Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209709.roa
File:                     AS209709.roa (raw, json)
Hash identifier:          6n3F6Sew1BaDe1qV8EljnTLmSUkZFrLqo/2qp7Mfu0U=
Subject key identifier:   BE:3A:12:09:F0:4E:07:80:18:48:AA:4F:DE:C6:29:DF:1A:72:4F:AE
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       43F0CBBB99E374FE4F2A7A93C4DB76158537E9CC
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209709.roa
Signing time:             Thu 04 Jun 2026 15:58:50 +0000
ROA not before:           Thu 04 Jun 2026 15:53:50 +0000
ROA not after:            Thu 03 Jun 2027 15:58:50 +0000
asID:                     209709
IP address blocks:        185.236.212.0/24 maxlen: 24
                          185.236.213.0/24 maxlen: 24
                          185.236.214.0/24 maxlen: 24
                          185.236.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:f0:cb:bb:99:e3:74:fe:4f:2a:7a:93:c4:db:76:15:85:37:e9:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:50 2026 GMT
            Not After : Jun  3 15:58:50 2027 GMT
        Subject: CN=BE3A1209F04E07801848AA4FDEC629DF1A724FAE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:63:29:a6:3f:d7:44:e5:c4:9e:16:81:81:e0:
                    74:f8:d7:44:52:2f:34:ed:56:f3:af:a3:59:55:d1:
                    2d:41:9b:df:5d:47:b1:7a:ec:3a:dc:14:d3:64:7a:
                    a3:64:65:8e:76:e1:0d:05:79:3d:78:42:4f:c3:44:
                    ba:29:48:f5:c4:61:1f:98:2a:71:74:74:cb:54:b0:
                    58:0e:9a:c9:af:fb:a4:32:9b:bf:11:71:ad:ee:37:
                    2e:c8:62:5e:fe:25:92:1d:73:91:84:13:ac:db:83:
                    eb:02:5b:0f:f2:2c:47:af:56:97:b6:2e:69:61:ea:
                    96:25:da:16:f0:50:b9:38:d7:f7:e5:4b:0c:aa:c3:
                    ed:c1:6d:52:a3:41:0b:ea:9a:27:2b:2b:39:bd:06:
                    59:06:95:0a:ce:37:a1:7b:ae:43:76:e4:23:c3:9a:
                    4b:34:0a:d9:8e:a2:db:ba:b9:a3:7d:8c:d9:ba:f1:
                    5a:58:e5:4c:29:e5:95:e0:9e:d6:42:9e:30:41:3b:
                    1e:a3:12:1b:98:ee:43:6c:b7:ee:14:2e:e2:09:d4:
                    48:6f:7a:81:41:ad:de:e9:55:66:21:d6:a5:cf:72:
                    ca:98:31:1f:27:59:92:26:02:a7:d6:7d:bf:b0:62:
                    23:23:d1:59:51:a6:ec:55:50:c4:55:b7:61:fb:09:
                    bb:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:3A:12:09:F0:4E:07:80:18:48:AA:4F:DE:C6:29:DF:1A:72:4F:AE
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209709.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:2e:c1:e8:e3:bc:a9:6d:8e:25:f3:01:3e:a3:a1:30:97:3b:
         01:4d:ae:c1:dd:ed:df:c6:9b:e0:25:96:8d:b2:9c:0f:6c:bd:
         de:21:10:b8:3c:27:09:39:06:9f:52:a3:fe:ef:19:1c:0f:36:
         f1:b3:dc:0d:aa:4b:51:d0:67:ee:2a:d8:27:92:f5:d1:4e:d6:
         76:72:ad:d7:a8:a1:cf:62:3a:2a:9e:52:f7:1c:75:95:65:e9:
         76:04:1b:3b:d3:72:ec:08:d9:52:91:2c:14:91:4a:1c:74:4e:
         4a:aa:3c:86:fc:f7:38:27:f2:6f:ac:bf:cb:d9:1c:38:85:fc:
         5d:6e:74:ca:d6:e1:a5:8f:55:74:0d:87:86:09:a8:57:d8:c6:
         49:04:04:16:09:63:9d:e8:12:a9:51:d5:45:23:06:37:5e:a5:
         b5:42:b0:5c:84:be:16:bf:e6:ff:88:6b:d8:ab:bb:b2:0a:23:
         29:20:03:4b:7a:9c:7e:77:d5:24:ed:29:41:9e:b0:88:33:b9:
         d7:eb:31:ff:34:46:6c:88:f9:57:12:82:66:ae:70:e1:95:af:
         e8:53:d7:47:7f:34:24:00:5b:31:5c:a2:c2:1a:ce:e6:23:c9:
         bf:02:06:cf:5e:2b:69:95:10:77:7d:7b:3e:5d:1f:87:42:38:
         34:ad:6c:0d
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUQ/DLu5njdP5PKnqTxNt2FYU36cwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTBaFw0yNzA2MDMxNTU4NTBaMDMxMTAvBgNV
BAMTKEJFM0ExMjA5RjA0RTA3ODAxODQ4QUE0RkRFQzYyOURGMUE3MjRGQUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgYymmP9dE5cSeFoGB4HT410RS
LzTtVvOvo1lV0S1Bm99dR7F67DrcFNNkeqNkZY524Q0FeT14Qk/DRLopSPXEYR+Y
KnF0dMtUsFgOmsmv+6Qym78Rca3uNy7IYl7+JZIdc5GEE6zbg+sCWw/yLEevVpe2
Lmlh6pYl2hbwULk41/flSwyqw+3BbVKjQQvqmicrKzm9BlkGlQrON6F7rkN25CPD
mks0CtmOotu6uaN9jNm68VpY5Uwp5ZXgntZCnjBBOx6jEhuY7kNst+4ULuIJ1Ehv
eoFBrd7pVWYh1qXPcsqYMR8nWZImAqfWfb+wYiMj0VlRpuxVUMRVt2H7CbtzAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUvjoSCfBOB4AYSKpP3sYp3xpyT64wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA5NzA5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQCuezUMA0GCSqGSIb3DQEBCwUAA4IBAQBmLsHo47yp
bY4l8wE+o6EwlzsBTa7B3e3fxpvgJZaNspwPbL3eIRC4PCcJOQafUqP+7xkcDzbx
s9wNqktR0GfuKtgnkvXRTtZ2cq3XqKHPYjoqnlL3HHWVZel2BBs703LsCNlSkSwU
kUocdE5KqjyG/Pc4J/JvrL/L2Rw4hfxdbnTK1uGlj1V0DYeGCahX2MZJBAQWCWOd
6BKpUdVFIwY3XqW1QrBchL4Wv+b/iGvYq7uyCiMpIANLepx+d9Uk7SlBnrCIM7nX
6zH/NEZsiPlXEoJmrnDhla/oU9dHfzQkAFsxXKLCGs7mI8m/AgbPXitplRB3fXs+
XR+HQjg0rWwN
-----END CERTIFICATE-----