Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199959.roa
File:                     AS199959.roa (raw, json)
Hash identifier:          hDaNasT7GzDz/hVRPvVNY25op6Hd2UnVzm6aOQ0XH9s=
Subject key identifier:   86:9D:ED:B6:A9:0B:44:85:F4:DF:07:FB:83:45:B7:75:03:D4:17:2E
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       15064BEBB1786D262AF7F16CA842EACD8E1469FD
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199959.roa
Signing time:             Thu 03 Jul 2025 15:52:21 +0000
ROA not before:           Thu 03 Jul 2025 15:47:21 +0000
ROA not after:            Thu 02 Jul 2026 15:52:21 +0000
asID:                     199959
IP address blocks:        185.121.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:06:4b:eb:b1:78:6d:26:2a:f7:f1:6c:a8:42:ea:cd:8e:14:69:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:21 2025 GMT
            Not After : Jul  2 15:52:21 2026 GMT
        Subject: CN=869DEDB6A90B4485F4DF07FB8345B77503D4172E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:bc:a3:bd:1f:fa:02:e1:9d:d9:0b:91:82:e1:
                    47:2b:19:b8:3e:1f:cd:e7:a8:92:5a:a8:8e:64:b3:
                    09:7a:41:79:ac:c9:6f:5c:38:cf:77:fb:22:0e:95:
                    9f:ae:17:b5:ce:a4:d2:24:bb:d7:bb:b3:79:de:dc:
                    ab:9e:0d:45:90:07:c5:e7:15:d6:da:68:fc:ea:b0:
                    7a:2d:67:5a:d7:ec:f3:3b:25:0b:4b:b3:12:67:eb:
                    ad:8d:9e:26:86:a4:fc:2a:d1:82:8e:b8:ed:7a:3b:
                    20:46:bb:a5:df:a8:2e:ac:24:fe:57:82:8b:ea:55:
                    4b:6e:4c:7f:b5:f7:dc:d8:2a:7b:56:e1:5c:75:45:
                    66:a7:5f:79:87:ab:65:9f:87:35:9c:b6:a8:44:4d:
                    75:e0:57:a2:12:f2:f3:0d:53:00:7a:86:5b:ca:ad:
                    67:6c:72:7c:14:30:df:2c:06:44:b1:72:8d:5e:af:
                    51:98:80:11:04:f7:ff:19:92:1f:32:53:49:93:98:
                    66:50:f6:cb:4d:d0:60:53:62:da:81:b2:14:a0:7e:
                    8d:40:ef:60:16:36:bb:f0:d5:a7:b4:65:74:cb:e9:
                    25:01:07:16:52:29:3a:96:a1:90:15:27:2a:df:fd:
                    4f:b2:90:e3:65:77:1f:38:64:80:eb:2e:b1:e0:81:
                    80:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:9D:ED:B6:A9:0B:44:85:F4:DF:07:FB:83:45:B7:75:03:D4:17:2E
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199959.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:2f:9a:fd:e1:74:7f:0f:b1:10:0a:29:38:85:e7:ee:e2:75:
         aa:a7:b0:b4:b9:af:1b:1a:ee:90:d5:34:01:94:a7:89:5e:d5:
         be:38:04:ee:f4:b5:e3:cf:5b:63:be:69:09:28:c1:ca:76:4c:
         c5:99:d0:b9:8c:e1:20:a4:95:a1:9e:de:03:09:4d:03:3b:80:
         4a:dc:c3:4f:48:9f:f8:dc:d3:16:be:a3:78:6f:ff:6b:6a:af:
         8b:3f:92:f1:02:80:b1:08:3b:4d:bf:46:1f:52:d2:8a:89:92:
         a2:a2:cb:e6:ec:aa:22:00:02:bb:fd:59:f9:f9:ca:bb:92:f5:
         a8:e2:3b:0e:a7:58:4d:fe:a5:0e:4e:16:fa:7b:ff:14:6d:2d:
         db:1a:b3:30:04:ea:de:fc:ee:38:d3:69:27:f5:6d:ec:94:a7:
         3c:75:33:c3:80:f6:04:4e:a5:b7:ac:0e:f0:95:20:fc:03:f6:
         b7:3e:07:ad:52:86:57:51:58:a4:d6:a4:b3:fa:d4:d5:5f:ff:
         07:f1:15:46:58:71:1d:20:ee:ab:3a:0d:7d:5d:5b:cd:1e:4a:
         46:b8:44:ae:5f:95:88:50:a9:c4:da:29:2b:bd:94:8c:c8:03:
         9f:41:11:ba:67:73:ba:6a:11:34:2b:63:a4:60:53:18:fd:db:
         c2:ad:22:71
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUFQZL67F4bSYq9/FsqELqzY4Uaf0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MjFaFw0yNjA3MDIxNTUyMjFaMDMxMTAvBgNV
BAMTKDg2OURFREI2QTkwQjQ0ODVGNERGMDdGQjgzNDVCNzc1MDNENDE3MkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQvKO9H/oC4Z3ZC5GC4UcrGbg+
H83nqJJaqI5kswl6QXmsyW9cOM93+yIOlZ+uF7XOpNIku9e7s3ne3KueDUWQB8Xn
FdbaaPzqsHotZ1rX7PM7JQtLsxJn662NniaGpPwq0YKOuO16OyBGu6XfqC6sJP5X
govqVUtuTH+199zYKntW4Vx1RWanX3mHq2WfhzWctqhETXXgV6IS8vMNUwB6hlvK
rWdscnwUMN8sBkSxco1er1GYgBEE9/8Zkh8yU0mTmGZQ9stN0GBTYtqBshSgfo1A
72AWNrvw1ae0ZXTL6SUBBxZSKTqWoZAVJyrf/U+ykONldx84ZIDrLrHggYBlAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUhp3ttqkLRIX03wf7g0W3dQPUFy4wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTk5OTU5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAuXmwMA0GCSqGSIb3DQEBCwUAA4IBAQCqL5r94XR/
D7EQCik4hefu4nWqp7C0ua8bGu6Q1TQBlKeJXtW+OATu9LXjz1tjvmkJKMHKdkzF
mdC5jOEgpJWhnt4DCU0DO4BK3MNPSJ/43NMWvqN4b/9raq+LP5LxAoCxCDtNv0Yf
UtKKiZKiosvm7KoiAAK7/Vn5+cq7kvWo4jsOp1hN/qUOThb6e/8UbS3bGrMwBOre
/O4402kn9W3slKc8dTPDgPYETqW3rA7wlSD8A/a3PgetUoZXUVik1qSz+tTVX/8H
8RVGWHEdIO6rOg19XVvNHkpGuESuX5WIUKnE2ikrvZSMyAOfQRG6Z3O6ahE0K2Ok
YFMY/dvCrSJx
-----END CERTIFICATE-----