Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS50917.roa
File:                     AS50917.roa (raw, json)
Hash identifier:          O7q+6/u1IlHGRLE6eBPKUSWy2JK0pLqcHAahkVpUOT8=
Subject key identifier:   D2:21:CD:C9:9B:0C:B3:97:F6:92:31:F0:17:72:11:9C:BB:2F:01:AB
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       51CA7595B6040BE4CE9900149429C74E7BC68E96
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS50917.roa
Signing time:             Mon 30 Jun 2025 19:52:44 +0000
ROA not before:           Mon 30 Jun 2025 19:47:44 +0000
ROA not after:            Mon 29 Jun 2026 19:52:44 +0000
asID:                     50917
IP address blocks:        103.141.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 00:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:ca:75:95:b6:04:0b:e4:ce:99:00:14:94:29:c7:4e:7b:c6:8e:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jun 30 19:47:44 2025 GMT
            Not After : Jun 29 19:52:44 2026 GMT
        Subject: CN=D221CDC99B0CB397F69231F01772119CBB2F01AB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:20:e0:49:7f:6d:ed:c0:8f:04:a4:30:64:eb:
                    ae:87:5c:4f:3d:af:c9:87:25:e5:75:0a:2f:95:16:
                    fd:55:ff:92:ea:e3:95:a3:a9:ef:de:8d:e4:5e:eb:
                    ce:8f:21:b0:26:fc:25:6b:02:30:09:af:b0:fa:03:
                    42:d5:ee:c5:71:98:56:29:0d:be:fa:3f:dd:1d:0a:
                    a7:0d:f9:68:ad:05:c4:fb:6c:ee:69:ba:fa:ad:1d:
                    12:81:6b:0d:e5:1d:74:d3:4a:c9:db:2c:82:ab:e9:
                    ba:e7:d5:83:ca:2b:1e:f5:49:21:cc:83:34:6c:16:
                    24:bc:95:c9:bd:56:9c:81:80:b0:cf:d0:3a:38:9d:
                    c7:d2:80:5b:81:b3:26:01:98:af:ee:69:55:35:ce:
                    c8:e0:d0:5e:f8:36:ef:82:b5:76:28:1a:46:c5:a0:
                    37:30:11:88:8c:34:6b:de:78:a3:a9:75:9e:eb:c3:
                    10:73:6c:be:6e:06:5a:7b:55:8c:46:38:a5:50:13:
                    b6:1f:42:c4:f5:19:ba:91:3c:47:38:56:d1:dd:a6:
                    5f:ea:56:09:b7:77:27:6b:77:63:cf:4b:6d:c0:14:
                    af:a3:be:46:1b:29:f0:30:67:dd:a5:0e:f4:90:18:
                    11:42:f0:05:8a:7f:c7:2a:8a:2c:ac:45:3c:30:df:
                    ab:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:21:CD:C9:9B:0C:B3:97:F6:92:31:F0:17:72:11:9C:BB:2F:01:AB
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS50917.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.141.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:7c:b4:ca:15:0a:46:0a:bc:3c:1d:65:d7:fb:1b:e4:0a:78:
         96:ae:26:04:fa:52:ff:bd:3a:98:19:5b:26:97:36:62:33:43:
         19:6a:24:f1:ad:d4:5c:4b:25:0c:1b:27:01:d4:e3:5f:f2:5c:
         63:72:5d:19:e8:02:0c:3c:6a:ea:89:c4:25:18:c7:4e:03:01:
         01:9e:92:93:6c:67:19:63:4c:3e:03:8a:47:ec:64:42:77:c7:
         3e:37:dd:a6:52:85:31:8a:94:e3:9b:45:92:f4:2d:e2:44:84:
         a6:31:47:00:00:a3:a5:a8:07:4d:4c:be:ed:fa:7d:83:e0:f8:
         6d:99:71:ad:9f:6e:13:4f:3e:e8:a9:6a:64:1c:b1:dc:23:be:
         a5:6c:60:40:d4:5d:da:d1:51:15:79:b2:7c:db:b6:04:18:33:
         24:33:46:22:47:d7:0e:f0:94:71:b1:63:2d:3d:62:ba:d0:14:
         c7:4f:99:8d:d7:11:0a:0d:97:4c:3a:a7:13:12:bc:65:28:0b:
         5b:0d:ad:37:fc:a8:8d:dd:51:5b:5b:f9:c4:68:1b:2f:4f:a9:
         70:84:40:3a:26:89:3c:cf:81:15:93:d8:69:a7:5e:04:30:34:
         28:0d:85:92:6d:39:49:9b:2c:7c:8c:e6:b1:a3:8e:53:0f:0d:
         f2:fa:8f:60
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUUcp1lbYEC+TOmQAUlCnHTnvGjpYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNTA2MzAxOTQ3NDRaFw0yNjA2MjkxOTUyNDRaMDMxMTAvBgNV
BAMTKEQyMjFDREM5OUIwQ0IzOTdGNjkyMzFGMDE3NzIxMTlDQkIyRjAxQUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0IOBJf23twI8EpDBk666HXE89
r8mHJeV1Ci+VFv1V/5Lq45Wjqe/ejeRe686PIbAm/CVrAjAJr7D6A0LV7sVxmFYp
Db76P90dCqcN+WitBcT7bO5puvqtHRKBaw3lHXTTSsnbLIKr6brn1YPKKx71SSHM
gzRsFiS8lcm9VpyBgLDP0Do4ncfSgFuBsyYBmK/uaVU1zsjg0F74Nu+CtXYoGkbF
oDcwEYiMNGveeKOpdZ7rwxBzbL5uBlp7VYxGOKVQE7YfQsT1GbqRPEc4VtHdpl/q
Vgm3dydrd2PPS23AFK+jvkYbKfAwZ92lDvSQGBFC8AWKf8cqiiysRTww36t3AgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQU0iHNyZsMs5f2kjHwF3IRnLsvAaswHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
NTA5MTcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBABnjQwwDQYJKoZIhvcNAQELBQADggEBALd8tMoVCkYK
vDwdZdf7G+QKeJauJgT6Uv+9OpgZWyaXNmIzQxlqJPGt1FxLJQwbJwHU41/yXGNy
XRnoAgw8auqJxCUYx04DAQGekpNsZxljTD4DikfsZEJ3xz433aZShTGKlOObRZL0
LeJEhKYxRwAAo6WoB01Mvu36fYPg+G2Zca2fbhNPPuipamQcsdwjvqVsYEDUXdrR
URV5snzbtgQYMyQzRiJH1w7wlHGxYy09YrrQFMdPmY3XEQoNl0w6pxMSvGUoC1sN
rTf8qI3dUVtb+cRoGy9PqXCEQDomiTzPgRWT2GmnXgQwNCgNhZJtOUmbLHyM5rGj
jlMPDfL6j2A=
-----END CERTIFICATE-----