Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS150623.roa
File:                     AS150623.roa (raw, json)
Hash identifier:          AxlzAHNf3xGJTdbqkgMaBafINfLJU4/Ymc4J7sPwxhw=
Subject key identifier:   20:63:5A:0B:DD:83:FA:DF:9D:01:3B:B8:DF:DC:74:C9:83:97:BB:0D
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       542D987CFEEA737DEE9172205A9244B54D83764C
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS150623.roa
Signing time:             Thu 03 Jul 2025 15:51:20 +0000
ROA not before:           Thu 03 Jul 2025 15:46:20 +0000
ROA not after:            Thu 02 Jul 2026 15:51:20 +0000
asID:                     150623
IP address blocks:        81.31.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:2d:98:7c:fe:ea:73:7d:ee:91:72:20:5a:92:44:b5:4d:83:76:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:20 2025 GMT
            Not After : Jul  2 15:51:20 2026 GMT
        Subject: CN=20635A0BDD83FADF9D013BB8DFDC74C98397BB0D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:5a:fa:20:fb:ea:79:8a:ee:3d:52:94:46:25:
                    38:89:ec:81:8b:0b:a4:20:b5:59:11:c0:de:82:e5:
                    8e:ac:6c:12:a2:c5:50:ea:65:88:87:c3:6c:d4:18:
                    ed:f2:40:82:22:ba:b0:7d:17:94:1d:55:e4:c2:3f:
                    29:4f:22:74:83:b9:80:76:d5:a6:8e:fa:ba:11:2d:
                    48:4e:5e:88:85:df:59:98:0f:e6:a6:59:f5:f3:c5:
                    1b:c5:e4:d7:64:26:6a:6e:6d:51:ab:96:5c:c2:56:
                    63:be:8c:e9:94:ab:d7:05:e1:9a:53:22:4e:42:ad:
                    90:28:6d:4d:04:3a:9f:0d:3d:19:42:ab:8b:74:f1:
                    25:c4:5b:27:b5:29:ff:58:04:f7:03:d5:3d:53:64:
                    28:72:ff:a2:d8:93:bd:11:36:42:51:91:c1:03:64:
                    a7:a5:e5:ee:f7:91:61:4c:3e:e7:c6:a0:24:ef:35:
                    7c:66:c8:3e:29:df:84:26:17:45:0b:d9:03:11:68:
                    86:fb:79:fd:42:dd:5c:83:8d:74:8c:5e:48:de:b7:
                    eb:d1:a7:45:d6:f9:a9:dc:a0:fc:62:fc:fd:8a:e1:
                    51:38:70:11:4c:5e:bb:62:a5:98:aa:c7:9b:c4:b6:
                    3c:71:c4:25:b2:ba:5b:5d:60:48:2b:a0:6e:46:6a:
                    67:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:63:5A:0B:DD:83:FA:DF:9D:01:3B:B8:DF:DC:74:C9:83:97:BB:0D
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS150623.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:44:46:9a:9c:a3:53:48:ab:d0:f8:bb:01:90:9f:11:ce:88:
         4b:c7:1d:cd:e0:eb:9f:94:59:55:76:a8:c5:46:bf:83:11:17:
         52:c8:d9:f6:12:16:b7:3c:55:ae:64:2e:98:47:69:c7:03:bf:
         4e:e3:4a:6d:fa:77:3a:77:2c:9f:7b:28:1e:3f:2c:a2:2b:9b:
         a0:c7:3b:9a:c5:ac:52:bc:b8:5a:33:94:d4:13:4c:cc:af:2f:
         b5:8a:71:d9:06:6e:ce:77:ca:6c:1d:1d:4c:ea:22:e1:ab:c4:
         b2:63:5d:af:65:75:ad:e2:58:84:43:74:f6:17:a9:42:26:ae:
         11:a6:fb:af:aa:ed:3e:8d:e9:8d:13:52:31:9f:0b:87:3c:d2:
         7c:19:9e:da:49:f8:07:23:c2:a6:4c:3c:dd:d6:71:05:e1:1f:
         d6:05:df:0a:fb:90:c5:5f:7d:c8:cb:4e:2c:0c:52:a5:f0:15:
         57:84:84:08:2a:08:10:94:80:b2:3b:77:c1:4d:e9:49:38:68:
         93:ff:34:83:9d:ae:22:a3:42:06:03:e4:e5:66:da:29:92:91:
         d6:82:f8:25:d8:33:bb:af:21:9f:d4:43:f0:10:d1:5a:2d:8e:
         33:ee:6e:8e:3a:ee:09:e0:2f:56:36:05:5a:f7:17:7e:58:ab:
         c9:5f:9b:9c
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUVC2YfP7qc33ukXIgWpJEtU2DdkwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MjBaFw0yNjA3MDIxNTUxMjBaMDMxMTAvBgNV
BAMTKDIwNjM1QTBCREQ4M0ZBREY5RDAxM0JCOERGREM3NEM5ODM5N0JCMEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Wvog++p5iu49UpRGJTiJ7IGL
C6QgtVkRwN6C5Y6sbBKixVDqZYiHw2zUGO3yQIIiurB9F5QdVeTCPylPInSDuYB2
1aaO+roRLUhOXoiF31mYD+amWfXzxRvF5NdkJmpubVGrllzCVmO+jOmUq9cF4ZpT
Ik5CrZAobU0EOp8NPRlCq4t08SXEWye1Kf9YBPcD1T1TZChy/6LYk70RNkJRkcED
ZKel5e73kWFMPufGoCTvNXxmyD4p34QmF0UL2QMRaIb7ef1C3VyDjXSMXkjet+vR
p0XW+ancoPxi/P2K4VE4cBFMXrtipZiqx5vEtjxxxCWyultdYEgroG5GamfNAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUIGNaC92D+t+dATu439x0yYOXuw0wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTUwNjIzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAUR/QMA0GCSqGSIb3DQEBCwUAA4IBAQCjREaanKNT
SKvQ+LsBkJ8RzohLxx3N4OuflFlVdqjFRr+DERdSyNn2Eha3PFWuZC6YR2nHA79O
40pt+nc6dyyfeygePyyiK5ugxzuaxaxSvLhaM5TUE0zMry+1inHZBm7Od8psHR1M
6iLhq8SyY12vZXWt4liEQ3T2F6lCJq4Rpvuvqu0+jemNE1IxnwuHPNJ8GZ7aSfgH
I8KmTDzd1nEF4R/WBd8K+5DFX33Iy04sDFKl8BVXhIQIKggQlICyO3fBTelJOGiT
/zSDna4io0IGA+TlZtopkpHWgvgl2DO7ryGf1EPwENFaLY4z7m6OOu4J4C9WNgVa
9xd+WKvJX5uc
-----END CERTIFICATE-----