Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199414.roa
File:                     AS199414.roa (raw, json)
Hash identifier:          YjYHl8DPwxdmd9XRmDZo6dxyfN/JFIjAvpEbouM7A6s=
Subject key identifier:   98:DA:6D:0B:DF:34:7F:95:71:6A:73:5E:5A:6A:89:5F:17:C2:74:33
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       28151F1F56DA55E5E1E538C97CEC7477556A28AA
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199414.roa
Signing time:             Thu 03 Jul 2025 15:52:21 +0000
ROA not before:           Thu 03 Jul 2025 15:47:21 +0000
ROA not after:            Thu 02 Jul 2026 15:52:21 +0000
asID:                     199414
IP address blocks:        118.91.185.0/24 maxlen: 24
                          206.53.0.0/24 maxlen: 24
                          206.245.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:15:1f:1f:56:da:55:e5:e1:e5:38:c9:7c:ec:74:77:55:6a:28:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:21 2025 GMT
            Not After : Jul  2 15:52:21 2026 GMT
        Subject: CN=98DA6D0BDF347F95716A735E5A6A895F17C27433
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a9:f1:da:8e:1f:39:9e:be:fb:46:b6:3f:42:
                    97:8b:34:24:a5:ac:a2:f5:60:48:5f:a1:6b:eb:91:
                    f0:d5:91:86:9a:d1:2f:c7:ac:57:77:d6:7b:be:02:
                    13:28:b5:46:25:96:ab:1f:1d:47:95:10:f8:b2:7e:
                    ec:90:ef:67:70:c4:6a:6c:37:9d:ff:03:c7:dd:83:
                    59:6f:84:4f:c9:44:dc:e4:cd:28:f3:5f:d9:6f:b3:
                    54:cf:97:42:62:b4:76:87:d1:10:81:c0:75:c3:5e:
                    60:49:97:3d:ae:cb:c5:f4:72:76:9d:3c:3a:06:71:
                    00:5e:dc:ed:6c:99:34:14:52:8e:7d:1c:4d:ba:89:
                    fc:1d:c0:93:0b:81:09:17:1c:ed:d0:f0:58:1a:25:
                    df:f8:d8:fe:fe:7e:99:c9:8a:4d:63:4e:c6:b5:d4:
                    0b:95:e8:87:78:25:1e:4c:2d:35:f9:36:47:13:3f:
                    fb:a9:d0:f5:55:a6:f0:75:26:da:06:c3:e8:b4:26:
                    de:0b:d9:ed:02:e5:53:2d:2e:fb:a2:10:f8:fd:ba:
                    e6:be:7b:23:90:76:cd:85:31:d7:78:d8:74:15:a4:
                    be:5e:0e:79:bd:d4:b9:d4:cd:ea:ea:6a:d3:0d:c8:
                    28:d6:ea:5c:45:e6:3d:22:d4:12:b5:a2:b8:a5:bb:
                    a0:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:DA:6D:0B:DF:34:7F:95:71:6A:73:5E:5A:6A:89:5F:17:C2:74:33
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199414.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  118.91.185.0/24
                  206.53.0.0/24
                  206.245.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:91:b0:82:a3:c1:31:8a:55:51:2e:d1:ae:20:d8:9d:bb:fa:
         dd:4e:a8:c6:69:c4:22:68:ac:c6:57:c0:7b:86:38:1b:d6:3d:
         3f:d6:e7:0c:9f:51:c2:64:36:c6:70:f1:b0:18:55:5b:37:cd:
         e7:df:8b:74:09:8c:68:5a:b9:0d:b3:0c:4a:cb:e8:18:60:30:
         49:8a:56:2f:9e:af:04:67:c5:a2:bb:75:b0:c1:57:55:8d:59:
         e9:7c:68:15:cf:49:15:bd:d5:6e:38:3b:2b:1b:21:7f:52:81:
         c1:84:af:5d:97:12:4d:70:50:3c:7b:5c:3a:0a:15:0b:de:77:
         01:b7:a8:f5:f4:12:c5:ea:24:c6:32:0c:af:54:83:ef:cf:c5:
         46:14:03:84:18:20:13:64:bf:55:7d:e3:f7:e6:94:41:af:f9:
         6f:9e:88:c3:7e:df:ff:77:48:f0:7b:5c:4e:16:15:b2:df:16:
         8e:a9:80:96:60:93:c7:1f:17:e8:3d:c5:dd:71:40:65:db:08:
         dc:8d:bc:4a:08:62:9c:3d:d6:b2:ce:de:4e:2b:3c:02:ab:bd:
         0f:6a:ff:06:34:dd:79:87:d8:f7:50:6e:96:c8:1a:df:d8:70:
         6a:57:63:ba:ec:3b:fc:0a:53:16:37:e4:56:68:01:b3:d8:eb:
         83:55:3d:2c
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUKBUfH1baVeXh5TjJfOx0d1VqKKowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MjFaFw0yNjA3MDIxNTUyMjFaMDMxMTAvBgNV
BAMTKDk4REE2RDBCREYzNDdGOTU3MTZBNzM1RTVBNkE4OTVGMTdDMjc0MzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcqfHajh85nr77RrY/QpeLNCSl
rKL1YEhfoWvrkfDVkYaa0S/HrFd31nu+AhMotUYllqsfHUeVEPiyfuyQ72dwxGps
N53/A8fdg1lvhE/JRNzkzSjzX9lvs1TPl0JitHaH0RCBwHXDXmBJlz2uy8X0cnad
PDoGcQBe3O1smTQUUo59HE26ifwdwJMLgQkXHO3Q8FgaJd/42P7+fpnJik1jTsa1
1AuV6Id4JR5MLTX5NkcTP/up0PVVpvB1JtoGw+i0Jt4L2e0C5VMtLvuiEPj9uua+
eyOQds2FMdd42HQVpL5eDnm91LnUzerqatMNyCjW6lxF5j0i1BK1orilu6AlAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUmNptC980f5VxanNeWmqJXxfCdDMwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTk5NDE0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAATASAwQAdlu5AwQAzjUAAwQAzvWmMA0GCSqGSIb3DQEBCwUA
A4IBAQAAkbCCo8ExilVRLtGuINidu/rdTqjGacQiaKzGV8B7hjgb1j0/1ucMn1HC
ZDbGcPGwGFVbN83n34t0CYxoWrkNswxKy+gYYDBJilYvnq8EZ8Wiu3WwwVdVjVnp
fGgVz0kVvdVuODsrGyF/UoHBhK9dlxJNcFA8e1w6ChUL3ncBt6j19BLF6iTGMgyv
VIPvz8VGFAOEGCATZL9VfeP35pRBr/lvnojDft//d0jwe1xOFhWy3xaOqYCWYJPH
HxfoPcXdcUBl2wjcjbxKCGKcPdayzt5OKzwCq70Pav8GNN15h9j3UG6WyBrf2HBq
V2O67Dv8ClMWN+RWaAGz2OuDVT0s
-----END CERTIFICATE-----