Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209709.roa
File:                     AS209709.roa (raw, json)
Hash identifier:          SLneQhsS6c/Fnum6rRtqKRrZYhNa07K9R2eDDh25pII=
Subject key identifier:   72:98:18:59:27:A2:08:01:0E:B0:2A:AF:4B:02:1E:B7:97:25:A0:55
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       34C889416B1F071BAED2650B821E2FA59575DBE7
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209709.roa
Signing time:             Thu 03 Jul 2025 15:51:32 +0000
ROA not before:           Thu 03 Jul 2025 15:46:32 +0000
ROA not after:            Thu 02 Jul 2026 15:51:32 +0000
asID:                     209709
IP address blocks:        185.236.212.0/24 maxlen: 24
                          185.236.213.0/24 maxlen: 24
                          185.236.214.0/24 maxlen: 24
                          185.236.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:c8:89:41:6b:1f:07:1b:ae:d2:65:0b:82:1e:2f:a5:95:75:db:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:32 2025 GMT
            Not After : Jul  2 15:51:32 2026 GMT
        Subject: CN=7298185927A208010EB02AAF4B021EB79725A055
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:8a:7d:0d:fb:7c:f2:36:ae:8c:fb:0d:c1:0d:
                    5f:5d:22:6f:26:09:02:f3:e5:a8:12:25:c0:e2:ba:
                    f1:c8:16:ed:66:04:bd:47:83:01:29:70:fc:4e:30:
                    97:ff:6a:56:df:cb:38:2a:6e:74:0f:90:69:c0:11:
                    97:08:0b:8e:b6:07:80:ae:82:da:f2:d0:5b:9b:9b:
                    aa:ce:33:5d:60:a9:04:b1:75:a4:ac:21:ab:e5:b9:
                    5a:c5:ad:d8:62:90:14:fa:d3:57:82:bb:15:f6:86:
                    1c:9e:6a:4d:07:78:6f:ab:a9:0e:e5:ff:e9:dc:0f:
                    4d:e9:44:e6:58:e6:cb:08:ec:6b:9e:87:91:20:b9:
                    5c:ba:6c:24:01:fc:70:45:0f:64:03:75:1e:27:b6:
                    be:ea:62:7b:c8:f0:cb:bf:9d:c3:ca:21:45:02:6f:
                    2d:83:b8:8f:0e:25:56:0e:8b:9e:f4:fb:bc:49:55:
                    63:1f:64:78:c4:e5:e5:50:00:0e:85:cf:2d:e3:37:
                    7d:6f:92:4e:36:66:b0:73:5b:9b:4b:fb:2b:af:32:
                    83:5b:da:b2:6b:34:bd:a3:64:99:6f:2a:cd:c6:63:
                    b9:65:c9:04:c1:14:94:7e:97:5e:52:3e:74:92:82:
                    8b:40:35:04:47:13:bf:15:95:12:c2:af:ec:58:66:
                    02:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:98:18:59:27:A2:08:01:0E:B0:2A:AF:4B:02:1E:B7:97:25:A0:55
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209709.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:09:da:e9:00:85:aa:ef:4d:fd:23:aa:cc:ed:b9:ef:74:4d:
         d4:43:da:4e:a4:c3:e3:97:68:57:77:e0:cc:e8:65:d9:41:13:
         aa:08:f3:c1:22:6b:ca:2c:ea:d8:ad:e7:d6:93:1c:bc:07:7b:
         1d:c4:63:2e:00:d9:66:84:e1:69:71:18:10:01:c1:be:51:1c:
         08:cd:14:60:00:91:80:62:22:40:bd:68:b3:a0:83:96:39:fe:
         db:3e:9a:a0:d7:a4:fe:78:fa:5e:1d:96:42:a1:ed:25:ed:2c:
         a6:84:91:61:cd:37:36:75:8a:ba:8c:4b:d9:b9:d2:93:85:91:
         60:f1:d8:5a:e9:92:f8:ca:24:23:ec:8f:07:3c:e5:bc:39:b3:
         14:fb:e1:f9:fe:8f:2e:d1:cf:52:62:c4:87:b1:c4:e3:f3:17:
         81:ce:86:f2:db:fc:8e:82:45:d3:72:ee:c6:de:d9:01:00:9c:
         64:78:6c:0b:36:f0:a6:40:2a:1f:8f:66:60:2d:53:ba:01:5f:
         de:8a:4f:6b:a6:f5:af:d4:3a:89:94:f9:5e:db:4c:fe:03:81:
         97:7c:40:d0:31:9c:80:54:dd:09:49:b7:e3:41:b4:b6:14:1b:
         cf:f1:70:71:45:2e:32:fa:9d:b6:84:a2:fc:d9:c3:1f:59:de:
         81:5b:aa:06
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUNMiJQWsfBxuu0mULgh4vpZV12+cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MzJaFw0yNjA3MDIxNTUxMzJaMDMxMTAvBgNV
BAMTKDcyOTgxODU5MjdBMjA4MDEwRUIwMkFBRjRCMDIxRUI3OTcyNUEwNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuin0N+3zyNq6M+w3BDV9dIm8m
CQLz5agSJcDiuvHIFu1mBL1HgwEpcPxOMJf/albfyzgqbnQPkGnAEZcIC462B4Cu
gtry0Fubm6rOM11gqQSxdaSsIavluVrFrdhikBT601eCuxX2hhyeak0HeG+rqQ7l
/+ncD03pROZY5ssI7Gueh5EguVy6bCQB/HBFD2QDdR4ntr7qYnvI8Mu/ncPKIUUC
by2DuI8OJVYOi570+7xJVWMfZHjE5eVQAA6Fzy3jN31vkk42ZrBzW5tL+yuvMoNb
2rJrNL2jZJlvKs3GY7llyQTBFJR+l15SPnSSgotANQRHE78VlRLCr+xYZgKLAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUcpgYWSeiCAEOsCqvSwIet5cloFUwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA5NzA5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQCuezUMA0GCSqGSIb3DQEBCwUAA4IBAQAZCdrpAIWq
7039I6rM7bnvdE3UQ9pOpMPjl2hXd+DM6GXZQROqCPPBImvKLOrYrefWkxy8B3sd
xGMuANlmhOFpcRgQAcG+URwIzRRgAJGAYiJAvWizoIOWOf7bPpqg16T+ePpeHZZC
oe0l7SymhJFhzTc2dYq6jEvZudKThZFg8dha6ZL4yiQj7I8HPOW8ObMU++H5/o8u
0c9SYsSHscTj8xeBzoby2/yOgkXTcu7G3tkBAJxkeGwLNvCmQCofj2ZgLVO6AV/e
ik9rpvWv1DqJlPle20z+A4GXfEDQMZyAVN0JSbfjQbS2FBvP8XBxRS4y+p22hKL8
2cMfWd6BW6oG
-----END CERTIFICATE-----