Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS208913.roa
File:                     AS208913.roa (raw, json)
Hash identifier:          gRJs8Wk8Hd3/DldD+dv2Mqa7X9w2ub1CDNVcKyYRcow=
Subject key identifier:   7B:30:5D:94:2A:AA:7E:84:BC:73:F6:26:B3:4D:31:D3:82:99:5E:65
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       1746814D0B8E023DB36CCA07E985C48FC39A26C4
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS208913.roa
Signing time:             Thu 03 Jul 2025 15:52:25 +0000
ROA not before:           Thu 03 Jul 2025 15:47:25 +0000
ROA not after:            Thu 02 Jul 2026 15:52:25 +0000
asID:                     208913
IP address blocks:        111.235.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:46:81:4d:0b:8e:02:3d:b3:6c:ca:07:e9:85:c4:8f:c3:9a:26:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:25 2025 GMT
            Not After : Jul  2 15:52:25 2026 GMT
        Subject: CN=7B305D942AAA7E84BC73F626B34D31D382995E65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:58:ca:2f:cb:cf:5b:33:5a:77:d7:d3:c7:34:
                    88:b7:8b:8d:c8:14:ac:f4:cd:be:00:b1:32:bd:ec:
                    b1:9c:a8:01:86:95:dc:fb:96:e3:20:23:c6:16:cf:
                    a9:b3:5d:eb:e0:7c:b1:ee:43:ad:55:86:c2:c3:4d:
                    53:b2:71:ee:13:5f:03:fe:10:3d:9d:a9:d0:8c:bf:
                    fa:b8:42:20:29:61:cf:51:3b:21:29:6b:09:06:81:
                    f6:e3:36:01:2f:95:37:80:d2:d6:04:4d:e2:9c:3f:
                    04:71:7f:d9:bd:fd:54:b6:65:07:70:0a:f1:47:23:
                    50:af:db:2d:d4:9f:dc:f7:d9:eb:f4:42:24:c7:8e:
                    cd:4b:49:49:83:1b:f6:70:12:d0:5a:59:b4:39:d8:
                    7e:07:b1:ac:e6:45:7b:6b:19:c6:b2:c1:5e:e4:f8:
                    ca:77:cb:c1:19:a4:1a:ee:5a:3d:6f:69:8b:cd:7b:
                    cc:12:d3:53:8c:2a:13:a5:0f:58:9c:4a:2d:28:0d:
                    a9:2e:05:fd:16:de:4c:49:73:98:68:7a:98:16:d6:
                    8b:c9:f8:10:6b:c3:cb:75:b5:8e:21:a0:16:0e:e1:
                    07:89:d6:ad:5a:a5:45:eb:7f:23:d3:29:b9:18:ca:
                    ba:81:fc:85:8f:4e:1c:99:8c:e2:33:bc:92:36:f7:
                    64:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:30:5D:94:2A:AA:7E:84:BC:73:F6:26:B3:4D:31:D3:82:99:5E:65
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS208913.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  111.235.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:22:36:4f:f1:39:87:47:8e:a4:af:16:4e:38:14:98:24:80:
         c6:8e:87:ac:68:ce:04:f1:9c:1c:e0:fd:cd:d0:63:c5:c4:89:
         29:7d:31:19:d5:24:ce:32:e6:82:76:76:27:32:30:70:1a:4c:
         6d:33:b7:86:a8:02:29:08:cc:4e:43:51:ec:90:31:e7:35:06:
         80:4c:62:23:09:13:3f:01:cc:e4:42:d0:26:43:71:f6:52:4c:
         ea:45:08:45:40:4f:f2:8b:ed:87:9f:75:09:e9:18:c7:27:08:
         80:1c:76:d8:c6:84:31:a0:13:be:d4:8d:d2:19:40:45:b1:c9:
         96:5e:4b:d0:f3:49:12:5a:dc:a0:f7:c6:73:5a:af:92:0a:81:
         b4:a9:d1:32:52:d9:0a:a7:ef:eb:59:77:4a:20:c2:d5:42:42:
         bc:42:14:27:33:c2:61:79:07:1c:6b:43:93:47:53:21:53:68:
         55:4b:5c:a5:4c:54:9d:71:1b:80:e1:d1:f9:3c:7d:04:e4:e2:
         e3:3b:87:fc:27:fb:1f:dd:0d:9d:2f:ac:84:49:05:b8:71:e4:
         b3:96:da:af:40:9d:b8:f7:d2:53:12:d5:84:41:cf:e8:07:4a:
         fb:a5:1f:02:ee:a0:57:11:1a:96:74:fc:22:db:cd:6b:6c:38:
         1e:75:86:aa
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUF0aBTQuOAj2zbMoH6YXEj8OaJsQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MjVaFw0yNjA3MDIxNTUyMjVaMDMxMTAvBgNV
BAMTKDdCMzA1RDk0MkFBQTdFODRCQzczRjYyNkIzNEQzMUQzODI5OTVFNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqWMovy89bM1p319PHNIi3i43I
FKz0zb4AsTK97LGcqAGGldz7luMgI8YWz6mzXevgfLHuQ61VhsLDTVOyce4TXwP+
ED2dqdCMv/q4QiApYc9ROyEpawkGgfbjNgEvlTeA0tYETeKcPwRxf9m9/VS2ZQdw
CvFHI1Cv2y3Un9z32ev0QiTHjs1LSUmDG/ZwEtBaWbQ52H4HsazmRXtrGcaywV7k
+Mp3y8EZpBruWj1vaYvNe8wS01OMKhOlD1icSi0oDakuBf0W3kxJc5hoepgW1ovJ
+BBrw8t1tY4hoBYO4QeJ1q1apUXrfyPTKbkYyrqB/IWPThyZjOIzvJI292ThAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUezBdlCqqfoS8c/Yms00x04KZXmUwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA4OTEzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAb+uWMA0GCSqGSIb3DQEBCwUAA4IBAQBMIjZP8TmH
R46krxZOOBSYJIDGjoesaM4E8Zwc4P3N0GPFxIkpfTEZ1STOMuaCdnYnMjBwGkxt
M7eGqAIpCMxOQ1HskDHnNQaATGIjCRM/AczkQtAmQ3H2UkzqRQhFQE/yi+2Hn3UJ
6RjHJwiAHHbYxoQxoBO+1I3SGUBFscmWXkvQ80kSWtyg98ZzWq+SCoG0qdEyUtkK
p+/rWXdKIMLVQkK8QhQnM8JheQcca0OTR1MhU2hVS1ylTFSdcRuA4dH5PH0E5OLj
O4f8J/sf3Q2dL6yESQW4ceSzltqvQJ2499JTEtWEQc/oB0r7pR8C7qBXERqWdPwi
281rbDgedYaq
-----END CERTIFICATE-----