Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214188.roa
File:                     AS214188.roa (raw, json)
Hash identifier:          IKjR4IpmYMNPFvA+6AMQvISaeXk4UFstBFdjktByM/A=
Subject key identifier:   16:39:55:2E:8B:7E:1F:88:E0:CA:69:62:C2:68:26:A3:CC:C5:78:F0
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       3CB69E4B855F630537AC9F1CCFCAF2FC58E86AE8
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214188.roa
Signing time:             Thu 03 Jul 2025 15:51:47 +0000
ROA not before:           Thu 03 Jul 2025 15:46:47 +0000
ROA not after:            Thu 02 Jul 2026 15:51:47 +0000
asID:                     214188
IP address blocks:        185.195.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:b6:9e:4b:85:5f:63:05:37:ac:9f:1c:cf:ca:f2:fc:58:e8:6a:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:47 2025 GMT
            Not After : Jul  2 15:51:47 2026 GMT
        Subject: CN=1639552E8B7E1F88E0CA6962C26826A3CCC578F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ee:6b:34:90:45:07:e6:9b:38:ad:51:8a:d5:
                    b4:1d:d9:2b:66:ac:8e:67:20:ad:05:ab:23:ee:e5:
                    d0:20:c8:69:a3:87:f7:de:3a:6a:91:e4:41:cb:55:
                    d0:dc:1c:8c:70:9b:3c:da:60:d9:d6:4f:87:6e:c0:
                    0a:0f:0d:52:99:ab:b2:87:91:2a:36:cd:77:a1:0b:
                    7a:25:4e:55:86:96:14:c4:52:fb:06:72:18:55:62:
                    a6:52:b2:38:64:6a:43:c7:af:5b:9f:e3:5a:b1:d5:
                    b5:73:3f:06:07:53:af:6c:76:17:b4:d3:e6:e1:0b:
                    b9:a9:a7:74:26:95:bc:8e:ab:8f:56:46:3c:9e:04:
                    d9:da:c0:94:36:e1:2d:34:20:18:75:55:8f:29:80:
                    c0:ab:b9:26:71:d0:27:e5:81:2e:29:72:cc:e1:85:
                    75:8c:46:82:75:e2:b6:e5:2f:6f:ed:af:2a:a5:5c:
                    52:24:60:5b:31:5d:f8:4c:a4:25:9b:18:be:f3:3f:
                    be:b8:2a:4d:c8:9c:2f:78:6d:54:60:f2:3e:98:27:
                    f5:88:31:c6:f3:e7:fe:53:e7:73:02:28:93:83:a3:
                    4f:18:39:f7:8b:78:41:40:9e:f4:25:f2:5c:e7:13:
                    bf:57:11:ce:99:cb:08:07:2a:33:57:11:9b:4c:d9:
                    01:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:39:55:2E:8B:7E:1F:88:E0:CA:69:62:C2:68:26:A3:CC:C5:78:F0
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214188.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:90:53:a1:f8:8a:73:21:7c:c0:fb:58:ef:8d:ef:37:67:b5:
         23:ad:e0:c3:0f:78:97:59:c9:c6:21:37:db:24:51:58:ae:de:
         ce:1c:bc:59:0e:4f:c8:d4:dd:eb:4f:b9:4d:4b:07:65:82:a5:
         58:ae:27:2e:e9:f4:17:e6:66:f4:9c:11:e6:28:ad:a4:3e:4e:
         c2:36:06:0b:2f:96:c6:26:a3:5c:59:36:2d:e8:aa:cd:e8:7e:
         83:12:6d:f3:8a:10:d7:11:73:78:46:ff:f6:bf:39:72:66:4b:
         58:e9:af:d0:3c:75:b1:de:04:ef:77:7c:e5:33:3a:fa:ae:e0:
         ca:81:b2:dc:6b:13:42:5d:67:ba:97:97:f5:0a:43:85:d5:ac:
         e9:77:b1:5f:51:c1:e2:5b:72:db:9a:63:96:6a:79:6f:ae:b6:
         fa:27:e8:6e:bf:a7:1b:16:e4:0a:3d:e2:4a:bb:05:7e:4e:61:
         c5:bc:71:61:84:e4:94:b6:be:27:6b:1a:b2:4a:c4:58:e5:2e:
         21:e1:9c:db:c5:cf:81:6f:a8:3a:22:96:62:a4:bb:e8:a3:99:
         d4:75:cc:ed:e7:28:10:8c:8d:09:13:b6:2a:1e:a0:99:2c:30:
         95:11:46:a4:3d:69:d8:53:ca:8e:9f:06:be:50:29:05:ad:28:
         34:46:97:60
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUPLaeS4VfYwU3rJ8cz8ry/FjoaugwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2NDdaFw0yNjA3MDIxNTUxNDdaMDMxMTAvBgNV
BAMTKDE2Mzk1NTJFOEI3RTFGODhFMENBNjk2MkMyNjgyNkEzQ0NDNTc4RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz7ms0kEUH5ps4rVGK1bQd2Stm
rI5nIK0FqyPu5dAgyGmjh/feOmqR5EHLVdDcHIxwmzzaYNnWT4duwAoPDVKZq7KH
kSo2zXehC3olTlWGlhTEUvsGchhVYqZSsjhkakPHr1uf41qx1bVzPwYHU69sdhe0
0+bhC7mpp3QmlbyOq49WRjyeBNnawJQ24S00IBh1VY8pgMCruSZx0CflgS4pcszh
hXWMRoJ14rblL2/tryqlXFIkYFsxXfhMpCWbGL7zP764Kk3InC94bVRg8j6YJ/WI
Mcbz5/5T53MCKJODo08YOfeLeEFAnvQl8lznE79XEc6ZywgHKjNXEZtM2QGDAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUFjlVLot+H4jgymliwmgmo8zFePAwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE0MTg4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAucPuMA0GCSqGSIb3DQEBCwUAA4IBAQC5kFOh+Ipz
IXzA+1jvje83Z7UjreDDD3iXWcnGITfbJFFYrt7OHLxZDk/I1N3rT7lNSwdlgqVY
ricu6fQX5mb0nBHmKK2kPk7CNgYLL5bGJqNcWTYt6KrN6H6DEm3zihDXEXN4Rv/2
vzlyZktY6a/QPHWx3gTvd3zlMzr6ruDKgbLcaxNCXWe6l5f1CkOF1azpd7FfUcHi
W3LbmmOWanlvrrb6J+huv6cbFuQKPeJKuwV+TmHFvHFhhOSUtr4naxqySsRY5S4h
4Zzbxc+Bb6g6IpZipLvoo5nUdczt5ygQjI0JE7YqHqCZLDCVEUakPWnYU8qOnwa+
UCkFrSg0Rpdg
-----END CERTIFICATE-----