Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199959.roa
File:                     AS199959.roa (raw, json)
Hash identifier:          OC9uGgBBSk0PZ6vRlRgKwS43JVNC7DV1hFq/2wDNpzg=
Subject key identifier:   F2:A5:8D:87:0D:5C:A8:4B:BF:E6:B4:82:AD:39:34:C3:29:64:09:E4
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       295F4626CBC5F6FE610146890A21686A79635BE5
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199959.roa
Signing time:             Thu 04 Jun 2026 15:58:48 +0000
ROA not before:           Thu 04 Jun 2026 15:53:48 +0000
ROA not after:            Thu 03 Jun 2027 15:58:48 +0000
asID:                     199959
IP address blocks:        185.121.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:5f:46:26:cb:c5:f6:fe:61:01:46:89:0a:21:68:6a:79:63:5b:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:48 2026 GMT
            Not After : Jun  3 15:58:48 2027 GMT
        Subject: CN=F2A58D870D5CA84BBFE6B482AD3934C3296409E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:33:45:b2:f2:a8:6b:5f:79:44:1d:a2:4b:2a:
                    f8:74:d0:f5:60:55:c8:79:15:fc:ff:60:a3:25:d7:
                    c3:6e:45:c3:69:15:48:d8:78:91:c3:0d:87:c0:c6:
                    1a:1d:13:55:93:09:3e:d1:a5:d8:70:bc:49:f2:c9:
                    9b:3a:04:55:e7:df:c8:48:a2:2e:29:61:69:9b:61:
                    cb:d5:90:5a:7b:e8:63:b0:df:b9:22:12:32:ea:cc:
                    68:2d:b0:45:f6:66:b0:26:51:cb:70:d6:7e:cd:fd:
                    58:b5:04:c0:a8:c9:81:d6:ab:61:90:7e:0a:56:a6:
                    83:5e:3f:b0:3c:bd:d5:b2:c9:c9:07:f2:fa:9e:50:
                    de:f1:68:a3:2b:35:77:b8:e9:c3:6d:2d:ba:64:48:
                    e1:df:cd:b5:d4:0a:05:36:4f:fa:9b:e5:b8:f7:32:
                    67:3c:b4:0d:75:26:d9:3d:68:c3:a8:8f:08:62:77:
                    e4:1f:7d:b0:21:7a:ae:7b:d6:f8:62:46:97:56:fe:
                    2a:e8:38:1c:2a:92:7c:7d:31:b3:82:07:d6:eb:16:
                    af:d4:e9:b3:29:58:cb:90:55:ee:d7:c1:9d:76:4d:
                    d8:6c:9d:a4:b0:94:28:61:64:b3:8d:bf:e5:26:ef:
                    7c:95:1b:ac:c7:dc:0c:04:69:1f:54:f1:4e:be:98:
                    e0:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:A5:8D:87:0D:5C:A8:4B:BF:E6:B4:82:AD:39:34:C3:29:64:09:E4
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS199959.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:9b:e3:9b:15:1c:16:0d:6a:47:1e:ed:81:f1:bf:4f:62:c3:
         de:64:cc:ba:2b:59:53:79:ff:dd:49:7a:84:32:e5:26:dc:47:
         a4:25:7c:89:54:47:8c:5f:30:4a:00:b2:fd:99:4c:9f:3b:e8:
         5c:71:6e:c4:c7:a7:f2:1b:17:69:62:55:a6:29:bc:38:68:01:
         e0:f2:49:32:0a:9f:7a:d9:76:a2:20:9f:e7:44:30:25:3c:37:
         cd:8a:f4:ed:93:c2:16:59:88:78:30:b9:c6:6c:dd:fc:ac:a1:
         b8:e5:e7:8f:55:08:bf:33:34:9b:5c:c7:d7:86:51:8f:1f:76:
         94:79:a8:78:f6:b1:e6:a9:63:f9:66:2d:cf:13:d2:80:ce:ab:
         0f:ea:19:c2:89:2c:d0:cd:78:35:3f:86:73:ac:26:fa:91:e3:
         7d:ea:d3:00:b0:3f:8f:e8:40:1d:20:f7:43:ab:8c:0b:32:4c:
         eb:e3:61:5b:30:bc:b2:23:29:c9:40:eb:43:cf:b8:56:c4:19:
         83:71:22:51:88:06:fe:25:65:cf:16:ab:60:05:49:f8:40:08:
         de:a3:ec:fa:0d:5d:c0:0a:31:98:1d:18:5e:85:8e:a2:00:7a:
         26:ba:e4:c2:98:3c:07:1a:d3:24:4c:7e:29:5c:57:96:66:af:
         40:8e:a3:6e
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUKV9GJsvF9v5hAUaJCiFoanljW+UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDhaFw0yNzA2MDMxNTU4NDhaMDMxMTAvBgNV
BAMTKEYyQTU4RDg3MEQ1Q0E4NEJCRkU2QjQ4MkFEMzkzNEMzMjk2NDA5RTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVM0Wy8qhrX3lEHaJLKvh00PVg
Vch5Ffz/YKMl18NuRcNpFUjYeJHDDYfAxhodE1WTCT7RpdhwvEnyyZs6BFXn38hI
oi4pYWmbYcvVkFp76GOw37kiEjLqzGgtsEX2ZrAmUctw1n7N/Vi1BMCoyYHWq2GQ
fgpWpoNeP7A8vdWyyckH8vqeUN7xaKMrNXe46cNtLbpkSOHfzbXUCgU2T/qb5bj3
Mmc8tA11Jtk9aMOojwhid+QffbAheq571vhiRpdW/iroOBwqknx9MbOCB9brFq/U
6bMpWMuQVe7XwZ12TdhsnaSwlChhZLONv+Um73yVG6zH3AwEaR9U8U6+mOCzAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQU8qWNhw1cqEu/5rSCrTk0wylkCeQwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTk5OTU5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAuXmwMA0GCSqGSIb3DQEBCwUAA4IBAQAOm+ObFRwW
DWpHHu2B8b9PYsPeZMy6K1lTef/dSXqEMuUm3EekJXyJVEeMXzBKALL9mUyfO+hc
cW7Ex6fyGxdpYlWmKbw4aAHg8kkyCp962XaiIJ/nRDAlPDfNivTtk8IWWYh4MLnG
bN38rKG45eePVQi/MzSbXMfXhlGPH3aUeah49rHmqWP5Zi3PE9KAzqsP6hnCiSzQ
zXg1P4ZzrCb6keN96tMAsD+P6EAdIPdDq4wLMkzr42FbMLyyIynJQOtDz7hWxBmD
cSJRiAb+JWXPFqtgBUn4QAjeo+z6DV3ACjGYHRhehY6iAHomuuTCmDwHGtMkTH4p
XFeWZq9AjqNu
-----END CERTIFICATE-----