Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203218.roa
File:                     AS203218.roa (raw, json)
Hash identifier:          nKuyW9W00bQsjkPt9tRaZvunRbcEsJh+L5m5i9aaqGg=
Subject key identifier:   72:8D:92:59:C1:0A:57:A3:F0:48:65:76:2D:77:5F:98:3B:DD:D3:64
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       5896D8E7A52452549F37FA4F9A7D9009DACE2193
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203218.roa
Signing time:             Thu 03 Jul 2025 15:52:39 +0000
ROA not before:           Thu 03 Jul 2025 15:47:39 +0000
ROA not after:            Thu 02 Jul 2026 15:52:39 +0000
asID:                     203218
IP address blocks:        144.48.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:96:d8:e7:a5:24:52:54:9f:37:fa:4f:9a:7d:90:09:da:ce:21:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:39 2025 GMT
            Not After : Jul  2 15:52:39 2026 GMT
        Subject: CN=728D9259C10A57A3F04865762D775F983BDDD364
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ec:9f:37:38:31:4c:78:fd:2c:05:80:17:5b:
                    64:61:9d:15:31:89:19:be:01:cc:c0:b1:08:50:dc:
                    b3:12:d2:5f:4e:89:cc:36:3c:8e:40:bf:c8:08:13:
                    b2:69:b7:4e:47:8e:e1:df:e6:7c:c1:6d:6a:f0:e7:
                    78:fd:ed:9e:00:c8:ac:a2:70:c6:6b:1e:1c:27:b5:
                    de:d0:c3:04:a5:bf:fa:ad:3a:89:c4:40:cd:ac:b0:
                    5b:a2:12:44:99:29:0a:ab:7d:4e:01:9d:f0:24:3b:
                    97:a2:08:dc:ec:2c:d2:ba:98:b6:1b:01:d5:8b:6e:
                    4a:b4:2a:90:67:2a:2f:3b:c2:c9:54:53:6a:7a:34:
                    61:5e:04:fd:f1:16:2e:ad:d1:33:db:8c:3c:62:44:
                    cf:36:29:ee:cb:ae:7a:ea:e5:46:79:f0:81:b7:96:
                    69:bf:8a:ee:85:c8:0d:c0:6f:98:5b:56:95:98:02:
                    a9:af:02:e9:6b:cc:df:9e:05:6e:ac:59:2f:49:4a:
                    ee:86:18:ef:a6:6c:69:8d:3c:d8:9e:42:49:88:11:
                    58:74:03:38:a4:99:70:6b:4f:41:7b:18:83:92:70:
                    77:68:f8:05:38:67:fc:bd:45:7e:ea:27:96:9b:74:
                    d9:62:55:63:47:97:62:b5:ff:9b:1a:97:60:e8:7a:
                    78:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:8D:92:59:C1:0A:57:A3:F0:48:65:76:2D:77:5F:98:3B:DD:D3:64
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203218.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.48.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:c7:99:0c:12:8a:03:05:d0:3c:7e:bf:ae:f5:12:2b:d5:43:
         c2:2d:91:a5:f7:d1:22:b2:e1:89:dc:82:4f:9d:e6:e8:78:d0:
         f1:53:4a:a9:58:12:05:48:e2:14:6c:5b:6b:bf:82:42:4d:25:
         db:ab:0e:c9:e7:e3:ed:f8:a8:cd:4f:aa:c4:b5:f4:03:9f:be:
         ec:4a:c9:1f:28:46:1f:f8:f7:b3:ae:bf:bf:56:b0:3f:81:71:
         52:05:d8:39:57:72:3f:22:d9:df:0e:1d:c0:b1:2b:78:b7:db:
         50:d5:2a:e8:5b:9c:99:2d:1f:95:98:89:ea:c6:b8:3d:42:f4:
         0a:6a:49:d0:bb:87:e5:7e:6d:49:cc:a2:e3:3d:e1:e9:d6:79:
         41:14:2c:a9:fd:bb:86:3f:ff:13:fc:89:1c:ea:d4:90:eb:99:
         ba:fe:87:11:2d:7a:bd:86:f4:68:02:a4:96:d0:0e:d3:0c:98:
         72:76:54:f4:59:70:f9:ec:be:d9:a4:b6:dd:bf:cb:8b:bb:6a:
         ac:84:c0:10:ea:07:ca:44:57:d1:82:5a:f0:e3:41:01:94:4c:
         17:f9:7f:75:ad:86:4d:c4:58:00:39:5d:08:c7:cf:7a:81:86:
         9e:ff:0b:7b:82:64:36:12:ac:bf:16:4c:cc:07:dc:3e:dd:21:
         83:c1:d6:5d
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUWJbY56UkUlSfN/pPmn2QCdrOIZMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MzlaFw0yNjA3MDIxNTUyMzlaMDMxMTAvBgNV
BAMTKDcyOEQ5MjU5QzEwQTU3QTNGMDQ4NjU3NjJENzc1Rjk4M0JEREQzNjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC77J83ODFMeP0sBYAXW2RhnRUx
iRm+AczAsQhQ3LMS0l9Oicw2PI5Av8gIE7Jpt05HjuHf5nzBbWrw53j97Z4AyKyi
cMZrHhwntd7QwwSlv/qtOonEQM2ssFuiEkSZKQqrfU4BnfAkO5eiCNzsLNK6mLYb
AdWLbkq0KpBnKi87wslUU2p6NGFeBP3xFi6t0TPbjDxiRM82Ke7Lrnrq5UZ58IG3
lmm/iu6FyA3Ab5hbVpWYAqmvAulrzN+eBW6sWS9JSu6GGO+mbGmNPNieQkmIEVh0
AzikmXBrT0F7GIOScHdo+AU4Z/y9RX7qJ5abdNliVWNHl2K1/5sal2DoenhJAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUco2SWcEKV6PwSGV2LXdfmDvd02QwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAzMjE4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAkDBRMA0GCSqGSIb3DQEBCwUAA4IBAQBGx5kMEooD
BdA8fr+u9RIr1UPCLZGl99EisuGJ3IJPneboeNDxU0qpWBIFSOIUbFtrv4JCTSXb
qw7J5+Pt+KjNT6rEtfQDn77sSskfKEYf+Pezrr+/VrA/gXFSBdg5V3I/ItnfDh3A
sSt4t9tQ1SroW5yZLR+VmInqxrg9QvQKaknQu4flfm1JzKLjPeHp1nlBFCyp/buG
P/8T/Ikc6tSQ65m6/ocRLXq9hvRoAqSW0A7TDJhydlT0WXD57L7ZpLbdv8uLu2qs
hMAQ6gfKRFfRglrw40EBlEwX+X91rYZNxFgAOV0Ix896gYae/wt7gmQ2Eqy/FkzM
B9w+3SGDwdZd
-----END CERTIFICATE-----
Generated at Fri Jul 4 22:09:59 2025 by rpki-client