFICATE-----