Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS197569.roa
File:                     AS197569.roa (raw, json)
Hash identifier:          aSCN2w6KqxS4/xcP/qj/LEr71C1MzKfYNyV+fJIXs0M=
Subject key identifier:   09:5F:89:7D:11:4D:56:C3:20:37:90:E7:E9:43:87:98:88:97:27:AD
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       10F95512503F2D6873346D8376A41A6F5F0CDEB6
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS197569.roa
Signing time:             Wed 13 May 2026 09:48:50 +0000
ROA not before:           Wed 13 May 2026 09:43:50 +0000
ROA not after:            Wed 12 May 2027 09:48:50 +0000
asID:                     197569
IP address blocks:        167.104.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 18 May 2026 05:04:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:f9:55:12:50:3f:2d:68:73:34:6d:83:76:a4:1a:6f:5f:0c:de:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: May 13 09:43:50 2026 GMT
            Not After : May 12 09:48:50 2027 GMT
        Subject: CN=095F897D114D56C3203790E7E9438798889727AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:8b:6c:15:cc:e6:2e:16:55:30:a0:88:89:32:
                    a3:03:b2:c0:45:15:38:eb:b8:82:b8:cb:61:18:6a:
                    45:ad:00:58:72:a1:f0:9c:b0:de:3b:63:79:59:08:
                    0b:41:0e:46:c7:e5:2c:50:36:48:b2:7b:12:cc:04:
                    31:1b:3b:cf:5f:97:db:f5:f3:07:02:40:4f:77:97:
                    6b:6b:b2:44:ba:22:21:8c:21:31:07:5c:f6:b8:c0:
                    2b:65:49:f5:2d:56:1a:20:1b:97:93:c8:1a:37:cb:
                    91:1f:04:16:5b:33:0d:5e:19:74:3a:6e:cd:17:b2:
                    a0:6e:f9:8a:c3:03:99:6d:eb:c9:2e:c3:15:20:73:
                    87:e1:94:c0:70:bf:1a:ea:92:b8:de:25:e4:61:a6:
                    6a:39:e3:5c:26:75:4a:a0:4a:72:fa:c4:0f:65:8d:
                    a9:86:a9:6d:3b:18:b2:16:7e:07:2f:a9:b8:19:b0:
                    4d:d2:e1:38:36:37:8c:55:73:95:8e:bf:df:bf:87:
                    82:24:97:77:21:6a:f0:2e:d0:4e:76:e7:24:b5:0d:
                    7b:4a:60:2c:a1:bf:a8:e5:bd:32:24:4e:7a:be:c5:
                    df:ae:f8:16:45:66:4d:51:d4:71:29:d8:59:5f:19:
                    50:39:11:57:2b:fa:d4:0b:06:e5:7c:79:f0:62:95:
                    08:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:5F:89:7D:11:4D:56:C3:20:37:90:E7:E9:43:87:98:88:97:27:AD
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS197569.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.104.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:aa:9e:a4:c7:9b:bc:bf:5b:b1:18:1f:54:91:2a:74:4f:e7:
         33:54:26:9a:87:a8:53:33:d4:78:54:e9:b8:e1:70:47:89:29:
         d0:36:7f:b4:94:6e:55:7b:22:3c:fc:b1:ec:06:e0:d2:bd:9d:
         c9:83:92:32:c7:4c:a0:cc:91:55:4e:4d:3d:96:5b:70:ef:89:
         0f:f9:18:32:06:b1:df:9d:4c:93:93:53:76:a4:96:80:bf:5d:
         56:57:70:44:8f:bd:7f:e0:7a:d5:cc:cc:44:58:95:78:89:ff:
         54:45:b5:13:49:59:8c:e4:17:b5:ae:c7:35:df:e6:da:5e:93:
         48:6a:0f:68:66:1e:ee:8e:d9:71:64:e9:93:3a:f2:c5:ce:ff:
         7a:c3:72:e1:ba:ce:e7:41:8d:c3:f1:fb:04:d2:31:43:73:27:
         74:68:29:e8:56:db:47:52:a6:05:00:2f:10:94:38:52:c0:53:
         b9:1e:14:aa:a7:ec:77:2a:99:8d:a8:7b:c3:53:b7:ed:61:59:
         7c:45:31:c5:b1:76:0a:2d:33:35:21:d4:ff:2b:e3:99:2a:76:
         54:a5:94:32:43:dd:0e:6e:02:43:8d:29:30:c1:d6:42:3b:31:
         10:69:4a:00:a5:ae:c5:b1:33:47:a5:f6:90:26:04:e5:28:72:
         58:92:da:79
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUEPlVElA/LWhzNG2DdqQab18M3rYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA1MTMwOTQzNTBaFw0yNzA1MTIwOTQ4NTBaMDMxMTAvBgNV
BAMTKDA5NUY4OTdEMTE0RDU2QzMyMDM3OTBFN0U5NDM4Nzk4ODg5NzI3QUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2i2wVzOYuFlUwoIiJMqMDssBF
FTjruIK4y2EYakWtAFhyofCcsN47Y3lZCAtBDkbH5SxQNkiyexLMBDEbO89fl9v1
8wcCQE93l2trskS6IiGMITEHXPa4wCtlSfUtVhogG5eTyBo3y5EfBBZbMw1eGXQ6
bs0XsqBu+YrDA5lt68kuwxUgc4fhlMBwvxrqkrjeJeRhpmo541wmdUqgSnL6xA9l
jamGqW07GLIWfgcvqbgZsE3S4Tg2N4xVc5WOv9+/h4Ikl3chavAu0E525yS1DXtK
YCyhv6jlvTIkTnq+xd+u+BZFZk1R1HEp2FlfGVA5EVcr+tQLBuV8efBilQjzAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUCV+JfRFNVsMgN5Dn6UOHmIiXJ60wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTk3NTY5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAp2jdMA0GCSqGSIb3DQEBCwUAA4IBAQCJqp6kx5u8
v1uxGB9UkSp0T+czVCaah6hTM9R4VOm44XBHiSnQNn+0lG5VeyI8/LHsBuDSvZ3J
g5Iyx0ygzJFVTk09lltw74kP+RgyBrHfnUyTk1N2pJaAv11WV3BEj71/4HrVzMxE
WJV4if9URbUTSVmM5Be1rsc13+baXpNIag9oZh7ujtlxZOmTOvLFzv96w3Lhus7n
QY3D8fsE0jFDcyd0aCnoVttHUqYFAC8QlDhSwFO5HhSqp+x3KpmNqHvDU7ftYVl8
RTHFsXYKLTM1IdT/K+OZKnZUpZQyQ90ObgJDjSkwwdZCOzEQaUoApa7FsTNHpfaQ
JgTlKHJYktp5
-----END CERTIFICATE-----