Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS198125.roa
File:                     AS198125.roa (raw, json)
Hash identifier:          diXAUHnAQCAxxvODBm4qVqKfYBZgltV2KLLUBiP9LSM=
Subject key identifier:   A1:C5:DF:46:F4:0D:06:9A:3A:B2:0F:0E:E3:E7:0A:33:50:5B:94:60
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       7A76097088AC6E844E620F476BE351A67DE9A640
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS198125.roa
Signing time:             Thu 03 Jul 2025 15:51:56 +0000
ROA not before:           Thu 03 Jul 2025 15:46:56 +0000
ROA not after:            Thu 02 Jul 2026 15:51:56 +0000
asID:                     198125
IP address blocks:        27.0.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:76:09:70:88:ac:6e:84:4e:62:0f:47:6b:e3:51:a6:7d:e9:a6:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:56 2025 GMT
            Not After : Jul  2 15:51:56 2026 GMT
        Subject: CN=A1C5DF46F40D069A3AB20F0EE3E70A33505B9460
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2f:1d:ce:37:44:40:62:d4:8e:95:b6:cc:b6:
                    4c:e1:28:20:15:bc:ee:ff:9a:b9:1f:8d:36:31:00:
                    9d:82:f3:1c:8c:e9:8c:5b:c9:d4:4a:41:40:44:96:
                    5f:be:64:37:05:47:38:58:09:46:99:2a:d6:b1:9b:
                    7d:7d:76:18:d6:fd:d1:e7:7a:f0:cd:13:18:e8:7e:
                    62:b0:2a:df:60:3b:bc:86:29:a9:d7:2b:39:0a:c1:
                    c6:ae:52:3f:e2:7f:14:d0:b4:b7:41:7f:e2:3e:e2:
                    f6:54:63:37:99:69:5a:49:78:93:c9:76:6d:a9:fd:
                    2b:13:60:59:93:08:f8:10:c1:1c:58:9b:e1:4c:24:
                    22:88:e8:2f:57:30:f1:9b:61:5e:1b:02:1c:28:63:
                    66:ff:f0:17:05:60:4b:b6:08:7c:75:65:fa:6b:c2:
                    55:25:23:3d:e5:69:66:c3:1a:d0:25:6a:f2:2f:90:
                    20:05:b4:8b:af:42:d8:5a:e4:cc:f7:6a:4a:d7:97:
                    e4:4b:80:2e:6e:1f:3e:7a:af:82:b8:e5:c7:e3:64:
                    d2:cf:52:be:b1:c7:9e:33:96:53:96:46:84:7e:59:
                    32:6a:d9:b3:f8:80:c3:1f:ee:24:d4:ed:50:b9:82:
                    5d:86:6a:a5:34:2f:b7:5b:5c:a4:8d:ef:c5:3c:aa:
                    b0:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:C5:DF:46:F4:0D:06:9A:3A:B2:0F:0E:E3:E7:0A:33:50:5B:94:60
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS198125.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.0.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:14:5d:44:dc:37:74:08:cc:66:d7:64:a5:52:ac:c8:de:95:
         64:4e:b6:b9:e1:01:de:07:0b:cb:cf:db:8c:6d:f1:6a:ff:29:
         13:91:c5:64:cf:0f:cb:95:4c:ce:1b:bc:8d:7d:e8:6b:9e:00:
         41:e7:9e:a0:52:bf:66:b1:1c:ce:c7:a3:6f:ca:9a:69:ed:fc:
         3c:61:5f:42:2d:72:53:8c:83:af:04:7d:80:7b:91:2d:ef:33:
         d5:18:a8:ed:23:9c:28:15:09:aa:c5:e1:52:70:09:26:0f:32:
         72:b5:5d:5b:1c:26:85:a5:19:81:95:2d:37:75:05:41:88:e7:
         1b:2b:0e:b5:bc:4a:d0:f5:f5:04:78:97:73:b0:32:2d:cd:7a:
         69:bc:09:37:da:07:8c:32:1f:74:9d:7d:99:eb:67:4b:19:e2:
         27:6f:b7:b4:21:94:e4:27:df:20:9b:b1:ad:6c:2f:50:1b:91:
         c3:92:44:b8:05:e5:f6:5c:69:31:35:3a:c7:b5:82:ca:c4:de:
         e9:60:b9:27:6f:58:42:ab:f2:f2:c9:f3:5f:21:9d:48:b5:59:
         e3:60:06:cd:c0:36:ad:9a:49:11:98:5e:ce:17:09:f3:8a:d2:
         39:7c:b9:53:31:11:d7:56:9f:19:10:c8:6c:42:0e:9f:f0:70:
         60:04:03:71
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUenYJcIisboROYg9Ha+NRpn3ppkAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2NTZaFw0yNjA3MDIxNTUxNTZaMDMxMTAvBgNV
BAMTKEExQzVERjQ2RjQwRDA2OUEzQUIyMEYwRUUzRTcwQTMzNTA1Qjk0NjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqLx3ON0RAYtSOlbbMtkzhKCAV
vO7/mrkfjTYxAJ2C8xyM6YxbydRKQUBEll++ZDcFRzhYCUaZKtaxm319dhjW/dHn
evDNExjofmKwKt9gO7yGKanXKzkKwcauUj/ifxTQtLdBf+I+4vZUYzeZaVpJeJPJ
dm2p/SsTYFmTCPgQwRxYm+FMJCKI6C9XMPGbYV4bAhwoY2b/8BcFYEu2CHx1Zfpr
wlUlIz3laWbDGtAlavIvkCAFtIuvQtha5Mz3akrXl+RLgC5uHz56r4K45cfjZNLP
Ur6xx54zllOWRoR+WTJq2bP4gMMf7iTU7VC5gl2GaqU0L7dbXKSN78U8qrDLAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUocXfRvQNBpo6sg8O4+cKM1BblGAwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTk4MTI1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAGwDpMA0GCSqGSIb3DQEBCwUAA4IBAQCQFF1E3Dd0
CMxm12SlUqzI3pVkTra54QHeBwvLz9uMbfFq/ykTkcVkzw/LlUzOG7yNfehrngBB
556gUr9msRzOx6Nvyppp7fw8YV9CLXJTjIOvBH2Ae5Et7zPVGKjtI5woFQmqxeFS
cAkmDzJytV1bHCaFpRmBlS03dQVBiOcbKw61vErQ9fUEeJdzsDItzXppvAk32geM
Mh90nX2Z62dLGeInb7e0IZTkJ98gm7GtbC9QG5HDkkS4BeX2XGkxNTrHtYLKxN7p
YLknb1hCq/LyyfNfIZ1ItVnjYAbNwDatmkkRmF7OFwnzitI5fLlTMRHXVp8ZEMhs
Qg6f8HBgBANx
-----END CERTIFICATE-----