Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209022.roa
File:                     AS209022.roa (raw, json)
Hash identifier:          tiwuM0dwUZkGCjXFWg2pqSDIAMOExIJodfrcHqW23KI=
Subject key identifier:   55:25:52:70:80:75:35:CB:9D:83:5C:5E:64:01:F9:EE:6C:82:48:B5
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       50E6EE4C45ED76B5C3985A9D7754EA6240702764
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209022.roa
Signing time:             Thu 03 Jul 2025 15:51:50 +0000
ROA not before:           Thu 03 Jul 2025 15:46:50 +0000
ROA not after:            Thu 02 Jul 2026 15:51:50 +0000
asID:                     209022
IP address blocks:        185.121.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:e6:ee:4c:45:ed:76:b5:c3:98:5a:9d:77:54:ea:62:40:70:27:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:50 2025 GMT
            Not After : Jul  2 15:51:50 2026 GMT
        Subject: CN=55255270807535CB9D835C5E6401F9EE6C8248B5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:fe:02:2a:87:4b:a1:85:89:f5:25:d8:d7:68:
                    29:6d:70:3b:42:b9:12:f5:bc:17:af:d2:c8:01:7d:
                    a8:ec:92:86:eb:68:aa:90:a9:ad:16:14:14:4b:26:
                    34:a9:a9:fd:d4:2d:05:03:3e:e2:1a:8d:f4:fb:d2:
                    81:aa:ad:25:09:0e:80:a2:3a:29:a4:69:98:cf:88:
                    a2:30:aa:86:35:a5:6b:87:f6:3c:dc:56:f8:f9:a7:
                    35:98:1a:79:5f:d9:0b:d3:47:1a:8f:4a:fd:81:d9:
                    d2:07:19:14:6a:75:eb:94:e7:07:ed:0e:68:c4:0a:
                    37:ca:cf:40:ea:af:4d:43:c0:39:89:62:82:19:33:
                    3c:3f:98:e3:f2:c7:34:86:f6:f5:6f:f7:aa:52:a4:
                    66:7d:bd:9d:64:b4:51:21:60:29:7c:18:25:61:ff:
                    ca:12:0e:59:89:88:69:07:06:2a:65:41:e7:ac:51:
                    e9:8f:55:8c:0b:ec:ce:5a:8c:4b:89:40:51:ba:17:
                    7b:e9:9c:11:d0:ef:33:93:27:60:c6:2c:38:a9:f4:
                    32:51:19:bb:9e:e8:ff:dd:7f:8e:01:79:d6:41:47:
                    b0:75:ab:27:51:50:d7:48:2c:26:39:9b:c7:e6:30:
                    80:ce:3d:24:98:c4:9b:46:7e:0f:29:48:df:8b:31:
                    d3:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:25:52:70:80:75:35:CB:9D:83:5C:5E:64:01:F9:EE:6C:82:48:B5
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209022.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:4a:13:12:a4:cc:09:8c:07:84:fe:fd:15:ed:52:3a:3e:b8:
         47:bc:25:5d:fc:ef:9b:71:5a:c0:a5:7c:96:32:bc:13:ae:fc:
         65:fc:2c:be:fa:81:b7:71:1c:ef:41:79:48:4f:e7:de:3c:cd:
         f5:ae:95:2e:20:88:ca:44:1a:64:92:02:e0:29:c5:d7:41:d0:
         dc:1e:0b:cd:74:07:e8:0f:31:78:b1:02:38:46:66:3b:cd:13:
         68:c5:07:04:9a:53:51:61:1c:20:19:31:1f:74:55:46:88:91:
         fd:fe:cb:e6:69:ef:85:c4:d2:a0:be:12:5a:35:9f:bd:e8:24:
         1e:2f:86:e2:6d:ca:87:bf:39:38:86:0b:29:c3:90:ae:c4:c9:
         7b:2b:7e:c2:66:7d:21:22:79:a2:d7:10:61:b9:b1:92:30:d6:
         58:8d:4c:95:7b:97:ab:53:d8:7d:07:d3:35:bf:eb:e5:07:62:
         1d:e3:dc:d3:a1:04:31:7c:96:f8:fb:f6:4e:31:98:6f:fc:ba:
         e5:1c:99:80:99:e6:cd:5f:a3:dc:13:2a:5e:1a:7f:02:86:21:
         fe:05:9a:1e:c4:52:28:21:7d:7e:88:f0:ba:76:b3:65:3b:f4:
         8f:2b:8d:ae:e8:f7:36:63:4e:29:9e:80:4c:77:09:f4:4e:e2:
         04:15:2b:9e
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUUObuTEXtdrXDmFqdd1TqYkBwJ2QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2NTBaFw0yNjA3MDIxNTUxNTBaMDMxMTAvBgNV
BAMTKDU1MjU1MjcwODA3NTM1Q0I5RDgzNUM1RTY0MDFGOUVFNkM4MjQ4QjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV/gIqh0uhhYn1JdjXaCltcDtC
uRL1vBev0sgBfajskobraKqQqa0WFBRLJjSpqf3ULQUDPuIajfT70oGqrSUJDoCi
OimkaZjPiKIwqoY1pWuH9jzcVvj5pzWYGnlf2QvTRxqPSv2B2dIHGRRqdeuU5wft
DmjECjfKz0Dqr01DwDmJYoIZMzw/mOPyxzSG9vVv96pSpGZ9vZ1ktFEhYCl8GCVh
/8oSDlmJiGkHBiplQeesUemPVYwL7M5ajEuJQFG6F3vpnBHQ7zOTJ2DGLDip9DJR
Gbue6P/df44BedZBR7B1qydRUNdILCY5m8fmMIDOPSSYxJtGfg8pSN+LMdORAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUVSVScIB1Ncudg1xeZAH57myCSLUwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA5MDIyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAuXmpMA0GCSqGSIb3DQEBCwUAA4IBAQCdShMSpMwJ
jAeE/v0V7VI6PrhHvCVd/O+bcVrApXyWMrwTrvxl/Cy++oG3cRzvQXlIT+fePM31
rpUuIIjKRBpkkgLgKcXXQdDcHgvNdAfoDzF4sQI4RmY7zRNoxQcEmlNRYRwgGTEf
dFVGiJH9/svmae+FxNKgvhJaNZ+96CQeL4bibcqHvzk4hgspw5CuxMl7K37CZn0h
Inmi1xBhubGSMNZYjUyVe5erU9h9B9M1v+vlB2Id49zToQQxfJb4+/ZOMZhv/Lrl
HJmAmebNX6PcEypeGn8ChiH+BZoexFIoIX1+iPC6drNlO/SPK42u6Pc2Y04pnoBM
dwn0TuIEFSue
-----END CERTIFICATE-----