Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS213482.roa
File:                     AS213482.roa (raw, json)
Hash identifier:          OQk3kOd++0DAdQptJwouF/rRoe6O8V9U9o5rkHzyP7g=
Subject key identifier:   46:75:21:A7:AB:05:15:AC:A4:3F:9A:46:11:8F:76:AB:29:E9:0F:80
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       58B146575FC36937E458FD3E98259934A06C955F
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS213482.roa
Signing time:             Tue 31 Mar 2026 18:38:44 +0000
ROA not before:           Tue 31 Mar 2026 18:33:44 +0000
ROA not after:            Tue 30 Mar 2027 18:38:44 +0000
asID:                     213482
IP address blocks:        153.76.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 Apr 2026 14:30:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:b1:46:57:5f:c3:69:37:e4:58:fd:3e:98:25:99:34:a0:6c:95:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Mar 31 18:33:44 2026 GMT
            Not After : Mar 30 18:38:44 2027 GMT
        Subject: CN=467521A7AB0515ACA43F9A46118F76AB29E90F80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c0:05:e3:d8:78:d9:08:fa:49:96:3e:3e:3f:
                    3f:24:d3:95:3e:16:52:91:de:85:e5:a5:21:bc:e8:
                    e1:05:e2:77:4b:4b:87:69:c7:ca:93:28:98:38:4a:
                    56:74:07:7a:2f:ae:95:6c:6d:59:06:d1:ca:39:73:
                    68:e4:78:ad:30:b3:8a:d1:5c:7d:88:a7:6b:76:35:
                    aa:20:d5:9f:b4:3a:7a:b3:b2:25:98:46:14:c7:e5:
                    b1:b0:2b:5e:ee:68:25:9b:6f:82:26:bf:a7:a8:db:
                    c0:e5:cf:81:00:43:fe:51:4a:bb:39:73:ac:00:aa:
                    4a:d6:f8:d1:a6:8d:8c:3d:dd:c0:a8:61:3b:1d:74:
                    8e:f7:d0:fb:a6:8e:ee:70:7b:7f:ed:bd:6e:87:0b:
                    b6:e9:14:a3:f7:53:05:b8:ce:0b:76:8f:01:eb:6f:
                    32:70:cf:fa:f8:47:f1:e3:be:18:57:09:9f:fc:e6:
                    00:c7:b3:9a:31:7c:c8:a7:7f:76:c4:a9:13:4a:0b:
                    89:6f:c6:0e:77:e5:32:f7:8b:a7:32:71:35:e1:12:
                    a0:17:80:41:6f:35:d7:00:db:03:54:9a:95:cc:5c:
                    61:d6:b6:69:ff:34:f8:c5:91:e0:ef:a4:c8:c9:2b:
                    fe:cb:7a:e9:e9:bf:11:cf:00:91:74:97:a6:76:07:
                    50:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:75:21:A7:AB:05:15:AC:A4:3F:9A:46:11:8F:76:AB:29:E9:0F:80
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS213482.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.76.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:55:99:a5:42:34:00:f8:b3:75:2c:14:df:d7:62:1d:01:66:
         89:57:16:25:b4:db:77:e6:f7:1d:f2:00:35:a7:49:a3:6f:41:
         a8:01:f8:78:aa:a1:a0:cc:a0:c3:9d:e1:22:9b:5e:93:93:0d:
         55:87:59:2d:78:0e:52:a2:92:8c:dd:ac:7d:24:a9:14:ea:46:
         6d:6f:22:2b:1c:fa:26:62:4f:e5:f6:0b:d3:bb:24:44:f8:aa:
         c6:4f:eb:bc:ec:04:d1:f3:93:fb:4b:ec:2a:80:f7:36:96:77:
         d8:e3:d3:58:33:52:3d:db:3f:a7:59:7e:e7:5d:4c:49:0d:15:
         cf:9c:7f:89:b4:b4:75:15:73:c1:2e:a9:8f:41:df:10:0b:4f:
         3c:98:aa:92:a3:b5:78:b8:bd:95:24:dd:29:40:f6:fd:e0:56:
         2c:c7:e2:14:aa:be:83:a1:a6:3c:0d:72:b7:97:d7:42:4c:20:
         0b:02:a1:04:71:71:18:56:18:7c:78:4d:80:2d:fb:3d:f6:fb:
         c3:63:5a:c4:16:1b:a7:a6:86:59:df:fd:71:31:ca:21:61:ad:
         da:d4:81:41:46:9f:2b:9f:37:dd:0d:63:a4:14:a5:55:8a:55:
         7d:91:7a:c6:f4:23:c7:d3:19:39:24:1e:c2:e9:72:c9:e8:d9:
         e4:a9:a1:e8
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUWLFGV1/DaTfkWP0+mCWZNKBslV8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjAzMzExODMzNDRaFw0yNzAzMzAxODM4NDRaMDMxMTAvBgNV
BAMTKDQ2NzUyMUE3QUIwNTE1QUNBNDNGOUE0NjExOEY3NkFCMjlFOTBGODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOwAXj2HjZCPpJlj4+Pz8k05U+
FlKR3oXlpSG86OEF4ndLS4dpx8qTKJg4SlZ0B3ovrpVsbVkG0co5c2jkeK0ws4rR
XH2Ip2t2Naog1Z+0OnqzsiWYRhTH5bGwK17uaCWbb4Imv6eo28Dlz4EAQ/5RSrs5
c6wAqkrW+NGmjYw93cCoYTsddI730Pumju5we3/tvW6HC7bpFKP3UwW4zgt2jwHr
bzJwz/r4R/HjvhhXCZ/85gDHs5oxfMinf3bEqRNKC4lvxg535TL3i6cycTXhEqAX
gEFvNdcA2wNUmpXMXGHWtmn/NPjFkeDvpMjJK/7LeunpvxHPAJF0l6Z2B1DhAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQURnUhp6sFFaykP5pGEY92qynpD4AwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjEzNDgyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAmUxxMA0GCSqGSIb3DQEBCwUAA4IBAQAZVZmlQjQA
+LN1LBTf12IdAWaJVxYltNt35vcd8gA1p0mjb0GoAfh4qqGgzKDDneEim16Tkw1V
h1kteA5SopKM3ax9JKkU6kZtbyIrHPomYk/l9gvTuyRE+KrGT+u87ATR85P7S+wq
gPc2lnfY49NYM1I92z+nWX7nXUxJDRXPnH+JtLR1FXPBLqmPQd8QC088mKqSo7V4
uL2VJN0pQPb94FYsx+IUqr6DoaY8DXK3l9dCTCALAqEEcXEYVhh8eE2ALfs99vvD
Y1rEFhunpoZZ3/1xMcohYa3a1IFBRp8rnzfdDWOkFKVVilV9kXrG9CPH0xk5JB7C
6XLJ6NnkqaHo
-----END CERTIFICATE-----