Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS204044.roa
File:                     AS204044.roa (raw, json)
Hash identifier:          Ofqu9lCjPoHfOkr5tzYqxVYbGse7SRuPaTAKK3RcASQ=
Subject key identifier:   54:1F:CC:05:78:25:B1:D7:A2:4F:77:1A:30:6C:A8:08:05:50:7F:5A
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       38D9CDD468565DC22145EDBB385F7B95EB7B3574
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS204044.roa
Signing time:             Thu 03 Jul 2025 15:52:44 +0000
ROA not before:           Thu 03 Jul 2025 15:47:44 +0000
ROA not after:            Thu 02 Jul 2026 15:52:44 +0000
asID:                     204044
IP address blocks:        111.235.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:d9:cd:d4:68:56:5d:c2:21:45:ed:bb:38:5f:7b:95:eb:7b:35:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:44 2025 GMT
            Not After : Jul  2 15:52:44 2026 GMT
        Subject: CN=541FCC057825B1D7A24F771A306CA80805507F5A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:3a:c9:39:97:50:5b:3c:c8:9d:e4:99:f2:4b:
                    f4:e4:ae:ae:bb:15:94:7a:f1:fc:45:ec:b4:cf:5a:
                    21:02:fa:12:71:27:a5:1d:79:40:ae:55:7d:08:e5:
                    79:a4:4e:19:ea:f5:c0:ac:18:b0:a5:1d:d9:f7:19:
                    63:28:fc:32:62:5a:2e:a4:92:15:71:0d:8e:fb:f4:
                    66:ed:68:87:c8:a6:54:34:72:15:b5:11:b6:5d:97:
                    d9:cd:eb:39:7e:2f:37:d2:0c:b3:6f:32:fc:be:31:
                    e3:e7:49:6c:30:cd:05:99:f5:a5:2a:53:a0:af:7e:
                    e2:5b:45:bc:f9:d3:cd:0f:57:0f:13:19:5f:89:4f:
                    3c:df:bb:22:fe:8d:82:b1:1a:bc:b5:03:b7:c1:bb:
                    55:ad:52:af:77:86:92:92:5d:7a:b1:47:25:a5:f3:
                    e0:07:37:98:1d:8d:ba:24:95:d8:71:e7:9e:b2:b6:
                    19:dd:31:a1:4f:73:9c:7a:9f:86:aa:84:1f:7a:e5:
                    40:fe:b9:6f:89:df:d5:8d:88:41:6f:00:3f:5d:6f:
                    b0:f6:71:76:f3:a7:d7:d2:8d:07:1b:2e:ef:6f:2f:
                    93:3d:d3:a1:51:d8:6b:da:80:74:8a:ee:b2:de:a3:
                    38:4c:cb:88:18:d8:a8:97:66:88:5e:ab:9b:a8:72:
                    b2:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:1F:CC:05:78:25:B1:D7:A2:4F:77:1A:30:6C:A8:08:05:50:7F:5A
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS204044.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  111.235.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:89:25:55:23:ab:14:4e:d8:60:ff:50:e7:e5:fb:dd:f9:a0:
         d7:1f:cc:af:ac:94:f3:50:3c:45:09:47:1b:91:3e:7a:e5:1b:
         7b:4f:59:2f:00:3d:30:ba:1f:e7:a2:5c:60:ef:a6:ae:7e:e0:
         25:95:88:22:70:70:0b:d6:14:f4:16:b0:4f:9f:a7:aa:96:42:
         6f:3e:3d:67:9b:43:f3:d7:ea:cb:80:46:4a:3e:3b:57:24:b9:
         48:e4:92:96:4b:5a:96:d8:d1:79:71:0c:ec:61:dc:e0:56:e4:
         4e:b1:d8:b0:30:8c:4d:12:bc:66:90:b2:d4:cb:96:05:6c:8b:
         3f:5f:55:42:fb:f2:5d:c1:d3:93:de:88:6c:71:68:e2:42:0a:
         49:54:5b:67:e9:22:3a:c3:ed:f6:22:ca:4c:8f:66:0c:aa:df:
         f9:3f:31:85:85:eb:47:77:d0:1a:dd:d5:65:f0:7b:d2:3c:10:
         ab:33:15:de:24:55:db:53:98:3a:05:37:c8:3d:d9:ca:93:85:
         dd:14:64:95:84:d7:c4:25:78:6f:c7:4b:9b:98:f2:d0:49:cb:
         c9:91:05:1f:71:bf:33:a7:7a:dc:1c:0d:45:de:99:64:b0:3e:
         a3:5c:be:ba:9c:16:59:6a:81:16:20:ce:0e:80:fd:14:8c:94:
         6f:21:21:28
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUONnN1GhWXcIhRe27OF97let7NXQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3NDRaFw0yNjA3MDIxNTUyNDRaMDMxMTAvBgNV
BAMTKDU0MUZDQzA1NzgyNUIxRDdBMjRGNzcxQTMwNkNBODA4MDU1MDdGNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDROsk5l1BbPMid5JnyS/Tkrq67
FZR68fxF7LTPWiEC+hJxJ6UdeUCuVX0I5XmkThnq9cCsGLClHdn3GWMo/DJiWi6k
khVxDY779GbtaIfIplQ0chW1EbZdl9nN6zl+LzfSDLNvMvy+MePnSWwwzQWZ9aUq
U6CvfuJbRbz5080PVw8TGV+JTzzfuyL+jYKxGry1A7fBu1WtUq93hpKSXXqxRyWl
8+AHN5gdjbokldhx556ythndMaFPc5x6n4aqhB965UD+uW+J39WNiEFvAD9db7D2
cXbzp9fSjQcbLu9vL5M906FR2GvagHSK7rLeozhMy4gY2KiXZoheq5uocrJPAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUVB/MBXglsdeiT3caMGyoCAVQf1owHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA0MDQ0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAb+uXMA0GCSqGSIb3DQEBCwUAA4IBAQC7iSVVI6sU
Tthg/1Dn5fvd+aDXH8yvrJTzUDxFCUcbkT565Rt7T1kvAD0wuh/nolxg76aufuAl
lYgicHAL1hT0FrBPn6eqlkJvPj1nm0Pz1+rLgEZKPjtXJLlI5JKWS1qW2NF5cQzs
YdzgVuROsdiwMIxNErxmkLLUy5YFbIs/X1VC+/JdwdOT3ohscWjiQgpJVFtn6SI6
w+32IspMj2YMqt/5PzGFhetHd9Aa3dVl8HvSPBCrMxXeJFXbU5g6BTfIPdnKk4Xd
FGSVhNfEJXhvx0ubmPLQScvJkQUfcb8zp3rcHA1F3plksD6jXL66nBZZaoEWIM4O
gP0UjJRvISEo
-----END CERTIFICATE-----