Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS213438.roa
File:                     AS213438.roa (raw, json)
Hash identifier:          QxOdbf/Ex2oc0aIqN2qWWmm1We8G4MwQFuG061Gp3Ck=
Subject key identifier:   95:A3:52:B6:9C:01:68:A0:2A:8C:31:EF:FF:D9:08:9F:F3:45:D3:9B
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       7017B2B8FBE2F90BCE0011BE0426DDCEA5AE3BAF
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS213438.roa
Signing time:             Thu 04 Jun 2026 15:58:52 +0000
ROA not before:           Thu 04 Jun 2026 15:53:52 +0000
ROA not after:            Thu 03 Jun 2027 15:58:52 +0000
asID:                     213438
IP address blocks:        5.253.84.0/24 maxlen: 24
                          5.253.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 07:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:17:b2:b8:fb:e2:f9:0b:ce:00:11:be:04:26:dd:ce:a5:ae:3b:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:52 2026 GMT
            Not After : Jun  3 15:58:52 2027 GMT
        Subject: CN=95A352B69C0168A02A8C31EFFFD9089FF345D39B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:8f:06:c2:90:9b:21:28:57:b3:56:1f:00:8b:
                    29:72:15:82:01:fe:86:65:ea:d0:ca:98:dc:2c:b7:
                    1f:c7:b4:d6:84:78:13:8f:95:c8:7e:c0:37:38:1b:
                    85:bc:60:ca:5b:3b:f6:3b:a0:ae:59:3e:06:de:22:
                    a2:5a:dd:97:bc:f1:d1:05:0a:d6:64:0a:bc:74:db:
                    7b:a7:a5:ff:e1:88:3f:c3:8b:87:ca:d8:a4:c8:85:
                    00:81:e4:60:a9:1b:e9:ab:87:45:ea:f6:09:58:03:
                    03:82:f0:52:8b:f3:7a:3f:b6:24:d4:5e:10:b8:de:
                    63:8f:71:a6:48:f9:77:7f:9a:17:f6:8d:04:b2:0e:
                    cc:7f:97:47:c2:81:86:54:9f:5f:a1:33:be:19:db:
                    96:ab:d3:0e:5e:5e:f9:0e:64:b7:1c:b9:87:b8:5b:
                    ae:ff:54:54:bc:06:0a:cd:39:29:a5:21:db:71:df:
                    7c:90:cf:4e:a1:0a:d1:fd:5b:bd:ce:47:36:2c:d5:
                    45:60:95:c4:18:d5:35:8e:a2:16:b3:62:91:b7:ed:
                    19:f6:b9:65:c4:e2:b2:2b:6a:96:ae:34:51:44:c7:
                    d3:48:d9:f5:b0:1c:da:bc:b2:7b:42:f0:ac:91:5c:
                    5b:96:ea:d2:b0:1b:e5:21:14:27:f2:3a:45:92:03:
                    8a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:A3:52:B6:9C:01:68:A0:2A:8C:31:EF:FF:D9:08:9F:F3:45:D3:9B
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS213438.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.84.0/24
                  5.253.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:f4:25:48:8d:d0:0f:72:93:61:9b:26:89:ed:00:a2:96:9c:
         22:cd:60:8c:67:1d:ff:b1:8b:22:a3:0f:37:98:a6:b1:eb:55:
         63:a5:f1:b5:05:63:70:9a:fc:5b:84:a5:27:fe:1d:00:0b:60:
         86:58:e5:ff:35:c3:a9:08:ce:8e:41:0c:07:e7:1a:19:27:f8:
         4e:c0:c3:4d:37:c6:eb:4f:0e:29:01:4c:1d:f5:28:6e:b7:fa:
         44:50:dd:aa:2c:1c:d5:70:82:7c:85:1e:fa:db:62:3f:11:d2:
         34:67:a1:1b:aa:32:5b:e5:54:a9:ff:f7:56:90:36:9a:23:47:
         cf:12:af:b7:d7:92:59:30:8b:fb:70:98:af:6c:e6:b4:15:cf:
         3f:5d:82:43:fe:fd:26:9b:17:85:82:47:ad:ce:c0:6b:cb:10:
         e1:1c:9a:51:de:be:fe:7c:b6:34:4c:21:34:1d:84:35:30:68:
         5e:83:d0:19:16:70:4d:f4:1f:36:ed:a4:cc:02:6c:2e:37:36:
         23:70:ad:c1:98:47:63:7f:0b:c8:a8:e1:ba:c5:7a:7f:98:ab:
         b6:6f:f5:07:7c:44:1e:92:ff:af:c1:65:8e:8f:f4:c6:6e:a7:
         9c:33:24:de:9d:50:05:d5:da:ad:ab:0c:86:bb:15:73:06:7e:
         78:83:21:fc
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUcBeyuPvi+QvOABG+BCbdzqWuO68wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTJaFw0yNzA2MDMxNTU4NTJaMDMxMTAvBgNV
BAMTKDk1QTM1MkI2OUMwMTY4QTAyQThDMzFFRkZGRDkwODlGRjM0NUQzOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDejwbCkJshKFezVh8AiylyFYIB
/oZl6tDKmNwstx/HtNaEeBOPlch+wDc4G4W8YMpbO/Y7oK5ZPgbeIqJa3Ze88dEF
CtZkCrx023unpf/hiD/Di4fK2KTIhQCB5GCpG+mrh0Xq9glYAwOC8FKL83o/tiTU
XhC43mOPcaZI+Xd/mhf2jQSyDsx/l0fCgYZUn1+hM74Z25ar0w5eXvkOZLccuYe4
W67/VFS8BgrNOSmlIdtx33yQz06hCtH9W73ORzYs1UVglcQY1TWOohazYpG37Rn2
uWXE4rIrapauNFFEx9NI2fWwHNq8sntC8KyRXFuW6tKwG+UhFCfyOkWSA4qHAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUlaNStpwBaKAqjDHv/9kIn/NF05swHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjEzNDM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEH
AQH/BBYwFDASBAIAATAMAwQABf1UAwQABf1WMA0GCSqGSIb3DQEBCwUAA4IBAQCP
9CVIjdAPcpNhmyaJ7QCilpwizWCMZx3/sYsiow83mKax61VjpfG1BWNwmvxbhKUn
/h0AC2CGWOX/NcOpCM6OQQwH5xoZJ/hOwMNNN8brTw4pAUwd9Shut/pEUN2qLBzV
cIJ8hR7622I/EdI0Z6EbqjJb5VSp//dWkDaaI0fPEq+315JZMIv7cJivbOa0Fc8/
XYJD/v0mmxeFgketzsBryxDhHJpR3r7+fLY0TCE0HYQ1MGheg9AZFnBN9B827aTM
AmwuNzYjcK3BmEdjfwvIqOG6xXp/mKu2b/UHfEQekv+vwWWOj/TGbqecMyTenVAF
1dqtqwyGuxVzBn54gyH8
-----END CERTIFICATE-----