Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200229.roa
File:                     AS200229.roa (raw, json)
Hash identifier:          74DuQIXRACWrJ412IN9UANDbJxi1XLPoyc0zwqOM5So=
Subject key identifier:   67:27:DF:4D:10:29:A7:76:4B:AD:2D:45:8B:C0:42:4D:E6:94:64:78
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       4FA80DCD01187B8724256372E9EB74200947D63D
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200229.roa
Signing time:             Thu 03 Jul 2025 15:52:00 +0000
ROA not before:           Thu 03 Jul 2025 15:47:00 +0000
ROA not after:            Thu 02 Jul 2026 15:52:00 +0000
asID:                     200229
IP address blocks:        103.139.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:a8:0d:cd:01:18:7b:87:24:25:63:72:e9:eb:74:20:09:47:d6:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:00 2025 GMT
            Not After : Jul  2 15:52:00 2026 GMT
        Subject: CN=6727DF4D1029A7764BAD2D458BC0424DE6946478
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a2:4f:de:4c:9b:6d:6c:3d:b4:45:92:32:b9:
                    25:3d:bb:50:6d:28:7d:3c:06:d1:85:77:d3:d7:09:
                    c9:86:46:18:16:39:5f:b0:47:54:28:3c:7e:5a:4d:
                    88:bf:54:51:95:39:64:90:de:51:f1:37:50:6b:71:
                    87:26:10:ef:62:38:fe:7c:07:b1:e8:af:a0:54:4c:
                    ee:63:44:cb:e3:93:79:ff:ab:54:51:82:3d:72:94:
                    b6:fd:3e:98:cb:47:6c:79:5b:d3:1b:16:97:95:ca:
                    ea:09:4f:08:c4:b2:67:53:3b:cd:2d:6e:e8:79:e0:
                    d9:72:b6:9a:8f:f3:99:5c:6e:13:b3:17:c6:02:e5:
                    7e:8b:a4:36:2b:57:1b:95:0a:1d:24:0d:85:23:03:
                    43:66:2c:c0:a0:8b:e2:68:0a:d4:b0:fe:92:58:55:
                    0e:ee:a3:c8:fc:b2:c9:fe:d5:59:ed:6b:8d:fe:e3:
                    de:e3:5e:dc:22:79:9b:91:c4:27:b6:d0:8a:44:ea:
                    8a:b2:71:4b:5b:e5:c3:f2:46:19:7f:7d:e8:a2:79:
                    d7:e1:11:e2:a3:c6:42:1c:53:bd:17:fc:01:5c:15:
                    4a:17:e7:79:91:a0:57:f4:c0:e5:73:17:7b:84:42:
                    85:e3:74:2e:00:ce:b9:89:2b:f1:8f:f0:a7:52:e5:
                    2a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:27:DF:4D:10:29:A7:76:4B:AD:2D:45:8B:C0:42:4D:E6:94:64:78
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200229.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.139.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:6d:db:75:cb:84:34:9f:63:e4:dc:5a:34:2e:05:1a:92:1c:
         a6:9b:18:4f:4e:37:e2:2e:92:fa:27:b5:d8:e6:56:63:14:96:
         e5:e3:19:3f:70:3d:65:20:62:54:ae:0b:cf:83:03:02:75:06:
         1d:59:7a:d9:f8:8f:f4:a5:f0:92:cc:b9:fe:62:b3:97:e8:d8:
         6e:3f:92:c2:8d:c6:61:cb:e8:5f:c1:56:61:2a:95:d6:57:88:
         cf:65:a0:91:71:e7:7e:8b:76:d1:83:6a:55:aa:c3:60:53:86:
         77:5c:0a:52:56:94:9e:5b:6a:4d:11:13:56:31:42:d1:06:fe:
         ba:1f:bf:22:c0:eb:15:40:47:12:54:57:7e:24:fa:5e:aa:8b:
         d4:67:48:ca:65:f6:3a:e2:26:7f:f5:40:d8:4d:65:e3:99:21:
         43:a2:d7:89:01:13:7c:a1:75:31:88:31:f3:e0:c2:f2:53:e7:
         c5:bc:d2:dd:cd:8a:c2:58:9f:50:10:d6:62:3f:1f:03:97:e6:
         cb:fb:b9:32:8b:47:b6:5e:72:36:8a:00:f5:13:8e:5f:16:b4:
         30:6f:09:af:60:23:7a:7d:e9:34:e7:a1:b5:3f:b4:d2:fe:62:
         2d:9d:bf:df:ea:25:34:2d:a9:cd:03:fa:0c:aa:59:0a:ac:fb:
         63:a9:2f:1d
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUT6gNzQEYe4ckJWNy6et0IAlH1j0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MDBaFw0yNjA3MDIxNTUyMDBaMDMxMTAvBgNV
BAMTKDY3MjdERjREMTAyOUE3NzY0QkFEMkQ0NThCQzA0MjRERTY5NDY0NzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTok/eTJttbD20RZIyuSU9u1Bt
KH08BtGFd9PXCcmGRhgWOV+wR1QoPH5aTYi/VFGVOWSQ3lHxN1BrcYcmEO9iOP58
B7Hor6BUTO5jRMvjk3n/q1RRgj1ylLb9PpjLR2x5W9MbFpeVyuoJTwjEsmdTO80t
buh54NlytpqP85lcbhOzF8YC5X6LpDYrVxuVCh0kDYUjA0NmLMCgi+JoCtSw/pJY
VQ7uo8j8ssn+1Vnta43+497jXtwieZuRxCe20IpE6oqycUtb5cPyRhl/feiiedfh
EeKjxkIcU70X/AFcFUoX53mRoFf0wOVzF3uEQoXjdC4AzrmJK/GP8KdS5SqlAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUZyffTRApp3ZLrS1Fi8BCTeaUZHgwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAwMjI5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAZ4tZMA0GCSqGSIb3DQEBCwUAA4IBAQCWbdt1y4Q0
n2Pk3Fo0LgUakhymmxhPTjfiLpL6J7XY5lZjFJbl4xk/cD1lIGJUrgvPgwMCdQYd
WXrZ+I/0pfCSzLn+YrOX6NhuP5LCjcZhy+hfwVZhKpXWV4jPZaCRced+i3bRg2pV
qsNgU4Z3XApSVpSeW2pNERNWMULRBv66H78iwOsVQEcSVFd+JPpeqovUZ0jKZfY6
4iZ/9UDYTWXjmSFDoteJARN8oXUxiDHz4MLyU+fFvNLdzYrCWJ9QENZiPx8Dl+bL
+7kyi0e2XnI2igD1E45fFrQwbwmvYCN6fek056G1P7TS/mItnb/f6iU0LanNA/oM
qlkKrPtjqS8d
-----END CERTIFICATE-----