Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS149020.roa
File:                     AS149020.roa (raw, json)
Hash identifier:          BEfY9cG8YxDoQ0P/OypnDjLuhwvQIXDFzt2kzraCWYo=
Subject key identifier:   12:D8:DE:B2:EC:F0:C8:48:EB:E8:9C:34:18:C7:B2:A3:1B:EE:50:26
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       74EEFE184D96945D9B3E9191B57911751DE1439C
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS149020.roa
Signing time:             Wed 24 Sep 2025 14:56:58 +0000
ROA not before:           Wed 24 Sep 2025 14:51:58 +0000
ROA not after:            Wed 23 Sep 2026 14:56:58 +0000
asID:                     149020
IP address blocks:        103.68.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:ee:fe:18:4d:96:94:5d:9b:3e:91:91:b5:79:11:75:1d:e1:43:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Sep 24 14:51:58 2025 GMT
            Not After : Sep 23 14:56:58 2026 GMT
        Subject: CN=12D8DEB2ECF0C848EBE89C3418C7B2A31BEE5026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ba:e4:bc:36:c9:dd:94:16:e8:9a:46:ea:86:
                    87:7f:6b:a4:5a:64:c2:3b:ab:76:da:9c:d4:41:5a:
                    6d:7c:82:dc:9f:75:36:f0:35:8e:da:fb:49:3c:02:
                    f7:53:71:fb:47:fd:57:da:55:cd:e9:c0:da:30:19:
                    30:0c:2b:8b:e7:c6:2b:d5:d6:ef:cf:b8:1a:cd:2c:
                    01:a3:20:8d:fb:1d:90:1e:45:78:e2:6b:2d:b8:7b:
                    4a:35:38:c6:e6:89:b7:e0:83:7d:93:95:dc:ff:f9:
                    9d:61:3b:f9:c7:4c:93:9c:e1:20:8c:5d:bb:29:4a:
                    80:0d:05:39:19:14:bf:b0:f4:c0:63:a3:a7:67:c9:
                    53:49:34:92:f6:ae:c9:20:00:1b:5c:13:af:ef:83:
                    85:eb:23:4e:09:93:a9:c8:97:62:fa:e5:69:2d:0d:
                    59:87:ff:f4:4a:82:c1:d1:7e:bb:8d:92:16:e7:b7:
                    83:b7:9a:7c:c2:69:48:fc:16:22:b7:72:9e:23:9c:
                    7b:fd:d5:8a:9d:ef:e4:f2:e9:ce:48:fd:28:bf:a1:
                    30:52:50:43:73:7b:0a:84:b7:a0:35:49:8a:fb:64:
                    4b:86:d2:be:7a:06:3d:d1:e0:da:7c:45:17:f2:68:
                    e6:f7:5c:8d:9c:de:90:05:5f:b6:30:2b:f8:1a:fb:
                    39:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:D8:DE:B2:EC:F0:C8:48:EB:E8:9C:34:18:C7:B2:A3:1B:EE:50:26
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS149020.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.68.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:2b:f2:52:d6:6c:4b:6b:b5:41:76:67:e1:f2:d4:af:81:ea:
         5f:45:4e:81:a3:fe:76:4c:4a:91:e5:40:14:f6:c5:8e:ce:f9:
         d2:0c:1a:17:b0:58:ad:a0:4b:2c:e4:f0:aa:a7:c3:41:65:f5:
         7c:20:96:2d:01:77:fc:52:a9:ca:1e:c2:fe:6a:7a:b2:0c:3d:
         39:0a:46:56:ba:33:57:fc:f7:c2:d8:a9:08:5b:ef:6f:6a:da:
         24:38:04:3e:ad:94:0d:35:b6:e1:48:0b:15:0a:c7:b9:74:b8:
         16:57:27:1a:a0:87:9a:74:95:eb:10:21:c1:9c:52:55:d8:f4:
         ec:fc:1d:13:3e:97:96:26:64:e7:56:18:52:ba:f6:71:93:01:
         c0:20:d2:c0:c7:72:4d:c9:0a:40:d2:db:c6:99:75:bf:cc:ff:
         a7:a3:05:04:94:3b:08:fc:7f:f9:38:b3:d4:e0:48:25:11:df:
         78:d9:54:13:60:2a:22:6d:61:22:b3:6d:4d:37:2a:34:a2:39:
         c5:0e:fa:7c:17:96:27:4d:ca:5e:b2:e7:65:74:4c:e0:01:9c:
         ae:1f:9e:7e:d5:dd:ea:ce:f3:49:c7:4f:2a:83:9f:4e:9f:0e:
         ab:16:0e:52:49:4c:d5:97:55:fb:cd:33:9a:af:0f:82:b9:46:
         ed:16:5b:b6
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUdO7+GE2WlF2bPpGRtXkRdR3hQ5wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA5MjQxNDUxNThaFw0yNjA5MjMxNDU2NThaMDMxMTAvBgNV
BAMTKDEyRDhERUIyRUNGMEM4NDhFQkU4OUMzNDE4QzdCMkEzMUJFRTUwMjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJuuS8NsndlBbomkbqhod/a6Ra
ZMI7q3banNRBWm18gtyfdTbwNY7a+0k8AvdTcftH/VfaVc3pwNowGTAMK4vnxivV
1u/PuBrNLAGjII37HZAeRXjiay24e0o1OMbmibfgg32Tldz/+Z1hO/nHTJOc4SCM
XbspSoANBTkZFL+w9MBjo6dnyVNJNJL2rskgABtcE6/vg4XrI04Jk6nIl2L65Wkt
DVmH//RKgsHRfruNkhbnt4O3mnzCaUj8FiK3cp4jnHv91Yqd7+Ty6c5I/Si/oTBS
UENzewqEt6A1SYr7ZEuG0r56Bj3R4Np8RRfyaOb3XI2c3pAFX7YwK/ga+zkTAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUEtjesuzwyEjr6Jw0GMeyoxvuUCYwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTQ5MDIwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAZ0RsMA0GCSqGSIb3DQEBCwUAA4IBAQA4K/JS1mxL
a7VBdmfh8tSvgepfRU6Bo/52TEqR5UAU9sWOzvnSDBoXsFitoEss5PCqp8NBZfV8
IJYtAXf8UqnKHsL+anqyDD05CkZWujNX/PfC2KkIW+9vatokOAQ+rZQNNbbhSAsV
Cse5dLgWVycaoIeadJXrECHBnFJV2PTs/B0TPpeWJmTnVhhSuvZxkwHAINLAx3JN
yQpA0tvGmXW/zP+nowUElDsI/H/5OLPU4EglEd942VQTYCoibWEis21NNyo0ojnF
Dvp8F5YnTcpesudldEzgAZyuH55+1d3qzvNJx08qg59Onw6rFg5SSUzVl1X7zTOa
rw+CuUbtFlu2
-----END CERTIFICATE-----