Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209022.roa
File:                     AS209022.roa (raw, json)
Hash identifier:          zj3kVx0JF2py+l106e5VLdNaFd1JL/1ZxwJvSJYTr5g=
Subject key identifier:   81:0C:79:80:D2:45:81:04:15:A9:6E:5E:9E:5E:87:70:4D:0F:B7:A6
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       AC0608F1D53281CAAF8700AD546F63C070600F
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209022.roa
Signing time:             Tue 26 May 2026 12:42:23 +0000
ROA not before:           Tue 26 May 2026 12:37:23 +0000
ROA not after:            Tue 25 May 2027 12:42:23 +0000
asID:                     209022
IP address blocks:        185.121.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ac:06:08:f1:d5:32:81:ca:af:87:00:ad:54:6f:63:c0:70:60:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: May 26 12:37:23 2026 GMT
            Not After : May 25 12:42:23 2027 GMT
        Subject: CN=810C7980D245810415A96E5E9E5E87704D0FB7A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:77:9b:11:d2:f9:0b:8a:9c:fb:8b:76:6f:6c:
                    7f:dc:d3:7c:36:cf:9f:64:2b:5d:40:c6:81:14:ca:
                    68:89:8d:60:66:5e:0e:1a:47:c6:fb:ea:a9:39:ad:
                    1c:3b:f8:0a:ec:00:ca:5d:3a:ab:59:6e:81:03:dd:
                    5f:74:76:47:03:85:5d:21:57:82:0d:93:d4:1e:a2:
                    c2:fa:84:03:e0:87:98:8f:19:18:96:c7:cf:6e:7c:
                    81:00:b6:6b:e3:8d:d8:fb:cd:72:01:5a:e1:b7:1b:
                    1c:aa:a3:fe:09:b7:e3:3b:6b:cb:3c:5f:3a:ef:d0:
                    7f:22:a7:9a:25:f5:ab:9e:24:d7:a8:d5:d3:f9:d1:
                    03:95:bb:53:ae:4f:49:5a:a6:b2:e9:7b:d8:e0:52:
                    79:5d:35:00:f0:70:c4:13:b1:7e:32:ea:fa:f4:9a:
                    ed:c6:d9:5d:9d:13:00:6f:40:aa:f3:1e:34:0f:7d:
                    d6:3a:56:52:9b:1f:eb:68:68:84:cf:60:d4:00:c0:
                    3b:5f:32:e8:cf:6d:f6:aa:d7:5b:33:86:de:56:6b:
                    1e:63:8b:b5:59:eb:fe:fc:b6:ab:dd:40:6d:f4:8f:
                    2e:7a:5f:74:53:b9:fa:09:55:3c:ed:17:1c:83:55:
                    8d:1f:8c:27:07:39:5f:fa:1e:79:6b:df:dc:e7:fc:
                    24:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:0C:79:80:D2:45:81:04:15:A9:6E:5E:9E:5E:87:70:4D:0F:B7:A6
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209022.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:c2:1a:c7:f0:ac:7d:65:10:06:5c:cd:6a:1e:34:34:62:a4:
         00:98:4a:e3:7a:fb:cd:81:0b:a4:5e:2f:65:ae:3b:32:da:87:
         8a:bc:bf:53:26:da:4f:95:5d:47:2d:c2:30:3d:b2:1f:78:4c:
         9b:50:b5:99:76:89:67:d1:e0:e4:bf:81:5b:57:c7:95:d3:af:
         33:c8:13:7c:41:03:54:97:1e:18:4b:f7:9b:75:46:43:94:bc:
         54:0a:5c:0b:c0:c2:65:7c:93:e4:4a:77:a7:e6:d0:29:03:ec:
         ed:01:c2:ef:e8:45:9c:ab:4f:de:d5:28:99:a0:ca:d0:02:4b:
         ad:4d:60:02:5d:41:d9:ae:3b:eb:9c:8a:e6:75:b7:d4:14:bc:
         c1:16:c9:fd:7a:1e:82:fa:b6:e7:08:b3:87:5c:98:37:7c:96:
         84:1e:a3:e6:ad:11:c3:1d:c9:3d:5f:8a:72:a6:27:24:b8:46:
         43:17:58:7d:bd:81:62:f5:77:97:bf:5b:b0:65:69:1b:ff:79:
         45:31:fb:47:66:7a:64:b3:6b:15:be:5a:49:8f:f5:61:44:a3:
         dd:0c:9e:b3:03:a7:dd:5a:cf:a0:60:f0:ae:9b:75:ec:c9:9d:
         06:74:fe:21:17:a5:e3:ea:9f:74:03:5e:bd:86:2f:bb:b6:b5:
         44:97:e4:f9
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUAKwGCPHVMoHKr4cArVRvY8BwYA8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA1MjYxMjM3MjNaFw0yNzA1MjUxMjQyMjNaMDMxMTAvBgNV
BAMTKDgxMEM3OTgwRDI0NTgxMDQxNUE5NkU1RTlFNUU4NzcwNEQwRkI3QTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhd5sR0vkLipz7i3ZvbH/c03w2
z59kK11AxoEUymiJjWBmXg4aR8b76qk5rRw7+ArsAMpdOqtZboED3V90dkcDhV0h
V4INk9QeosL6hAPgh5iPGRiWx89ufIEAtmvjjdj7zXIBWuG3Gxyqo/4Jt+M7a8s8
Xzrv0H8ip5ol9aueJNeo1dP50QOVu1OuT0laprLpe9jgUnldNQDwcMQTsX4y6vr0
mu3G2V2dEwBvQKrzHjQPfdY6VlKbH+toaITPYNQAwDtfMujPbfaq11szht5Wax5j
i7VZ6/78tqvdQG30jy56X3RTufoJVTztFxyDVY0fjCcHOV/6Hnlr39zn/CSLAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUgQx5gNJFgQQVqW5enl6HcE0Pt6YwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA5MDIyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAuXmpMA0GCSqGSIb3DQEBCwUAA4IBAQAMwhrH8Kx9
ZRAGXM1qHjQ0YqQAmErjevvNgQukXi9lrjsy2oeKvL9TJtpPlV1HLcIwPbIfeEyb
ULWZdoln0eDkv4FbV8eV068zyBN8QQNUlx4YS/ebdUZDlLxUClwLwMJlfJPkSnen
5tApA+ztAcLv6EWcq0/e1SiZoMrQAkutTWACXUHZrjvrnIrmdbfUFLzBFsn9eh6C
+rbnCLOHXJg3fJaEHqPmrRHDHck9X4pypickuEZDF1h9vYFi9XeXv1uwZWkb/3lF
MftHZnpks2sVvlpJj/VhRKPdDJ6zA6fdWs+gYPCum3XsyZ0GdP4hF6Xj6p90A169
hi+7trVEl+T5
-----END CERTIFICATE-----