Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS213535.roa
File:                     AS213535.roa (raw, json)
Hash identifier:          YHv+0L7JuOJGL2qV/E5tHSb1AnQZCU8dLTyoZ3A1MnM=
Subject key identifier:   26:31:F3:89:47:D4:80:8A:ED:29:4C:BA:53:07:7D:ED:AC:77:40:5D
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       474A7FA3A9AF84B3244E6286AFF7C5AED96DDAB9
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS213535.roa
Signing time:             Tue 31 Mar 2026 18:47:27 +0000
ROA not before:           Tue 31 Mar 2026 18:42:27 +0000
ROA not after:            Tue 30 Mar 2027 18:47:27 +0000
asID:                     213535
IP address blocks:        153.76.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 Apr 2026 14:30:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:4a:7f:a3:a9:af:84:b3:24:4e:62:86:af:f7:c5:ae:d9:6d:da:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Mar 31 18:42:27 2026 GMT
            Not After : Mar 30 18:47:27 2027 GMT
        Subject: CN=2631F38947D4808AED294CBA53077DEDAC77405D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:99:96:c6:94:90:a4:a7:b4:de:da:3c:1c:7f:
                    39:30:43:2c:ee:a9:15:6d:3c:dd:77:d5:61:fe:3c:
                    71:06:c1:aa:39:23:f4:fd:4c:fb:0f:83:98:c6:32:
                    d6:f8:ad:13:92:13:00:46:51:38:fa:2a:0f:0e:6d:
                    99:ee:b9:69:85:8b:f8:f1:5b:1f:ac:12:6e:36:50:
                    a9:4b:c9:0a:a1:ea:43:43:4c:cd:0c:a2:c2:d5:90:
                    ec:73:f6:85:0a:e3:06:7f:f3:4d:37:1b:16:ad:ce:
                    6e:c8:8c:5d:d2:f3:3b:dd:dc:b7:1a:0d:81:6f:04:
                    f1:60:cb:5a:02:80:05:10:2b:8a:38:99:c8:49:c9:
                    f4:53:87:94:23:14:4f:dd:63:36:c7:be:48:a6:71:
                    1d:d8:fa:f1:b9:82:46:03:b8:0b:b1:99:e8:62:7a:
                    bf:1d:3a:32:10:88:fd:4a:4e:27:8c:70:d3:cd:22:
                    3a:11:3d:9b:e5:86:13:3d:98:4c:aa:24:17:36:c9:
                    b5:71:23:aa:fd:11:c9:b6:62:cc:de:2c:65:32:c5:
                    38:5e:a3:6e:32:78:20:51:ce:86:ae:e2:e8:46:a5:
                    50:43:d5:8f:16:61:e0:2d:19:f2:d5:25:39:3c:4a:
                    cb:ff:6b:58:bc:3b:df:15:7f:e2:50:b1:45:9f:27:
                    89:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:31:F3:89:47:D4:80:8A:ED:29:4C:BA:53:07:7D:ED:AC:77:40:5D
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS213535.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.76.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:91:6d:f9:9f:46:af:b3:42:35:bf:6a:6a:00:50:85:48:17:
         10:31:22:59:9b:aa:93:d8:28:f8:b7:79:9d:e5:f2:a2:d7:7e:
         57:98:5c:f3:27:6b:33:61:0a:23:29:1a:9e:5d:89:34:81:75:
         49:68:e4:3d:c2:eb:9a:8e:b0:4c:ab:74:41:e0:df:6a:f6:34:
         26:17:41:76:8e:17:1a:a6:1d:4f:ef:f0:1c:c3:91:72:00:65:
         9b:77:9c:18:18:12:93:c0:5d:39:9b:3a:07:55:e7:d9:07:41:
         5c:fa:b1:76:37:15:62:c5:79:8d:4a:5a:60:05:10:e3:7f:9c:
         14:24:9e:30:dc:f3:1b:ee:ab:9d:95:93:89:f2:bb:52:49:09:
         2c:6a:b3:49:db:47:d6:15:db:a3:d5:1d:58:22:f9:0a:ce:18:
         1e:c4:2b:b9:1f:0b:c8:df:f8:c4:16:4f:c7:c1:8c:04:b1:2e:
         af:3f:6e:f8:e8:eb:a8:46:0b:f0:72:17:be:3f:95:0b:e0:9e:
         52:59:61:0b:45:14:9d:57:4c:f5:51:03:d8:d8:e7:32:e1:53:
         f7:5e:ac:02:86:bc:0a:46:9d:9a:ac:ea:81:86:db:b6:35:5e:
         4c:c1:cb:66:e7:ba:6e:2c:b2:5c:75:eb:b7:c2:4c:86:8f:31:
         24:9a:69:fd
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUR0p/o6mvhLMkTmKGr/fFrtlt2rkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjAzMzExODQyMjdaFw0yNzAzMzAxODQ3MjdaMDMxMTAvBgNV
BAMTKDI2MzFGMzg5NDdENDgwOEFFRDI5NENCQTUzMDc3REVEQUM3NzQwNUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbmZbGlJCkp7Te2jwcfzkwQyzu
qRVtPN131WH+PHEGwao5I/T9TPsPg5jGMtb4rROSEwBGUTj6Kg8ObZnuuWmFi/jx
Wx+sEm42UKlLyQqh6kNDTM0MosLVkOxz9oUK4wZ/8003Gxatzm7IjF3S8zvd3Lca
DYFvBPFgy1oCgAUQK4o4mchJyfRTh5QjFE/dYzbHvkimcR3Y+vG5gkYDuAuxmehi
er8dOjIQiP1KTieMcNPNIjoRPZvlhhM9mEyqJBc2ybVxI6r9Ecm2YszeLGUyxThe
o24yeCBRzoau4uhGpVBD1Y8WYeAtGfLVJTk8Ssv/a1i8O98Vf+JQsUWfJ4lFAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUJjHziUfUgIrtKUy6Uwd97ax3QF0wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjEzNTM1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAmUxwMA0GCSqGSIb3DQEBCwUAA4IBAQATkW35n0av
s0I1v2pqAFCFSBcQMSJZm6qT2Cj4t3md5fKi135XmFzzJ2szYQojKRqeXYk0gXVJ
aOQ9wuuajrBMq3RB4N9q9jQmF0F2jhcaph1P7/Acw5FyAGWbd5wYGBKTwF05mzoH
VefZB0Fc+rF2NxVixXmNSlpgBRDjf5wUJJ4w3PMb7qudlZOJ8rtSSQksarNJ20fW
Fduj1R1YIvkKzhgexCu5HwvI3/jEFk/HwYwEsS6vP2746OuoRgvwche+P5UL4J5S
WWELRRSdV0z1UQPY2Ocy4VP3XqwChrwKRp2arOqBhtu2NV5Mwctm57puLLJcdeu3
wkyGjzEkmmn9
-----END CERTIFICATE-----